Logic Magnified
How do you begin to unpack a complicated network architecture?
When you are given a challenge to simplify a largely complex network and you have no idea where to begin, I would encourage you to pause for a bit and remind yourself of the core concepts of why a network exists. So, why does a network exist? The simplest answer to this crucial question, is that people need access to information. Now, access to information is limited to the type of method used to store information and more importantly where it is stored.
If information is stored electronically, then there are only a finite number of ways to access this information, meaning you have to make use of electronic devices to access this electronically available information. I know, I realise that I must be repeating myself in that previous sentence, but it was really meant to drive home the fact that if information is stored electronically on a device at remote part of the world that is different from your current location, then the expectation to simply walk up and grab that piece of information, is quite ridiculous isn’t it?
So, how do we achieve this almost insurmountable unachievable task of attaining that electronic information? Well, it’s not really unachievable really, if you can place yourself in a position that represents you in that digital world. Your devices, your phone, your tablet, your iPad, your laptop, your personal computer, all of which places or rather represents your actions in the digital world. Now that you have a starting point for you in the electronic / digital world, and we previously determined we have an end point in the electronic /digital world keeping hostage the information that you want, we need a means for you to get from Start to End, don’t we!
This my friends is the birth of the need for a network.
If it weren’t for us as human beings trying to reach a potential piece of digitized information that is not close to our proximity and not reachable to us outside of the digital world, there will be no need for the existence of a Network. Well, luckily for network enthusiasts such as myself and hopefully you as well, there is that need to access digitized information and therefore there is that need to have the existence of the Network.
Now, you must be thinking how does this mambo jumbo help you unpack a complex network?
What did we learn from above?
I noted that you need two elements, namely, a source and a destination to be able to create the concept of a networked requirement. If you can identify all your sources or rather (devices that require information) as well as all your destinations or rather (devices that store information), then you can start to map out all the source / destination relationships that need to be paired together to be able to create network requirement two source and destination endpoints (a device at the end of a network segment). The reason we look for relationships between source and destination endpoints is because we are on an intrepid hunt to find the route a request would take from the source endpoint of a request all the way to its destination endpoint of where the request can be answered. All this hunting for relationships should in good faith reel in a treasure trove of information regarding all the possible routes between source and destination endpoints by now.
Once you have the routes between source and destination endpoints, you would then need to take a closer look at your source endpoint devices for a quick reveal of where your network boundaries need to be defined. I mean, after all we are attempting to explain how to unpack a complex network aren’t we?
Each source and destination endpoint is allocated what we call an internet protocol address (IP Address) which tells the world where to find it in relation to all other devices connected to the same network. By that same point I could also extend this to mean that different networks can be connected to each other as well via some of the same mediums that connect two or more devices. A network can be defined as a “subnet” which is a mathematical way to group a consecutive array of IP Addresses together that would represent a small / large network of connected devices.
So we have gone through two concepts which are: 1) a way to identify single devices on a network namely, IP addresses or subnets of devices and 2) relationships formed between devices that give up information of how to route from a source device to a destination device, namely, a defined route on a network.
IP Addresses, subnets and routes are stored and managed by a network device called a router. Dipping into a material that cannot be done justice by merely this blog post, a router is an Open Systems Interconnections (OSI) model’s definition of a layer 3 device capable of passing network traffic by referencing a network packet’s IP address headers.
A router can therefore potentially store a routing table with all the known routes between source and destination networks. Having said this, the information that actually gets stored in a routing table is only the definition of a destination network subnet and where to send the traffic if traffic is intended for that subnet. It does not store source subnet information as the router always just tells you how to get to a destination and not where you came from.
A few simple notions here:
This simple checklist should start to put your mind at ease once you start unpacking your complex computer network by racing through the four checkpoints above. Have fun!
A key to understanding what a good security framework is, is to first understand what this question actually means.
So, let us breakdown the question a bit. What do I mean by security framework for business?
Why do we even give a 2 cents about security for business? The truth here is that security as a word is meant to make you feel protected from something dangerous or protect you from something/someone who wants to take away what you deem to be important to you.
So with that diluted definition of security in mind, how do we start hacking away at developing this security framework?
Oops, one more definition if i may…what is a framework?
A framework is a real or conceptual structure intended to serve as a support or guide for the building of something that expands the structure into something useful. In the case of this post, I hope to give you a framework that would guide you in your path to setting up a good defence strategy in protecting your information assets.
When someone talks about security, it’s usually in the context of wanting to be safe from someone or something. We can say this in another way in that people feel safe when they are able to identify the person or object they are interacting with. By this understanding you can conclude that identification plays an important role in a good security framework as this aids in our objective to stay safe or rather in the context of business, keep our assets and information safe.
Identification doesn’t need to be limited to the scope of seeking out potential threats thou. In the context of the information age, data classification, or rather…, wait for it…, identifying what data is important to us and what is not, also helps us paint a clearer picture of where we should invest our attention and resources on. Therefore this process, called Data Classification, makes it onto our journey towards creating a good security framework.
Armed with the words Identification and Data Classification, and this is just me guessing here, probably doesn’t do much for you right?
What are the different ways that Identification can help in the protection of your information assets?
Well, if we draw an imaginary box around our business and say to the world this box is made of fiery hot lava and if you pass it to try to get at my information, you will be melted into gooey pulp of hot liquid ooze and no wizard in Hogwarts will be able to mould you back into a human being, would you say that our information is relatively safe?
Most all businesses, before 2013 would have probably said yes that they are safe to the above question. And no, they most certainly did not build pits of lava around their buildings…although that would be a cool (no…hot) thing to see, haha…
The earlier concepts of security spoke widely about protecting your perimeter which meant for many businesses, placing a firewall (It’s a network device, cool your jets now), between the business network and the Internet. This network device sat as gate-keeper and monitored all traffic in and out of the business. The general rule of thumb here was to block all inbound connections from the internet except for the services that you truly wanted to expose to inbound connections and then basically pretty much allow all outbound connections, well because back then “phishing” ({soft under tone voice} will explain later), wasn’t really a thing and outbound monitoring wasn’t really needed.
Ok so we covered firewalls at the perimeter, so what other fancy pants tools did businesses use to protect the perimeter?
As email got introduced to the world, this then became another entry point into a business, so the fancy pants tool in this instance was something appropriately described as an email filtering system. This system acted as the gate-keeper for all email into and out of a business. It used technology like Anti-Virus Scanners to scan the emails for any viruses that may have been present in any of the emails coming into the business or leaving the business for that matter as well.
While many a folk were certainly focused on the perimeter protection, there were others also looking after the inside of the network. Yes, I let you sneak a peek above… Anti-Virus providers grew stronger, as the years sped on, to better protect our user workstations from getting infected, nope not from the flu, but by a virus. The kind of virus that prevented either your applications or even an entire workstation from working. As a new virus was introduced to the world, the Anti-Virus providers tried keeping up by updating their software to be able to detect the new viruses and thereby block the virus from infecting other workstations. This to and fro battle continues even today in this information age we now find ourselves in.
These three tools, firewalls, email filtering systems and Anti-Virus programs all used the ability to identify a safe state or a threat state of the data traffic entering or leaving your business to be able to protect your business from your information being lost to the bad guys.
Later on, we see how Identification evolves into further helping your business in the battles with Dr.Evil.
Data Classification is a much harder topic, but let us take a crack at it. Data Classification is a process of categorising data assets based on its sensitivity. It may be classified as: public, internal, confidential (or highly confidential), restricted, regulatory, or top-secret.
Now in a new Start-Up, Data Classification is super simple as you have the opportunity to classify the data as you give birth to the data. Thou the opposite can be said for an existing business or enterprise where the data points are vastly spread out and often not commonly known to all in the business. Therefore classification in this respect becomes a rather long drawn out process which usually gets a low priority because of the sheer effort of the task.
But without classification of your data how does a business know if they are leaving a valuable piece of their business just out there for the grizzly to pounce on it (#Fancy Bear reference). Are we creating new points of entry into business by not appropriately classifying our data? The IT folk/security folk, all probably answer yes to this question, not because it’s true, but because an unanswered question is open to speculation and speculation always at least once in any scenario offers a negative outcome.
With the introduction of cloud providers and therefore cloud services such as storage on the public internet, I will leave you with this thought, if you are not actively telling your staff what data is important to you and what is not, how do you expect them to know whether storing this data in the publicly available storage platforms by multiple cloud providers is safe or not? The flip side to this is that if your staff is already doing this and the IT and Security folk don’t know where this is happening how can the put security measures in place to protect that data?
Let us recap shall we…
A Good Security Framework: (So far…)
So we are slowly getting there, I see…
What is an Insider Threat?
In the past all businesses merely focused on perimeter security which, as you can imagine focused the Death-Star beam solely on the exterior of the business. This basically left the inside of the network in the dark and in clear view of Dr.Evil to come in and poke around. With firewalls predominantly blocking most if not all inbound connections, the focus was not nearly enough to inspect and block outbound connections as well. This loophole in the security posture of businesses back then was quickly found out by the bad guys out there. These bad guys then designed innovative ways to bypass the firewalls and tricking the users of businesses in creating outbound connections to their compromised websites on the internet which thereby started to give the bad guys direct access to the internal workstations.
All this accomplished without having to make a single inbound connection to the firewall that was all blocking inbound connections. This simple scenario thereafter introduced the concept of the Insider Threat, well in the context of the scenario below that is, and this concept has never left us since that horrid day.
So this new threat then forced the innovative spirit of the good guys and therefore brought the world what many proudly or frustratingly call the Internet Proxy. The internet proxy then sat on the inside of the network usually in between the users and the internet to filter outbound traffic towards the internet and attempted to identify safe states or threat states of the inspected traffic. It then blocked all threat states of that traffic and thereby started winning back the war from the bad guys.
