Frame relay - is a high-performance WAN protocol that operates at the physical and data link layers of the OSI

reference model. Frame Relay has become the most widely used WAN technology in the world. Large enterprises, ISPs, and small businesses use Frame Relay, because of its price and flexibility. In the late 1970s and into the early 1990s, the WAN technology typically used was the X.25 protocol. Frame Relay DTE to DCE connection: Two components: Physical Layer: Defines the mechanical, electrical, functional, and procedural specifications for the connection.

Data Link Layer: Defines the protocol that establishes the connection between the DTE device (router) and the DCE device (providers switch).

Virtual Circuits - The connection through a Frame Relay network between two DTEs is called a virtual circuit (VC). Two types: Switched (SVC): Dynamic call set up and disappears when done. Permanent (PVC): Preconfigured by the provider and always present.

A DLCI simply identifies a VC to the equipment at an endpoint and is only unique on the physical channel where they reside. Frame Relay is statistically multiplexed. A topology is the map or visual layout of the network. Every network or network segment can be viewed as being one of three topology types: Star ( Hub and Spoke): The simplest WAN topology. A central site that acts as a hub and hosts the primary services.

Full Mesh: A full mesh topology connects every site to every other site. Using leased-line interconnections, additional serial interfaces and lines add costs.

Partial Mesh: For large networks, a full mesh topology is seldom affordable.

Frame Relay Address Mapping Two Methods: Dynamic Address Mapping. - Uses Inverse ARP (IARP). Static Address Mapping.- Override Dynamic IARP mapping by supplying a manual static mapping for the next hop protocol address to a local DLCI.

Local Management Interface (LMI) Three types of LMIs are supported by Cisco routers: Cisco - Original LMI extension Ansi - Corresponding to the ANSI standard T1.617 Annex D q933a - Corresponding to the ITU standard Q933 Annex A

Paying for Frame Relay: Access or port speed: The cost of the access line from the DTE to the DCE (customer to service provider).

Permanent Virtual Circuit (PVC): This cost component is based on the PVCs.

Committed Information Rate (CIR): Customers normally choose a CIR lower than the port speed or access rate (U.S.).

Oversubscription: Service providers sometimes sell more capacity than they have on the assumption that not everyone will demand their entitled capacity all of the time.

Bursting: Because the physical circuits of the Frame Relay network are shared between subscribers, there will often be time where there is excess bandwidth available.

There are two bits that are set on the frame header when congestion occurs.

Forward Explicit Congestion Notification (FECN) Backward Explicit Congestion Notification (BECN) There are two types of Frame Relay subinterfaces: Common Terms: White Hat: An individual who looks for vulnerabilities in systems and reports these so that they can be fixed. Point-to-Point Multipoint

Black Hat: An individual who uses their knowledge to break into systems that they are not authorized to use.

Hacker: A general term that has historically been used to describe a computer programming expert.

Common Terms: Cracker: Someone who tries to gain unauthorized access to network resources with malicious intent.

Phreaker: Individual who manipulates phone network, through a payphone, to make free long distance calls.

Spammer: An individual who sends large quantities of unsolicited e-mail messages.

Phisher: Uses e-mail or other means to trick others into providing information.

Three common factors - Network Security: Vulnerability:

It is the degree of weakness which is inherent in every network and device. Routers, switches, desktops, and servers.

Threats: They are the people interested in taking advantage of each security weakness.

Attack: The threats use a variety of tools, and programs to launch attacks against networks.

Four classes of Physical Threats: Hardware Threat: Physical damage to servers, routers, switches, cabling plant, and workstations.

Environmental Threat: Temperature or humidity extremes.

Electrical Threat: Voltage spikes, insufficient voltage (brownouts), unconditioned power (noise), and total power loss

Maintenance: Poor handling of key electrical components, lack of critical spare parts, poor cabling, and poor labeling.

Phishing: A type of social engineering attack that involves using e-mail in an attempt to trick others into providing sensitive information, such as credit card numbers or passwords.

Types of Network Attacks There are four primary classes of attacks: Reconnaissance - Reconnaissance is the unauthorized discovery and mapping of systems, services, or vulnerabilities. System access- is the ability for an intruder to gain access to a device for which the intruder does not have an account or a password.

Denial of Service - (DoS) is when an attacker disables or corrupts networks, systems, or services with the intent to deny services to intended users. Malicious Code (Worms, Viruses and Trojan Horses) : - Malicious software can be inserted onto a host to damage or corrupt a system, replicate itself, or deny access to networks, systems, or services.

Packet Sniffers: A common method for eavesdropping is to capture TCP/IP or other protocol packets and decode the contents.

Access Attacks: Access attacks exploit vulnerabilities in authentication, FTP, and web to gain entry to accounts, confidential, and sensitive information.

Password Attacks: Packet sniffer to yield user accounts and passwords that are transmitted as clear text.

Trust Exploitation: The goal of a trust exploitation attack is to compromise a trusted host, using it to stage attacks on other hosts in a network.

Port Redirection: Port redirection is a type of trust exploitation attack that uses a compromised host to pass traffic through a firewall. Traffic that would normally be stopped.

Man-in-the-Middle: A man-in-the-middle (MITM) attack is carried out by attackers that manage to position themselves between two legitimate hosts.

Denial-of-Service Attacks: An attacker disables or corrupts networks, systems or services with the intent to deny service to intended users.

Malicious Code Attacks: Worm: Virus: Malicious software that is attached to another program for the purpose of executing a particular unwanted function on a workstation. Executes code and installs copies of itself in the memory of the infected computer, which can, in turn, infect other hosts.

Trojan Horse: Different from a worm or virus only in that the entire application was written to look like something else, when in fact it is an attack tool.

Intrusion Detection and Prevention: Intrusion Detection Systems (IDS): Detect attacks against a network and send logs to a management console.

Intrusion Prevention Systems (IPS): Prevent attacks against the network and should provide the following active defense mechanisms in addition to detection:

CHAPTER 4 part 2
Securing Your Network: Physical: Update the router IOS: Configuration and IOS: Unused Services:

The Cisco Security Device Manager (SDM) is a web-based device management tool designed for configuring LAN, WAN, and security features on Cisco IOS software-based routers. Cisco recommends a four-phase migration process. Plan: Design: Implement: Operate: