Sunday, May 30, 2010

Optimize Your Windows 7 With Tweak-7

Optimize Your Windows 7 With Tweak-7 

Tweak-7 is everything you need to customize and tweak Windows 7 to fit your needs. From start menu, to desktop tweaks, from taskbar customization to system tweaks.It gives you access to whatever you might need to keep your Windows 7 running smoothly, error free, and under your full control which includes  system restrictions, system cleanup,  and system tweaking.



Tweak-7 includes an internet connection analyzer, which automatically inspects your internet connection to speed it up by up to 25% - this incredible new feature is a must for every Windows 7 user used to browse the net at high speed!
Features
  1. Activate hundreds of hidden Windows 7 settings to get the most out of your Windows 7
  2. Clean your registry with the integrated Registry Cleaner and Registry Defragmentation
  3. Activate system and software restrictions - you decide what should be accessible or not
  4. Display detailed 3D system information
  5. Create a 256 MB RAM drive for fastest access (32bit systems only!)
  6. Customize whatever is customizable in Windows 7
  7. Clean your hard drive and remove unnecessary files to get wasted hard drive space back - save hundreds of GB.
  8. Optimize memory management and memory usage
  9. Improve your internet connection by a few mouse clicks
  10. Optimize your CPU with special CPU tweaks
  11. Tweak your network with network speed-up settings
  12. Manage system updates, remove update backups, remove old system restore points
  13. Transfer your tweaks and settings to other machines running Windows 7 and Tweak
Download:  Tweak-7 1.0 Build 1040 | Shareware | 22MB

Top 10 Free Antivirus Programs

Top 10 Free Antivirus Programs

Virus protection is serious concern for every one  of us.A lot of  Antivirus applications available  in net ,  with those   you can stay secure. But if you are looking for options which are free and can still keep you secured then here is a list of the best Antivirus applications


01.Microsoft Security Essentials
02.Avast! Free Antivirus
03.Free AVG Antivirus
04.Bitdefender
05.Avira AntiVir Personal
06.Comodo Antivirus + Firewall
07.A - Squared Free
08.Rising Antivirus
09.PC Tools Antivirus
10.Spyware Doctor with Antivirus 2010

 

Easy Way to Send Big Files With "WeTransfer"

Easy Way to Send Big Files With "WeTransfer"
In recent days sending large files is not a cumbersome work.There are a lot of free services available in net.But email is not one of the way to transfer big files over the internet.WeTransfer is a new service which  offers a simple and easy way to send big files to anyone online.You can add multiple files like your videos, music, photo albums or documents up to 2 GB.It allows you to upload files via the browser and  you can  fill out up to 20 email addresses of the people you want to send the files

Features
  1. It is a  free service
  2. You can send large files up to 2 GB
  3. No registration needed
  4. Files & Emails data kept private
  5. Files available for 2 weeks
  6. Up to 20 receivers/transfer 
Your files are automatically scanned for viruses before they’re safely stored on their servers.When the transferring is finished  you’ll be send a confirmation notice to your email saying that your friend has been sent an email with a link to your file.
Check it out : WeTransfer

Unify All Your Communication Channels With VoxOx

Unify All Your Communication Channels With VoxOx

These days communication is getting complicated.Everyone use a lots of tools like instant messaging services , e-mails and social networks etc to stay in touch .Keeping track of all the different networks and media you use to keep in touch these days can be more time-consuming and cumbersome.Here is a free application called VoxOx, that provides access to a variety of communication services.It looks sleek and includes more features than most competitors like Digsby,Skype.

With  VoxOx ,you can use it to chat with your friends on Facebook,Twitter, Google Talk,YahooIM , SMS, and more. It  lets you to  make calls from PC to PC, as well as from PCs to landlines and mobile phones.The application comes with 2 hours of free calling time, and assigns you a VoxOx phone number.Placing calls is as easy as dialing a number, but voice quality will vary depending on the speed of your Internet connection and the quality of your headset. With your free VoxOx phone number , you can also fax. Just click the fax button, and choose the PDF or word document you want to send.