Before we add this new tool to the recap, let us first explore what threat condition gave the bad guys benefit prior to the introduction of the Internet Proxy. This threat condition is called the “Phishing Attack”. It got this name because of the similarities to the conventional water sport/survival practice known as fishing in which the fisherman baits the fish into biting the hook before reeling it in for the kill. In a similar fashion the attacker usually either sends the fish…oops sorry, user an email with the bait being a link and the hook being a compromised website, so when the user clicks on the link and browses to the website, creating the outbound connection which is allowed by the firewall, either the user’s machine then gets infected with a virus or information gets stolen. On the other hand an attacker could just merely leave a compromised website out there in the wild with a similar name to a high traffic website so if users stumble their way onto the compromised website while simply browsing the internet as part of their daily routine, they will then also be infected or have their information stolen.
In practical sense, once the hook catches its bait, going in for the kill would mean that the bad guy would need to exploit some kind of vulnerability on the users’ workstation to be able to compromise the machine. What this means is that an additional line of defence is required to stop this from happening even if the hook was effective in luring the victim in, an excellent vulnerability management programme needs to be in place to be able to appropriately identify potential vulnerable workstations so that they can be patched to the latest software version that would stop the vulnerability from being exploitable. In turn this also means you would need to have an equally effective patch management programme to be able to remediate vulnerable workstations in a timely manner.
In addition to vulnerabilities found on workstations, vulnerable services on your server equipment that are exposed to the internet could also be a threat. A constant review of public facing services needs to be in place so that you have a remediation plan for these services if they are absolutely meant to remain public facing.
So to recap on our framework, we now also added the capability to inspect outbound traffic to the internet as well as identify safe states and threat states and therefore block outbound threat states towards the internet. A good vulnerability management and patch management programme will be needed. A continuous review of all internet facing services must be held and vulnerabilities remediated where identified. I will re-summarize the entire framework with all additional points towards the end of the post again.
So the question beckons, what happens when the next guy is smarter than you, like way smarter?
When all the security measures your genius team puts together are not enough and the bad guys get into your network un-detected, what then?
Well, the answer is right under your nose isn’t it? They got in un-detected…so the next notch in your armour should be aimed at empowering detection capability within your business isn’t it?
With detection capability we start to introduce concepts like Indicators of Compromise. What tells you that a workstation on your network has been compromised? How do you even know where to look? More importantly how do you know when the workstation was compromised and how far spread the infection was?
Let us unpack this concept of Indicators of Compromise a bit more, shall we?
Yes, we shall, most definitely…
The best way to spot the needle in the haystack is to know that the haystack is not made of metal and that the needle is made of metal. What I mean by this, is if you understand what the norm in your network is then it would be relatively easy to spot the variances from the norm. Let us explore a scenario that might better explain this.
If you suddenly have your sales staff making attempts to access areas of your network that is usually restricted to sales staff. That may be an indicator of compromise because the behaviour is not the norm. You want to investigate further in this regard.
Another example, would be if you suddenly start to witness excessive traffic generated from one workstation on your network to every other device on your network. This is not normal traffic for any business and usually points to what the bad guy’s call a port scan. This port scan allows the bad guy to find other workstations on the network that are easy targets for compromise. You want to investigate further in this regard.
So how do you monitor for indicators of compromise?
So that ends the blog post correct? We are safe…there is nothing else we need to do because we won…
Ok so you didn’t believe that for a second did you…and you shouldn’t believe that we are done…not even for a second…
Our adversaries are determined and in some instances maybe even more so than the good guys. This therefore always inspires innovation in the threat space which keeps us good guys always switched on and on our toes looking eagerly towards the future to see what is next…
So there in, I bring to you the bonus round….
Authentication, Authorization and Accounting, as well as network segmentation and application whitelisting, not forgetting be-gone the admin level access to the user.
So to add to our arsenal of weaponry against the unforeseen ungodly nightmare of the dark in this fight to the never-ending finish line, we have to create the ability to only allow in our environment, what and who we can verify to be required on our network. This scenario is introduced by the concepts of authenticating only valid users on the network, authorizing only valid services on the network for authenticated users and accounting for all their network traffic so it can be monitored and added to future correlated data for threat analysis. This scenario is further secured by keeping your different business areas segmented from each other which will make it easier for unusual traffic to be identified. Removing admin level access from your users will make it easier to avoid unwanted applications being installed on your workstations which will help the drive to only run known applications / whitelisted applications on your network. This then prevents the attacker to introduce their infected applications into the environment and gain a foothold on your network.
Ok so, as promised here is the summary below…
A Good Security Framework: (…in my humble opinion…)
I certainly hope this post invokes and inspires great discussion in your businesses to better help you protect what is gold to you and yours. Stay Aware…
Well, let’s first get down to the basics and define a few keywords here. A network is a group of connected devices that allows for the sharing of resources and information. Each device on the network is identified by what we call an Internet protocol (IP) address. All devices are connected to a single network, either physically or wirelessly connecting to a single device called a switch or wireless access point. The definition of all common devices connecting via a single medium is called a local area network (LAN).
