SlideShare a Scribd company logo

Zdalna komunikacja sieciowa - zagadnienia sieciowe

A
Agnieszka Kuba

This document discusses remote communication and networking concepts. It covers transmission modes, Ethernet basics, the TCP/IP model including layers, IP addressing and subnets, network devices like routers and firewalls, protocols like TCP, UDP, DNS, DHCP, and VPN technology. Mobile networks including 2G, 3G, 4G and LTE standards are also summarized along with examples of mobile remote access solutions.

Technology
1 of 67
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
Remote communication Understanding communication networks Jörg Brasas
Transmission modes Communication basics
Point-to-point vs. multipoint Communication basics
Ethernet Basics
Standardized as IEEE 802.3x Max. 100m between two devices Transmission speed 10/100/1000MBit/s Tree-Topology with active point-to-point connections Twisted pair cable with RJ-45 connector Ethernet
The TCP/IP four layer model
 4 The Application layer defines TCP/IP application protocols. All higher network protocols are situated here e.g.: HTTP, DNS, DHCP, RDP…  3 Transport Layer Manages packets between different networks. All devices get an IP to be distinguished from each other. TCP, UDP are on this Layer 3.  2 Internet Layer Layer 2 are the MAC addresses. Information is divided into packets, senders and receivers are defined, so first basic transmission within a subnet can start here.  1 Network Access Layer Layer 1 stands for the cable and power. The TCP/IP four layer model
 IP addresses have to be unique in each network segment  To address network participants Device IP192.168.1.254/24  To divide network into different subnets Network IP 192.168.1.0/24  Not allowed: the first and the last IP of a network are .0 is the description of the network .255 is always used for broadcasts. Subnet IP IP (Internet Protocol IPv4) Layer 3
 Subnet masks  Example: 192.168.10.0/24 defines a subnet that ranges from 192.168.10.1 to 192.168.10.254. The IP „.0“ and „.255“ are reserved  Example: 192.168.10.0/30 defines a subnet that ranges from 192.168.10.1 to 192.168.10.2 offering space for 2 IP devices. “.0” is the subnet ID and the broadcast IP now is 192.168.10.3  Check http://www.subnet-calculator.com/ IP (Internet Protocol IPv4) Layer 3 CIDR notation Dot. Decimal Number of available: host IPs No. subnets /16 255.255.0.0 65534 - /24 255.255.255.0 254 1 /25 255.255.255.128 126 2 /26 255.255.255.192 62 4 /28 255.255.255.240 14 14 /30 255.255.255.252 2 128
 Private IP ranges  DHCP Fallback network  Local Network  Own PC loopback address 127.0.0.1 IP special subnets 10.0.0.0 / 8 10.0.0.0 to 10.255.255.255 Network for private use 172.16.0.0 / 12 172.16.0.0 to 172.31.255.255 Network for private use 192.168.0.0 / 16 192.168.0.0 to 192.168.255.255 Network for private use 169.254.0.0 / 16 169.254.0.0 to 169.254.255.255 DHCP Fallback IP range 127.0.0.0 / 8 172.0.0.0 to 172.255.255.255 Local Network
Switches and bridges
Connects two different networks Knows all IP addresses in his subnet Is Default Gateway Router Router 212.118.95.204 192.168.10.1 Internal / local area Network (LAN) 192.168.10.0/24 External Network
Router inside the local network (LAN) Router Office production network Machine network 192.168.10.0/24 192.168.20.0/28 Internet Router Firewall mGuard WAN IP: 192.168.10.254 LAN IP: 192.168.20.1
Direct communication inside a subnet but Communication outside the own subnet using a Default Gateway Routers handle all traffic from inside subnet to outside subnets and vice versa. Default Gateway
Designed to block unauthorized access while permitting authorized communications based on user-defined rules Firewall Internet LAN WAN Incoming Outgoing
Firewall Stateful Packet Inspection (SPI) Connection Tracking Table Internet LAN WAN Request from Port 1065 Request to Port 1065 Reply from Port 1065 Reply to Port 1065
TCP (Transmission Control Protocol) Layer 4 establishes a connection on a specific port between sender and receiver receiver needs to acknowledge each received package UDP (User Datagram Protocol) Layer 4 connectionless protocol; no proof if packets have been transmitted successfully. UDP is much faster than TCP Examples: Voice-over-IP, Video, Web radio TCP and UDP Protocols
Ports allow different network applications running on the same device to distinguish the traffic Ports for incoming connections are opened by a server which listens then for incoming connections Ports Server 10.10.1.254 84.58.39.58 : Port 21 10.10.1.11 file transfer 84.58.39.58 : Port 25 10.10.1.11 Email send 84.58.39.58 : Port 110 10.10.1.11 Email receive 10.10.1.11 Router Internet IP 84.58.39.58