You can send  your photo albums, music files or large documents with a VoxOx download link. No more missed deliveries or crowded inboxes, and it’s super easy to include the link in an email, chat, text or IM.In this way it unifies most of the  communication channels - video, instant messaging ,file sharing and social networking,text, social media, e-mail, fax and content sharing.In nutshell  it is a one-stop shop for your communications .
Try Voxox   (http://www.voxox.com/home.php)

Friday, May 14, 2010

Common used Abbrevations in LAN

Common used Abbrevations in LAN


A
AGP
Accelerated Graphics Port
API
Application Program Interface
ARP
Address Resolution Protocol See RARP
ATA
AT Attachement Interface See IDE
ATAPI
AT Attachment Packet Interface
ATM
Asynchronous Transfer Mode

----------------------------------------------------------------------
C
CBT
Computer Based Training
CCIT
Consultative Committee for International Telegraph and Telephone See ITU
CITS
Combat Information Transfer System
CNE
Certified Novell Engineer
CPU
Central Processing Unit
CSMA
Carrier-Sense Multiple Access
CTS
Clear To Send

----------------------------------------------------------------------
D
DCE
Data Circuit Equipment (Modem)
DDP
Digital Data Processor
DHCP
Dynamic Host Configuration Protocol
DMA
Direct memory Access
DOS
Disk Operating System
DNS
Domain Name System
DSR
Data Set Ready
DTE
Data Terminal Equipment (Computer)
DTR
Data Terminal Ready

----------------------------------------------------------------------
E
EDO
Extended Data Output
EIDE
Enhanced Integrated Drive Electronics
EISA
Extended Industry Standard Architecture
ESD
ElectroStatic Discharge

----------------------------------------------------------------------
F
FAT
File Allocation Table
FDDI
Fiber Distributed Data Interface
FIFO
First In First Out
FSK
Frequency Shift Keying
FTP
File Transfer Protocol

----------------------------------------------------------------------
H
HTML
Hypertext Markup Language
HTTP
Hypertext Transfer Protocol

----------------------------------------------------------------------
I
IDE
Integrated Drive Electronics See also EIDE
IEEE
Institute of Electronic and Electrical Engineers
IIS
Internet Information Services
IP
Internet Protocol
ISA
Industry Standard Architecture
ITU
International Telecommunications Union. Formerly CCIT

----------------------------------------------------------------------
L
LAN
Local Area Network
LCD
Liquid Crystal Display
LED
Light Emitting Diode

----------------------------------------------------------------------
M
MAC
Media Access Control
MAN
Metropolitan Area Network
MBR
Master Boot Record
MCSE
Microsoft Certified Systems Engineer
MODEM
Modulator Demodulator
MS-DOS
Microsoft Disk Operating System

----------------------------------------------------------------------
N
NDIS
Network Driver Interface Specification
NDS
NetWare Directory Services
NIC Card
Network Interface Control Card
NIPRNET
None Secure IP Router Network
NT
New Technologies

----------------------------------------------------------------------
O
ODI
Open Data-Link Interface

----------------------------------------------------------------------
P
.PAB
Personal address book file
PCI
Peripheral Component Interconnect
PCMCIA
Personal Computer Memory Card International Association
PING
Packet Internet Groper
.PST
Outlook archive file

----------------------------------------------------------------------
R
RARP
Reverse Address Resolution Protocol. See also ARP
RIP
Routing Information Protocol

----------------------------------------------------------------------
S
SAP
Service Advertising Protocol
SCSI
Small Computer System Interface
SIPRNET
Secret IP Router Network
SMTP
Simple Mail Transfer Protocol
SNMP
Simple Network Management Protocol
STP
Shielded Twisted Pair

----------------------------------------------------------------------
T
TCP
Transmission Control Protocol
TCP/IP
See IP and TCP
TFTP
Trivial File Transfer Protocol

----------------------------------------------------------------------
U
UART
Universal Asynchronous Receiver/Transmitter
UDP
User Datagram Protocol
UPS
Uninterruptible Power Supply
UTP
Unshielded Twisted Pair

----------------------------------------------------------------------
W
WAN
Wide Area Network
WINS
Windows Internet Naming Service
WWW
World Wide Web

How to Connect Two Computers in Network

How to Connect Two Computers in Network


.How to connect two computers in Windows XP. This will let you share files and folders, printers, play network games, etc...
Steps
Connect the two computers together either with a Crossover cable or a Hub/Switch to the ethernet card in your computer.
Set the IP address on both computers. Goto Start > Control Panel > Network Connections (choose switch to classic view if you cannot see network connections)
Look for your Local Area Connection ethernet adapter, right-click and choose properties.
Select Internet Protocol TCP/IP and choose properties.
Setup the IP as 192.168.1.1 and the subnet mask of 255.255.255. 0 on the first computer and 192.168.1.2 on the second with the same subnet mask.
Choose OK then OK/close again.