With all devices connected to each other via cable or wireless, the question beckons, how do these devices communicate with each other?
Well, these connected devices send data between each other by addressing each other by their IP address. The sender’s and recipient’s IP address are both found in the data stream that flows between the sender and receiver. This information therefore allows the receiver to respond to the sender.
So by this oversimplified description of networking, we can take from this that the IP address is an important piece of the puzzle to allow devices to communicate on a single network.
Now, with that fun fact in your pocket, how does this bring us back on track to the topic at hand? Well, let’s hit you with another definition, shall we?
A vlan (pronounced V LAN), like a LAN is a “virtual” local area network which means that you no longer need a physical device acting as a connecting medium between all other networked devices per LAN. All that is different in this scenario, is that each virtual LAN is represented by what we call a vlan tag… a number value between 1 and 4096.
Now, there are more in-depth concepts to know about networking, like “IP subnetting” which we will not go through in this post although it is crucial to actually realizing vlan segmentation. Check out the CCENT courses on cbtnuggets by Jeremy Cioara for a detailed look at how to subnet like a boss. Here is a link to a few examples covering Jeremy’s method of subnetting.
The basics thou on subnetting is that you can calve out slices of a network subnet into smaller pieces to then make up multiple smaller subnets. This way you can save IP addresses and still keep devices protected from talking to each other by placing them into their own subnet or vlan. Each subnet makes up a vlan. Each vlan plays within its own IP address space. Devices in a single vlan can send broadcast messages to every device only within the boundaries of its own vlan.
Therefore an additional benefit to vlan segmentation is the reduction of broadcast packets on the Network. This is great for improving network performance.
So let’s get started with the shopping list shall we?
What makes a good planning session for vlan segmentation… here is your check list below:
> Define your starting subnet size. What is the network subnet that you will be breaking up into smaller networks?
> How many different networks do you need at the one site?
> How many devices do you need to cater for in each smaller network?
The Network block sizes starts from 2 and works its way up to 128 in an exponential to the power of two. E.g. 2, 4, 8, 16, 32, 64 & 128
In each network block size, you will need to reserve the first IP address for the Network identifier and the last IP address as the broadcast IP address therefore we can take the above increment examples and subtract 2 from it to get a true available count of IP addresses to use in your smaller subnets.
Illustration 1: Block Size Template
In the illustration above you can see that in each subnet block the next number from zero increases by the amount denoted by the block size, so if the subnet block is 4, you see increments of 4 until you reach the end denoted by the number 256.
> Now that you have defined how many networks you need and the size of your smaller networks, it’s time to line them up in descending counts. Let us explain this with a small scenario:
Scenario 1: You have a Network subnet of 192.168.0.0/24. This equates to 254 available IP Addresses to allocate to networked devices. You have to break this large subnet up into 5 smaller networks of different sizes to allocate for the different types of networked devices in your office. You have to cater for at least 80 client pc’s, about 20 printers and 9 wireless access points that offer 2 different Wi-Fi networks that would each need to cater for at least 25 clients.
So to summarize, I have 5 networks that I need to cater for in descending order from 80 desktop clients, 2 x 25 wireless clients, 20 x printers and lastly 9 wireless access points. When applying these numbers to the Block Size template, you must choose a block size that is larger than the amount of clients needing IP addresses for that network. Therefore I would need at least 1 x block 128, 3 x block 32 and 1 x block 16.
Always start your largest network from dot zero. Therefore the network range for the PC’s would be from 192.168.0.0 – 192.168.0.127. Remembering that the first IP and the last IP in a range should be reserved as network identifier and the broadcast IP, you then land up with the following definition for the first IP block:
Block Size 128 Subnet: 192.168.0.0/25 (Slash Notation Representation)
192.168.0.0: Network Identifier
192.168.0.1 – 126: Available IP’s in Block Size 128 subnet
192.168.0.127: Broadcast IP
The easier way to write down a network subnet is by slash notation. The cheat sheet for slash notation for the different block sizes is below:
From the range of available IP’s you would need to select which IP in the range would be best suited as your default gateway for that Network block. A word of advice, would be to always either choose the first available IP address in the range or the last available IP in the range.
After sorting your required Network blocks in descending order and defining your Network identities, gateways and broadcast IP addresses, you would have, at this point defined your blueprint for vlan segmenting your Network.
Scenario 1: Vlan Segmentation Example Blueprint
All that’s left to do now is to configure your network as per your blueprint and switch on your network!
With the thunderstorm approaching and the thick grayish clouds bellowing towards them and the horror in his eyes from looking upwards and onwards at the impending storm, the captain acknowledges the exhaustion on his teammates which spelled a story of a fatigued team just waiting for this all to end. The attempt from their captain to inspire the team with words he believed to be motivating …“only 5 minutes left guys, we can do this!!!” drowned the team even more so into exhaustion.
Up high on the stands, a lonely supporter spotting his favorite team’s mindset, starts to chant. A chant that startled the lonely supporter’s friends who look at their friend weirdly and start to laugh. NOT wavering from the chant when his friends start to ridicule him, he continues even louder. His friends now filled with a sense of pride having knowing this fool of a man , down their drinks and join the man in his chant, adding a bit of rhythm by beating in their seats. The supporters around this mad bunch of friends start to catch on to the crowd fever and join in on the chant and soon the entire wing of supporters are chanting. The team start to hear a faint voice but brush it of to the weather approaching. The crowd doubled, no, tripled in size, all echoing the same words which by now as you can imagine, gets even louder. The ears of the team start to twitch as they gain familiarity with the wise words spoken and with renewed energy they turn briefly to the crowed and acknowledge their supporters. The team give a quick ooh-rah before deadly focusing on their opposition whilst the crowd bellowing in the background the words…
” DE-FENCE!!! DEFENCE!!! DE-FENCE!!! ” …
The team stand ready to face their most fierce opponent yet.
The short story above was my attempt showing you how someones mindset can easily be influenced by perspective.
Every single person that’s put in front of you in your life until now has said to you in the tough times that if you can put your mind too it you can accomplish anything. These words are meant to be taken literally.
Life always throws choices at you and it’s your moral compass that guides you to make what you believe to be the right choices in life. But choice is best aided with perspective. It makes it easier to choose between your favorite restaurant and a new restaurant with raving reviews for dinner tonight if you are reminded of the fact that you met your first love at your favorite restaurant and just by the way you find out this same restaurant is opening its doors for the last time tonight. It’s perspective that often guides people’s choices in life but more importantly its information that offers perspective.
In this day and age we live in today which many people call The Information Age. I couldn’t disagree with these wise people. A day where it’s easier to wish your long-lasting friendships a happy birthday on social media than it is to send a text or even call.
At the same time this very same platform which many call anti-social media, gets this name by forcing people to choose out of convenience, to connect with each other via their phones instead of breaking bread with each other over dinner. This same platform also however at times offers the only way of re-connecting with loved ones that have been separated by time and distance.
So what’s the win-win story in this day an age where your whole life story can get rewritten for you if you piss off the wrong bad guy who knows a thing or two about hacking and social engineering, knowing enough to get you to spill your beans about your name , your number, your place of rest , your place of work , your place of play…
How do you protect yourself from the dark side of the Information Age?
Well, you should arm yourself with information…it’s really that simple.
Growing your self-awareness around the ease in which social engineering occurs and that caring about your privacy online should actually mean something to you.
Knowing that hacking is a thing and that bad guys are not an imaginary creation of movie directors. Knowing the value of your data and why you should care if it gets stolen is the first step to protecting yourselves from the perils of the numerous threats that live on the internet.
With the internet being the custodian of today’s worlds data, it’s imperative that you do your due diligence on where you place your data and how you secure it…
Arm yourself with knowledge. Arm yourself with information. Arm yourself with relationships. Relationships with people who can take the journey with you in securing your most valuable assets.
And most importantly, know that your information is the most valuable asset.
“…lean in on different perspectives…go on…learn something new.”
When you start to look at a problem, what is the first thing that goes through your mind?
Well, I can certainly tell you what my first thoughts are…..WHY ME????
Don’t get me wrong, I love problem solving but it just gets overwhelming sometimes…especially if it’s going to be done the right way. Now, I don’t claim to be the “all-seeing-eye“ on the subject of problem solving but I do believe that the method I use, works in almost any situation if enough effort is made in attempting to solve the problem at hand.
I like to view a problem as merely an arrangements of words strung together to form a complex sentence. With this nugget in mind, we now have a starting point. We can begin to take apart the complexities surrounding the problem statement by identifying the players involved and what each player’s objective / role / contribution is, to the problem. This way we can look at the problem from multiple angles. The various perspectives give us multiple scenarios to understand, thereafter we can start to eliminate fact from noise.
I like to believe that there is always a logical explanation for what is happening in front of us and finding that logic is getting half way to your solution for any kind of problem. Knowing the reasons for why a problem is a problem will help you identify what’s missing. Potentially the missing gaps offer you clues to what the solution to your problem may be.
Let’s take a bullet point look at problem solving…
Problem solving tips:
It is important to understand your environment or the environment that you are thrown into, which impact the scenarios that are problematic. If you are able to properly understand the environment impacting a problem then you will be able to easily identify the factors contributing to a problem. Knowing the contributing factors to a problem is crucial in determining what comes next, which is how do you remove those contributing factors from the equation?
My special piece of advice with regards to problem solving would be that you, Become the logic hunter!
Everyone seems to be talking about cloud and how great it will be at cutting costs by reducing manpower needed for maintaining on premise hardware. Cloud is the future they say. While this may be true, it is also true to be logically minded about what information you make available on cloud platforms and what should be the layers of security you place around accessing this information.