Tips
To share your files, right click on any folder and choose Sharing to make them shared.
You can also do this with your printers to be able to print from one computer while the printer is connected to the other.

Things You'll Need
A Crossover cable. This a Cat5 Ethernet Cable that the wires have been switched around to allow two computer only to talk to each other
OR, you can purchase a switch/hub with two Standard "Straight-Through" Ethernet Cables
Check to see if your computer has an Ethernet Adapter in the back of the computer. Most new computers have this. You can tell by the documentation from the computer or by looking at the back of the computer. It looks like a phone jack, but larger..

List of Network Commands

List of Network Commands

These are the list of the IP commands.

To Open : type cmd in run dialog box, or command prompt from the accessories.

Display Connection Configuration: ipconfig /all
Display DNS Cache Info Configuration: ipconfig /displaydns
Clear DNS Cache: ipconfig /flushdns
Release All IP Address Connections: ipconfig /release
Renew All IP Address Connections: ipconfig /renew
Re-Register the DNS connections: ipconfig /registerdns
Display DHCP Class Information: ipconfig /showclassid
Change/Modify DHCP Class ID: ipconfig /setclassid
Network Connections: control netconnections
Network Setup Wizard: netsetup.cpl
Trace IP address Route: tracert
Displays the TCP/IP protocol sessions: netstat
Display Local Route: route
Display Resolved MAC Addresses: arp
Display Name of Computer Currently on: hostname

What is PING?

Ping is a computer network tool used to test whether a particular host is reachable across an IP network. Ping works by sending ICMP “echo request” packets ("Ping?") to the target host and listening for ICMP “echo response” replies (sometimes dubbed "Pong!" as an analog from the Ping Pong table tennis sport.) Using interval timing and response rate, ping estimates the round-trip time (generally in milliseconds although the unit is often omitted) and packet loss (if any) rate between hosts.

The word ping is also frequently used as a verb or noun, where it can refer directly to the round-trip time, the act of running a ping program or measuring the round-trip time.

Mike Muuss wrote the program in December, 1983, as a tool to troubleshoot odd behavior on an IP network. He named it after the pulses of sound made by a sonar, since its operation is analogous to active sonar in submarines, in which an operator issues a pulse of energy (a network packet) at the target, which then bounces from the target and is received by the operator. Later David L. Mills provided a backronym, "Packet INternet Grouper (Groper)", also by other people "Packed IN(ternet) Gopher", after the small rodents.

The usefulness of ping in assisting the "diagnosis" of Internet connectivity issues was impaired from late inp 2003, when a number of Internet Service Providers filtered out ICMP Type 8 (echo request) messages at their network boundaries. This was partly due to the increasing use of ping for target reconnaissance, for example by Internet worms such as Welchia that flood the Internet with ping requests in order to locate new hosts to infect. Not only did the availability of ping responses leak information to an attacker, it added to the overall load on networks, causing problems to routers across the Internet.

There are two schools of thought concerning ICMP on the public Internet: those who say it should be largely disabled to enable network 'stealth', and those who say it should be enabled to allow proper Internet diagnostics.

These two schools of thought merge when considering intranet/extranet networks within the same organization. An example would be an organization which maintains 'buffer' network(s) to shield said net from the raw internet, such a network is usually described as a DMZ (after the military designation 'demilitarized zone'). In such a scenario an organization would maintain both a network(s) that would allow ICMP packets to radiate within the internal (trusted network), and disallow ICMP (ping) packets in a separated network that would more often than not include raw internet facing systems

What is VPN?

What is VPN?

A virtual private network (VPN) is a private communications network often used within a company, or by several companies or organizations, to communicate confidentially over a publicly accessible network. VPN message traffic can be carried over a public networking infrastructure (e.g. the Internet) on top of standard protocols, or over a service provider's private network with a defined Service Level Agreement (SLA) between the VPN customer and the VPN service provider.

Authentication mechanism
VPN involves two parts: the protected or "inside" network, which provides physical and administrative security to protect the transmission; and a less trustworthy, "outside" network or segment (usually through the Internet). Generally, a firewall sits between a remote user's workstation or client and the host network or server. As the user's client establishes the communication with the firewall, the client may pass authentication data to an authentication service inside the perimeter. A known trusted person, sometimes only when using trusted devices, can be provided with appropriate security privileges to access resources not available to general users.