To place all your data on a cloud platform is daunting at best to most IT Security departments. So to help you in your journey to cloud I have listed what I feel to be the important factors that I believe should go into the decision-making process of going to cloud or not.
Factors that should influence your to-the-cloud-decision:
Complex password policy would mean that at a minimum, your password is required to be 12 characters long, which will include both UPPERCASE and lowercase English characters as well as numerical values and special characters.
By now, your brain is almost fried. You probably had a little cry from the stress levels of having to think about all that fun stuff, right? You’re on the right path if this concerns you.
It is absolutely the stuff you need to be thinking about when making that call to put your information on the cloud or not.
With the Internet of things approaching our sights steadily fast, you have to wonder, has you non-work life habits imprinted an appetite within your self-consciousness to already be ready to consume cloud services? Your personal appetite and experiences with cloud services also impact the decision to move your business data to cloud but the cost if compromised is so much greater with your business data.
Therefore you have to place your own personal beliefs aside when making this call and evaluate the cloud solution for what it is, a solution that offers ease of access of your information that must be coupled with strong security controls to mitigate any of the attack scenarios a bad actor might use to get at your data. The more informed you are the more armed you are in your decision to cloud or not to cloud…
When troubleshooting a network problem, you have only one objective. This is to understand how your network works! Without observing the normal behavior of your network and identifying what needs to happen, picking up what is broken, what is not the norm, what is not flowing in the wrong direction, will forever be a dream.
Speaking about dreams, let us fire up those imagination cells and paint a picture about a fictional network. This network, let’s say it is a basic network connecting 2 computers to a printer and to the Internet. These computers belong to two very different human beings. One concerned on sales and the other on production. Sales is always concerned on how much production can output and production is always concerned on what the sales projections look like. But the trick here is that the two humans refuse to collaborate and share information with each other unless it goes through email. That way they each know that the information shared is deliberate and not freely accessed.
Did I mention these two humans where brothers? Yup competitive at that, as well. Always trying to do better than the other. Yes, and you are the lucky one that they approach to setup their network.
Brace yourself…
Part 1: The Design Phase
Well, you think back to you Cisco ENT training days and confirm in your thoughts that all you really need here is the following equipment:
That’s it right? , hmmm…something is missing…the brothers think to themselves. They look down at their smartphones and BAMMM!! Stars!! Drum Rolls!! IDEA!! “What about WiFi? We want free WiFi”, they say. You begin to giggle but hold it back. They might get WiFi but they will also end up paying for it at the end of the day, you grin internally and agree, “yes, we can deliver WiFi as well”, deliberately forgetting the word free in your promise.
So, we have a network! Nope, we have endpoints! These endpoints need to still be connected to each other with network cable to truly represent a network. A Network, defined, is a group of connected devices that share common resources and information.
So how do we begin to connect these endpoints together to setup a network?
While the router is the bread winner in this design and provides the internet access, the switch is the real deal in keeping the communication channels open between each device connected to it. And the other devices, well they all access the internet and make use of the common resources like the printer. (See diagram 1 for a depiction of what a connected network would look like)
Diagram 1: A Basic Network Layout
Now that we can see how the devices physically connect to each other, this still does not tell us how they will know how to communicate to each other. Being able to physically and logically identify each connected device uniquely will greatly help our crusade in getting better communication flow between these connected devices.
We heat up the old stamping iron in our fireplace and we press hard on each device to physically mark them… (Insert evil laugh emoji) OK we don’t do the above.
Each device that is network capable is given a unique set of letters and numbers by its manufacturer called the MAC Address (Media Access Control Address). This is a 12 character address displayed either in 3 sets of 4 characters each or 6 sets of 2 characters each. E.g. C0-91-34-33-F0-80
Network packets that flow from one device to the next are populated with the details of where it’s coming from and where it’s going too. These details include the Source Mac Address and the Destination Mac Address. Each packet must contain the mac address of the destination device so that when the packet passes a device, that device knows where to the send the packet too next.
All switches maintain a Mac Address table. This table maps each port number with the mac address learned from that port on the switch. Therefore when Human 1’s laptop sends packets to the printer, the switch intercepts the packets from the port connected to laptop 1 and passes it on to the port connected to the printer. This is what we call “LAYER 2 switching”. This is the movement of network packets by simply relying on knowing each devices Mac address. Layer 2 networking is limited to devices being connected to a common switch or stack of switches because layer 2 networking is heavily dependent on a well maintained MAC Address Table.
Now that we have highlighted the need for MAC Addresses which is the physical address of a device, let us explore the logical address of a device. This is known as the IP address. An IP address is made up of 4 octets. We call it an octet because each octet when displayed in the computer language called binary, is made up of 8 digits represented by either a 0 or a 1. These groups of 8 binary digits when converted into a decimal number can fall anywhere between the number 1 and 255 inclusive.