Many VPN client programs can be configured to require that all IP traffic must pass through the tunnel while the VPN is active, for better security. From the user's perspective, this means that while the VPN client is active, all access outside their employer's secure network must pass through the same firewall as would be the case while physically connected to the office ethernet. This reduces the risk that an attacker might gain access to the secured network by attacking the employee's laptop: to other computers on the employee's home network, or on the public internet, it is as though the machine running the VPN client simply does not exist. Such security is important because other computers local to the network on which the client computer is operating may be untrusted or partially trusted. Even with a home network that is protected from the outside internet by a firewall, people who share a home may be simultaneously working for different employers over their respective VPN connections from the shared home network. Each employer would therefore want to ensure their proprietary data is kept secure, even if another computer in the local network gets infected with malware. And if a travelling employee uses a VPN client from a Wi-Fi access point in a public place, such security is even more important. However, the use of IPX/SPX is one way users might still be able to access local resources.

Types of VPN :-

Secure VPNs use cryptographic tunneling protocols to provide the intended confidentiality (blocking snooping and thus Packet sniffing), sender authentication (blocking identity spoofing), and message integrity (blocking message alteration) to achieve privacy. When properly chosen, implemented, and used, such techniques can provide secure communications over unsecured networks. This has been the usually intended purpose for VPN for some years.

Because such choice, implementation, and use are not trivial, there are many insecure VPN schemes available on the market.

Secure VPN technologies may also be used to enhance security as a "security overlay" within dedicated networking infrastructures.

Secure VPN protocols include the following:

IPsec (IP security) - commonly used over IPv4, and an obligatory part of IPv6.
SSL used either for tunneling the entire network stack, as in the OpenVPN project, or for securing what is, essentially, a web proxy. Although the latter is often called a "SSL VPN" by VPN vendors, it is not really a fully-fledged VPN in the usual sense. (See also TUN/TAP.)
PPTP (point-to-point tunneling protocol), developed jointly by a number of companies, including Microsoft.
L2TP (Layer 2 Tunnelling Protocol), which includes work by both Microsoft and Cisco.
L2TPv3 (Layer 2 Tunnelling Protocol version 3), a new release.
VPN-Q The machine at the other end of a VPN could be a threat and a source of attack; this has no necessary connection with VPN designs and has been usually left to system adminstration efforts. There has been at least one attempt to address this issue in the context of VPNs. On Microsoft ISA Server, an applications called QSS (Quarantine Security Suite) is available.
Some large ISPs now offer "managed" VPN service for business customers who want the security and convenience of a VPN but prefer not to undertake administering a VPN server themselves. In addition to providing remote workers with secure access to their employer's internal network, other security and management services are sometimes included as part of the package. Examples include keeping anti-virus and anti-spyware programs updated on each client's computer.

Trusted VPNs do not use cryptographic tunneling, and instead rely on the security of a single provider's network to protect the traffic. In a sense, these are an elaboration of traditional network and system administration work.

Multi-protocol label switching (MPLS) is often used to build trusted VPN.
L2F (Layer 2 Forwarding), developed by Cisco, can also be used.
[edit]
Characteristics in application
A well-designed VPN can provide great benefits for an organization. It can:

Extend geographic connectivity.
Improve security where data lines have not been ciphered.
Reduce operational costs versus traditional WAN.
Reduce transit time and transportation costs for remote users.
Simplify network topology in certain scenarios.
Provide global networking opportunities.
Provide telecommuter support.
Provide broadband networking compatibility.
Provide faster ROI (return on investment) than traditional carrier leased/owned WAN lines.
Show a good economy of scale.
Scale well, when used with a public key infrastructure.
However, since VPNs extend the "mother network" by such an extent (almost every employee) and with such ease (no dedicated lines to rent/hire), there are certain security implications that must receive special attention:

Security on the client side must be tightened and enforced, lest security be lost at any of a multitude of machines and devices. This has been termed, Central Client Administration, and Security Policy Enforcement. It is common for a company to require that each employee wishing to use their VPN outside company offices (eg, from home) first install an approved firewall (often hardware). Some organizations with especially sensitive data, such as healthcare companies, even arrange for an employee's home to have two separate WAN connections: one for working on that employer's sensitive data and one for all other uses.
The scale of access to the target network may have to be limited.
Logging policies must be evaluated and in most cases revised.
A single breach or failure can result in the privacy and security of the network being compromised. In situations in which a company or individual has legal obligations to keep information confidential, there may be legal problems, even criminal ones, as a result. Two examples are the HIPPA regulations in the US with regard to health data, and the more general European Union data privacy regulations which apply to even marketing and billing information and extend to those who share that data elsewhere.