E.g. 192.168.0.1 (Decimal)
11000000.10101000.00000000.00000001 (Binary)
This logical address remains static in a network packet while the mac address in a network packet changes after each device the packet passes through. This allows for network packets to travel far beyond the boundaries of a single switch or series of connected switches.
Remember we planted the seed earlier that a MAC address is learned by the port on a switch?
This process populates a MAC address table with the learned mapping. This is achieved by each device sending a “hello” packet to announce itself on the network. These “hello” packets help populate the switches MAC address tables so that the switch knows exactly which port each device is saying hello from. The Magic truly happens when a device tries to send a network packet to another device but does not know the mac address of the device it needs to send it too. This is because devices are more commonly identified by their logical addresses than the physical addresses.
Say for example, that laptop 1 with IP address 192.168.0.10 wants to send a print job to the printer with IP address 192.168.0.15, the laptop formulates the packet details with the source MAC address of Laptop 1, the Source IP address of laptop 1, the destination IP address of the Printer but a wildcard destination mac address. In order words it gets in front of the stage with a Mic in Hand and the speakers facing the crowd and asks the question, “Who is IP Address 192.168.0.15?”
When the printer hears this question it responds to laptop 1 with its own MAC address. Thereby allowing Laptop 1 to replace the wildcard destination mac address with the true mac address of the printer. This wildcard mac address is always initially the mac address of the devices default gateway.
So now that we semi understand how packets flow from one device to the next just by having the information in it of the source and destination IP Address and Mac Address. We can make the assumption that we can finally get to the internet, right? Well that’s assuming that accessing the internet is obtainable just by knowing the IP address of where you want to browse too, right? Hmmm… something about this story doesn’t sit quite right yet. If I recall, accessing the internet involves knowing the name or series of names of the website you want to browse too. This entails managing or maintaining some sort of list that knows the IP Address of every single name there is for a website out there.
Luckily for us, the IT folks out there have provided this list for us in the form of a Domain Name Service or in short DNS. This service is publicly accessible to use as a cheat sheet if you will to allow your device to determine the IP address of a website you are browsing.
The Recap:
Switches allow for more than one network capable device to connect to each other locally in a common space. DNS allows those devices to break loose from the confines of that common space and allow the devices to reach out and touch the World Wide Web.
A part 2 to this story coming to you soon, showing you how freedom is obtained by cutting loose those network cables.
The story begins by explaining the purpose of a network. The textbook explanation of what is a network goes a little something like what follows: A network is a group of connected devices that share common resources and information. I would say that the textbook said it best and will not make a second attempt at that explanation…
Now the act of sharing is to move items of relevance from one object in space to another. If a network allows for the sharing of resources and information, we stretch that understanding to mean that object A (for argument sake, your pc/laptop) needs to share the word document with your printer. Now! How this happens will blow your mind away…
Object A users the OSI Reference model to translate what you see on your word document into bits, and transmits these bits via electrical signals across a conductive material such as copper which connects object A to object B. The electrical signals can also be converted into radio waves before being transmitted out of object A. These radio waves broadcast the signals out to any device that is listening. The signal is intended for a specific device but the message is sent to any device that can listen for radio waves… The intended device will be able to rebuild the signal it receives into something that can be legible to the human eye.
The same electrical signals can also be converted into light pulses which then transmit through glass tubing from one connected device to another. This medium is called a fibre connection. Light being faster than movement of current through conductive material allows us the use of even greater speeds on our networks.
So you get the picture when two devices are connected to each other via either conductive material, radio waves or fibre, and yes, that is the simplest form of a network where two devices are able to share information with each other.
But there are more than 2 people that make use of technological devices in this great world of ours. We therefore need to expand this idea of a network to be able to connect more than two devices. We achieve this by making use of multiport devices such as hubs and switches.
A hub or a switch helps create a Local Area Network (LAN) which allows many devices to connect to one central device that is then used to pass information in the form of electrical signals from one connected device to the next. The Hub can be explained by the following analogy.
It is a hot summer’s day, there are crowds of people standing around in an open field. There is a rather large stage in the middle of the field. In the centre of the stage, there is a tall, shiny, new mic stand. Along the side of the stage, there are multiple sets of towering speakers facing all directions outwards towards where the crowds are located. You take to the stage and approach the Mic, you speak the words, “Welcome to the 2016 Olympic games”. Every single person in the crowd, roars into excitement from hearing those opening words that you just delivered from the stage.
Now to bring this analogy back home to what is a hub and how it works…
The same way that every single person in the crowd was able to listen for, and hear the message being broadcasted from the centre stage is similar to how the hub is able to transmit signals from one device to every other device connected to the hub on the LAN. When a hub receives electrical signals from a specific port on the hub, it re-generates that signal and broadcasts the same signal out to every other port on the hub. In essence every single device connected to the hub gets the same message.