Tunneling
Tunneling is the transmission of data through a public network in such a way that routing nodes in the public network are unaware that the transmission is part of a private network. Tunneling is generally done by encapsulating the private network data and protocol information within the public network protocol data so that the tunneled data is not available to anyone examining the transmitted data frames. Tunneling allows the use of public networks (eg, the Internet), to carry data on behalf of users as though they had access to a 'private network', hence the name.
Port forwarding is one aspect of tunneling in particular circumstances.

VPN security dialogs
The most important part of a VPN solution is security. The very nature of VPNs — putting private data on public networks — raises concerns about potential threats to that data and the impact of data loss. A Virtual Private Network must address all types of security threats by providing security services in the areas of:
Authentication (access control) - Authentication is the process of ensuring that a user or system is who the user claims to be. There are many types of authentication mechanisms, but they all use one or more of the following approaches:
something you know (eg, a login name, a password, a PIN),
something you have (eg, a computer readable token (eg, a Smartcard), a card key),
something you are (eg, fingerprint, retinal pattern, iris pattern, hand configuration, etc).
What is generally regarded as weak authentication makes use of one of these components, usually a login name/password sequence. Strong authentication is usually taken to combine at least two authentication components from different areas (i.e., two-factor authentication). But note that use of weak and strong in this context can be misleading. A stolen SmartCard and a shoulder-surfed login name / PIN sequence is not hard to achieve and will pass a strong authentication two-factor text handily. More seriously, stolen or lost security data (eg, on a backup tape, a laptop, or stolen by an employee) dangerously furthers many such attacks on most authentication schemes. There is no fully adequate technique for the authentication problem, including biometric ones.

What is DHCP?

What is DHCP?

DHCP (Dynamic Host Configuration Protocol) is a protocol that lets network administrators manage centrally and automate the assignment of IP (Internet Protocol) configurations on a computer network. When using the Internet's set of protocols (TCP/IP), in order for a computer system to communicate to another computer system it needs a unique IP address. Without DHCP, the IP address must be entered manually at each computer system. DHCP lets a network administrator supervise and distribute IP addresses from a central point. The purpose of DHCP is to provide the automatic (dynamic) allocation of IP client configurations for a specific time period (called a lease period) and to eliminate the work necessary to administer a large IP network.

Who Created DHCP?
DHCP was created by the Dynamic Host Configuration Working Group of the Internet Engineering Task Force (IETF: a volunteer organization which defines protocols for use on the Internet). As such, its definition is recorded in an Internet RFC (standard) and the Internet Activities Board (IAB) is asserting its status as to Internet Standardization.

Why Is DHCP Important?
When connected to a network, every computer must be assigned a unique address. However, when adding a machine to a network, the assignment and configuration of network (IP) addresses has required human action. The computer user had to request an address, and then the administrator would manually configure the machine. Mistakes in the configuration process are easy for novices to make, and can cause difficulties for both the administrator making the error as well as neighbors on the network. Also, when mobile computer users travel between sites, they have had to relive this process for each different site from which they connected to a network. In order to simplify the process of adding machines to a network and assigning unique IP addresses manually, there is a need to automate the task.
The introduction of DHCP alleviated the problems associated with manually assigning TCP/IP client addresses. Network administrators have quickly appreciated the importance, flexibility and ease-of-use offered in DHCP.

How Does DHCP Work?
When a client needs to start up TCP/IP operations, it broadcasts a request for address information. The DHCP server receives the request, assigns a new address for a specific time period (called a lease period) and sends it to the client together with the other required configuration information. This information is acknowledged by the client, and used to set up its configuration. The DHCP server will not reallocate the address during the lease period and will attempt to return the same address every time the client requests an address. The client may extend its lease with subsequent requests, and may send a message to the server before the lease expires telling it that it no longer needs the address so it can be released and assigned to another client on the network.

What Advantages Does DHCP Have Over Manual Configuration Methods?
The use of DHCP is highly recommended and there are a number of obvious reasons why you should use it. As mentioned before, there are two ways you can configure client addresses on a computer network, either manually or automatically. Manual configuration requires the careful input of a unique IP address, subnet mask, default router address and a Domain Name Server address. In an ideal world, manually assigning client addresses should be relatively straight forward and error free. Unfortunately, we do not live in an ideal world; computers are frequently moved and new systems get added to a network. Also if a major network resource, such as a router (which interconnects networks) changes network addresses, this could mean changing EVERY system's configuration. For a network administrator this process can be time consuming, tedious and error prone. Problems can occur when manually setting up your client machines, so if you have the option to set-up your client machines automatically, please do, as it will save you time and a lot of headaches.
DHCP has several major advantages over manual configurations. Each computer gets its configuration from a "pool" of available numbers automatically for a specific time period (called a leasing period), meaning no wasted numbers. When a computer has finished with the address, it is released for another computer to use. Configuration information can be administered from a single point. Major network resource changes (e.g. a router changing address), requires only the DHCP server be updated with the new information, rather than every system.

Can DHCP Provide Support For Mobile Users?
Yes. The benefits of dynamic addressing are especially helpful in mobile computing environments where users frequently change locations. Mobile users simply plug-in their laptop to the network, and receive their required configuration automatically. When moving to a different network using a DHCP server, then the configuration will be supplied by that network's server. No manual reconfiguration is required at all.


Are DHCP Servers Easy To Set-up And Administer?
DHCP Servers offer completely centralized management of all TCP/IP client configurations, including IP address, gateway address and DNS address. DHCP servers are easy to administer and can be set-up in just a few minutes. Client addresses are assigned automatically unlike static set-up which requires the manual input of client addresses which can be a time consuming and tedious task.


Are There Any Limitations That I Should Be Aware Of?
Some machines on your network need to be at fixed addresses, for example servers and routers. The DHCP server you choose should be capable of assigning pre-allocated addresses to these specific machines.
You need to be able to assign a machine to run the DHCP server continually as it must be available at all times when clients need IP access.
To avoid conflicts between addresses assigned by the DHCP server and those assigned manually, users should be discouraged, or preferably prevented, from reconfiguring their own IP addresses.
Some older operating systems do not support DHCP. If you have such systems you may be able to upgrade them. If this is not possible they may support the older BOOTP protocol, and a DHCP server can be chosen that will support this option.
For peace of mind, it is a good idea to decide what is important to you, which of the available DHCP servers is best suited to meet your specific requirements and always get a second opinion.


What's The Bottom Line?
Assigning client addresses automatically is by far the easiest option of the two. To set-up clients to receive their address information automatically all you need to do is to set your TCP/IP control panels to receive automatically. The DHCP server then assigns the required client address information.
If you intend to set up your client computers manually, make sure that the assigned IP address is in the same range of your default router address and that it is unique to your private network. However we would highly recommend that if you have a network of computers and the option to assign your TCP/IP client configurations automatically, please do. An IP address allocation scheme will reduce the time it takes to set-up client computers and eliminate the possibilities of administrative errors..

What is NAT?

What is NAT?

In computer networking, the process of network address translation (NAT, also known as network masquerading or IP-masquerading) involves re-writing the source and/or destination addresses of IP packets as they pass through a router or firewall. Most systems using NAT do so in order to enable multiple hosts on a private network to access the Internet using a single public IP address (see gateway). According to specifications, routers should not act in this way, but many network administrators find NAT a convenient technique and use it widely. Nonetheless, NAT can introduce complications in communication between hosts.
NAT first became popular as a way to deal with the IPv4 address shortage and to avoid the difficulty of reserving IP addresses. Use of NAT has proven particularly popular in countries other than the United States, which (for historical reasons) have fewer address-blocks allocated per capita. It has become a standard feature in routers for home and small-office Internet connections, where the price of extra IP addresses would often outweigh the benefits.

In a typical configuration, a local network uses one of the designated "private" IP address subnets (the RFC 1918 Private Network Addresses are 192.168.x.x, 172.16.x.x through 172.31.x.x, and 10.x.x.x), and a router on that network has a private address (such as 192.168.0.1) in that address space. The router is also connected to the Internet with a single "public" address (known as "overloaded" NAT) or multiple "public" addresses assigned by an ISP. As traffic passes from the local network to the Internet, the source address in each packet is translated on the fly from the private addresses to the public address(es). The router tracks basic data about each active connection (particularly the destination address and port). When a reply returns to the router, it uses the connection tracking data it stored during the outbound phase to determine where on the internal network to forward the reply; the TCP or UDP client port numbers are used to demultiplex the packets in the case of overloaded NAT, or IP address and port number when multiple public addresses are available, on packet return. To a system on the Internet, the router itself appears to be the source/destination for this traffic.

The wide adoption of IPv6 would make NAT unuseful as a method of handling the shortage of IPv4 address space. However, migration to IPv6 is proving difficult.