The switch on the other hand works more like a mail man delivering mail to your post box. The mail man needs to know your physical address before it is able to deliver the mail to your post box. Similarly, the switch needs to know what is connected to each of its ports before it can pass an electrical signal through a specific port. The switch does behave like a hub every time it is powered on because it sends a broadcast message to all connected devices asking for the physical address of the device so that it can map the address back to a port on the switch. The physical address of a device is called the Machine Access Control address (MAC Address). The MAC address is stored in the memory of the switch once the switch learns the MAC address from the connected device.
So let us try and answer the question of, what is a network, again. The textbook meaning is still the following: A group of connected devices that share common resources and information. Breaking this down into its components looks a little something like what follows:
A group of connected devices: well, how are they all connected? One could say that it’s the copper cable that connects the devices. Yes, that will be true but that is just the physical connection. If there are more than two devices that are in this connected state, we add to the story that the network is the cable plus the device that all the cables connect into, which can either be a hub or a switch. Yes, I know some of you might argue that this is still a physical connection adding more physical devices to the story like a hub or switch. I would counter-argue at this point thou, that the switch or hub do add a logical element to the physical connection… So from breaking this down a bit, we now understand that the network is all the bits in between each device that is connected to each other. The micro freeways of the 21st century so to say, getting info bits from one device to the next.
And, why is a network important? Well, without connecting devices to each other via the network we will not be able to share common resources like office printers and fileservers and we will also have to physically approach and access each device independently to be able to view the information stored on that device.
The network makes sharing common resources and accessing information across multiple devices that much more achievable. This is why it is so important that it exists!
To Network Engineers out there, those four simple words evolve into the worst statement ever. My email is not emailing, it’s a network problem; the internet is slow, it’s a network problem; the actors/actresses are not sexy enough in this movie, it’s a network problem…
When is it ever not a network problem??? It’s seems like it’s the easiest area to blame all problems on, right?…probably because it’s this space filled with questions, raised eyebrows and higher grade terminology used deliberately to confuse the weak and befuddle the brave…
Well, I hope to, in this journey you are about to take with me, de-mystify the world of networks for you…at least I hope to try…
What is a network?
A network in the simplest of terms is a group of connected thingymajiggy’s (well known as electronic devices) that share common resources and information. The electronic device can be a laptop, a pc, a printer, a mobile phone, a television, and yes even your fridge. If you haven’t already realised it, you are using the biggest network in the world right now, reading this piece…yes we all love it and call it affectionately “The Internet” / “the world wide web”/ “The Net”.
To hone in the understanding of networks, let us take a smaller look at networking and break this down a bit further.
Let us paint the scenario, shall we…
It’s assignment season…You are armed with your sturdy laptop and you have just finished typing your final year assignment. You click “save”. The little hour glass icon dances around for a bit and bam…just like that, your hard earned effort is loaded into the matrix. But wait, you realise that your lecturer is pretty old school and likes things printed…(i know what you’re thinking, does he recycle? I DON’T KNOW!), either way, you need to print your assignment before its too late to submit. Your printer is connected via cable to your home router (the little box in your house with a couple of cables connected to it and flashing lights). Your laptop is connected to the Home Wifi . Holding breath, dramatic pause…The moment… The assignment needs to get from your laptop to the printer. You click the “print” button….and you slowly turn your gaze onto the printer….and then….silence….that awkward moment when you may very well have a network problem…eeek!
Let us take a break from the scenario to explain the purpose of why networks exist. Computers were invented to capture information, process information and store information. Networks were then invented to share information between the various computers that stored this information. Getting information from one computer/device to another was and still is the sole purpose for the existence of networks till this very day. Information is converted into, what the tech industry calls binary, which is then turned into electrical signals that travel on various types of media like copper cables, fibre cables and no cables (wireless) from one device to the next.
In order to achieve this objective, each device needs to know of the existence of the next device. This is achieved by each device telling every device about its physical address (also known as the MAC or media access control address). The MAC address is essential for information to flow from device to device in a local area network (LAN). When we move beyond the local area network we start getting into the topic of logical addresses also famously known as the IP Address (Internet Protocol Address).
A Local Area Network can be defined as a group of electronic devices connected to the same wired network device or same wireless network name. These network devices have evolved over the years to become more and more intelligent in the way it moves information from one device to another… But that’s another topic for another day…
So when someone says it’s a network problem, I always, this is important, start to grin ever so slightly and respond with the following kind questions:
These very simple questions will often at a 99.9 % success rate always arm the Network Engineer with two very valuable pieces of information, namely:
It’s all very easy from there, if you are the actual network administrator for the network in question. Although, If you don’t already administer the network where the problem occurs, and in most scenarios, this is the case, you may need to follow up those questions with a few more questions, like (Oh, by the way this is when that family member comes to you with their technology problem because they think you know the answer):
There is one important point to take away from this story, which is, there is a very urgent need to separate facts from assumptions and then vitally important to build your understanding of the situation from only the facts of the story. With a keen eye on Networking basics and a clear understanding of the “network problem”, solving it becomes a walk in the park.
I will cover a few network troubleshooting techniques in my next post…stay connected…