Drawbacks
Hosts behind a NAT-enabled router do not have true end-to-end connectivity and cannot participate in some Internet protocols. Services that require the initiation of TCP connections from the outside network, or stateless protocols such as those using UDP, can be disrupted. Unless the NAT router makes a specific effort to support such protocols, incoming packets cannot reach their destination. Some protocols can accommodate one instance of NAT between participating hosts ("passive mode" FTP, for example), sometimes with the assistance of an Application Layer Gateway (see below), but fail when both systems are separated from the internet by NAT. Use of NAT also complicates security protocols such as IPsec.

End-to-end connectivity has been a core principle of the Internet, supported for example by the Internet Architecture Board. Some people thus regard NAT as a detriment to the Public Internet. Some internet service providers (ISPs) only provide their customers with "local" IP addresses. Thus, these customers must access services external to the ISP's network through NAT. As a result, some may argue that such companies do not properly provide "Internet" service.

Depending on one's point of view, another drawback of NAT is that it greatly slowed the acceptance of IPv6, relegating it to research networks and limited public use.

Benefits
In addition to the convenience and low cost of NAT, the lack of full bidirectional connectivity can be regarded in some situations as a "feature", rather than a "limitation". To the extent that NAT depends on a machine on the local network to initiate any connection to hosts on the other side of the router, it prevents malicious activity initiated by outside hosts from reaching those local hosts. This can enhance the reliability of local systems by stopping worms and enhance privacy by discouraging scans. Many NAT-enabled firewalls use this as the core of the protection they provide.

The greatest benefit of NAT is that it is a practical solution to the impending exhaustion of IPv4 address space. Networks that previously required a Class B IP range or a block of Class C network addresses can now be connected to the Internet with as little as a single IP address (many home networks are set up this way). The more common arrangement is having machines that require true bidirectional and unfettered connectivity supplied with a 'real' IP addresses, while having machines that do not provide services to outside users (e.g. a secretary's computer) tucked away behind NAT with only a few IP addresses used to enable Internet access.

Basic NAT vs port number translation
Two kinds of network address translation exist. The type often popularly called simply "NAT" (also sometimes named "Network Address Port Translation" or "NAPT" or even PAT) refers to network address translation involving the mapping of port numbers, allowing multiple machines to share a single IP address. The other, technically simpler, form - also called NAT or "one-to-one NAT" or "basic NAT" or "static NAT" - involves only address translation, not port mapping. This requires an external IP address for each simultaneous connection. Broadband routers often use this feature, sometimes labelled "DMZ host", to allow a designated computer to accept all external connections even when the router itself uses the only available external IP address.

NAT with port-translation comes in two sub-types: source address translation (source NAT), which re-writes the IP address of the computer which initiated the connection; and its counterpart, destination address translation (destination NAT). In practice, both are usually used together in coordination for two-way communication.

Applications affected by NAT
Some higher-layer protocols (such as FTP and SIP) send network layer address information inside application payloads. FTP in active mode, for example, uses separate connections for control traffic (commands) and for data traffic (file contents). When requesting a file transfer, the host making the request identifies the corresponding data connection by its layer 3 and layer 4 addresses. If the host making the request lies behind a simple NAT firewall, the translation of the IP address and/or TCP port number makes the information received by the server invalid.
An Application Layer Gateway (ALG) can fix this problem. An ALG software module running on a NAT firewall device updates any payload data made invalid by address translation. ALGs obviously need to understand the higher-layer protocol that they need to fix, and so each protocol with this problem requires a separate ALG.

Another possible solution to this problem is to use NAT traversal techniques using protocols such as STUN or ICE or proprietary approaches in a session border controller. NAT traversal is possible in both TCP- and UDP-based applications, but the UDP-based technique is simpler, more widely understood, and more compatible with legacy NATs. In either case, the high level protocol must be designed with NAT traversal in mind, and it does not work reliably across symmetric NATs or other poorly-behaved legacy NATs.

Yet another possibility is UPnP (Universal Plug and Play) or Bonjour but this requires the cooperation of the NAT device.
Most traditional client-server protocols (FTP being the main exception), however, do not send layer 3 contact information and therefore do not require any special treatment by NATs. In fact, avoiding NAT complications is practically a requirement when designing new higher-layer protocols today.

NATs can also cause problems where IPsec encryption is applied and in cases where multiple devices such as SIP phones are located behind a NAT. Phones which encrypt their signalling with IPsec encapsulate the port information within the IPsec packet meaning that NA(P)T devices cannot access and translate the port. In these cases the NA(P)T devices revert to simple NAT operation. This means that all traffic returning to the NAT will be mapped onto one client causing the service to fail. There are a couple of solutions to this problem, one is to use TLS which operates at level 4 in the OSI Reference Model and therefore does not mask the port number, or to Encapsulate the IPsec within UDP - the latter being the solution chosen by TISPAN to achieve secure NAT traversal..

What is a Local Area Network?

What is a Local Area Network?

If you're curious about networking, this primer will provide an introduction to Local Area Networks. For a discussion of network terminology, see Network Introduction.

A Local Area Network (LAN) is a high-speed communications system designed to link computers and other data processing devices together within a small geographic area, such as a workgroup, department, or building. Several LANs can also be interconnected within a campus of buildings to extend connectivity (also called a Wide Area Network or WAN). This allows users to electronically share vital computing resources, such as expensive hardware (e.g. printers and CD-ROM drives), application programs, and information.

Local Area Networks implement shared access technology. This means that all of the devices attached to the LAN share a single communications medium, usually a coaxial, twisted-pair, or fiber-optic cable.

A physical connection to the network is made by putting a network interface card (NIC) inside the computer and connecting it to the network cable. Once the physical connection is in place, the network software manages communications between stations on the network.

To send messages to and from computers, the network software puts the message information in a packet. (If the message to be sent is too big to fit into one packet, it will be sent in a series of packets.) In addition to the message data, the packet contains a header and a trailer that carry special information to the destination. One piece of information in the header is the address of the destination.

The NIC transmits the packet onto the LAN as a stream of data represented by changes in electrical signals. As it travels along the shared cable, each NIC checks its destination address to determine if the packet is addressed to it. When the packet arrives at the proper address, the NIC copies it and gives its data to the computer. Since each individual packet is small, it takes very little time to travel to the ends of the cable. After a packet carrying one message passes along the cable, another station can send its packet. In this way, many devices can share the same LAN medium.

Each LAN has its own unique topology, or geometric arrangement. There are three basic topologies: bus, ring, and star. Most LANs are a combination of these arrangements.

In a bus topology all of the devices are connected to a central cable or backbone.

In a ring topology the devices are connected in a closed loop so that each device is connected to two others, one on either side. This kind of topology is robust; that is, one device's failure will probably not cause total network failure.

In a star topology the devices are all connected to a central hub, which forwards data towards its final destination. The NCI-Frederick LAN infrastructure is standardized on the star topology. If the data's destination is within the local star segment, the hub will forward data directly to the destination device; if the data's destination is outside the local star segment, the hub forwards the data to a router.

Depending on the topology and media that are used, as well as the protocols (formats for transmitting data) that are implemented, a LAN can permit data transfer rates of up to 100 Million bps.

What is an IP Address?

What is an IP Address?

.IP Address:

Definition 1: Every machine that is on a network (a local network, or the network of the Internet) has a unique IP number [four sets of numbers divided by period with up to three numbers in each set. (Ie 64.139.27.165)] - If a machine does not have an IP address it cannot be on a network. Most machines also have one or more Domain Names that are easier for people to remember.

Definition 2:
An identifier for a computer or device on a TCP/IP network. Networks using the TCP/IP protocol route messages based on the IP address of the destination. The format of an IP address is a 32-bit numeric address written as four numbers separated by periods. Each number can be zero to 255. For example, 1.160.10.240 could be an IP address.


Within an isolated network, you can assign IP addresses at random as long as each one is unique. However, connecting a private network to the Internet requires using registered IP addresses (called Internet addresses) to avoid duplicates.

The four numbers in an IP address are used in different ways to identify a particular network and a host on that network. Four regional Internet registries -- ARIN, RIPE NCC, LACNIC and APNIC -- assign Internet addresses from the following three classes.


•Class A - supports 16 million hosts on each of 126 networks

•Class B - supports 65,000 hosts on each of 16,000 networks

•Class C - supports 254 hosts on each of 2 million networks

Definition 3:
Every machine on the Internet has a unique identifying number, called an IP Address. A typical IP address looks like this:

•216.27.61.137

To make it easier for us humans to remember, IP addresses are normally expressed in decimal format as a "dotted decimal number" like the one above. But computers communicate in binary form. Look at the same IP address in binary:

•11011000.00011011.00111101.10001001

The four numbers in an IP address are called octets, because they each have eight positions when viewed in binary form. If you add all the positions together, you get 32, which is why IP addresses are considered 32-bit numbers. Since each of the eight positions can have two different states (1 or 0) the total number of possible combinations per octet is 28 or 256. So each octet can contain any value between 0 and 255. Combine the four octets and you get 232 or a possible 4,294,967,296 unique values!.