Standard ports and services
Port 53 UDP DNS Server offers a large library of IP addresses and their expression as regular web side DNS uses a specific-to-general naming scheme for domain names The root domain is . (“dot”) DNS (Domain Name Services)
Port 67,68, UDP A DHCP client connected to the network it immediately starts sending UPD broadcast (.255) packets The DHCP server will answer by giving the device an IP DHCP (Dynamic Host Configuration Protocol) 1 2 43
NAT is modifying IP address information in IPv4 headers while in transit across a traffic routing device Hide an entire (private) IP address space behind a single (public) internet IP address  NAT provides a one-to-one translation of IP addresses to interconnect two IP networks that have incompatible addressing Network address translation (NAT)
Applications for NAT Production floor network 10.10.0.0 / 16 Internet Machine #1 172.16.1.0 / 24 Machine #2 172.16.1.0 / 24 Machine #3 172.16.1.0 / 24
1:1 NAT Internet Machine #1 172.16.1.0 / 24 Machine #2 172.16.1.0 / 24 Machine #3 172.16.1.0 / 24 Network operator 10.10.0.0 / 16 10.10.1.0 /24 10.10.2.0/24 10.10.3.0/24
Portforwarding is like a hole in a wall Is a direct link to a single device It is limited to max. one internal IP for each port. Traffic from the outside addressing the outside IP is directly transferred to the configured IP behind the NAT router. Note: There are no Firewall rules which could secure a forwarded port. Portforwarding on a NAT-Router
Port Forwarding Router External IP 81.7.12.96 Internal net 10.10.1.0/24 10.10.1.13 10.10.1.11 HTTP Web Server 201.87.11.2 Router configuration (Port Forwarding): From IP: 201.87.11.2 on Port: 80 Forward to IP: 10.10.1.13 on Port: 80 From IP: 201.87.11.2 on Port: 125 Forward to IP: 10.10.1.15 on Port: 125 Request Web http://81.7.12.96: 80 -> Web Server Request Email smtp://81.7.12.96:125-> Mail Server Remark: Always assign the external router IP and not the internal devices IP! 10.10.1.15 SMTP Mail Server Port forwardings allow single or all network particiants to reach a specific device behind a NAT directly on one or more specific ports. Port forwardings allow direct connection between devices. Port: 80 Port: 125 DMZ
DMZ – Lower security area within corporate networks Demilitarized zone (DMZ) Internet LAN (Office) LAN (Production) Firewall Firewall DMZ Router Server Intranet / LAN
Private computer network in an additional software layer on top of existing public network IPSec A protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet Virtual Private Network (VPN)
Virtual Private Network (VPN) Internet Machine Manufacturer Operator Network Encryption Decryption Encrypted Data
OPC VPN connection Secure Unsecure Secure VPN connection Secure remote communication
mGuard firewall secures VPN connections protects both communicating parties if one of them is attacked OPC VPN connection Secure mGuard firewall secures VPN connections
I: ISAKMP SA (key exchange) II: IPsec SA (data exchange)  Phase I (ISAKMP SA or IKE SA key exchnage) - Authentication of VPN gateways - Negotiating of encryption code to secure phase II  Phase II (IPsec SA: data exchange) - IPsec connection parameters VPN communication phases Internet
Authentication with X.509 certificates Asymmetric Encryption with a pair of keys (private and public key) VPN communication
Certificates … to authenticate the VPN endpoints
… with XCA http://xca.sourceforge.net Creating a certificate
VPN Remote access Internet 3G network Service team 19“ FL MGUARD
Connection test with ping to check whether a network device is reachable or not Type „ping“ followed by the IP or host name of the device Tools: ping
Tools: tracert More detailed connection testing with tracert; tracert allows to see which gateways were passed. So the last working gateway can be easily determined.
Tools: ipconfig Network Adapter Information with IPConfig Ipconfig /all shows detailed information on the network adapters of a PC
Jörg Brasas Workshop
mGuard firewall secures VPN connections protects both communicating parties if one of them is attacked OPC VPN connection Secure mGuard firewall secures VPN connections
Remote service with VPN Machine Service 1. Configure mGuards 2. Create a Certificate 3. VPN-Connection configuration 3a. Central 3b. Machine How can I maintenace the machine? Machine
Mobile networks: … no wires!
GSM Global System for Mobile Communications 1. Voice (primary) 2. Data (secondary) CSD = Circuit Switching Data UMTS/HSPA+ Universal Mobile Telecommunications System/ High Speed Packet Access Packet Data Network GPRS/EDGE General Packet Radio Service/ Enhanced Data Rates for GSM Evolution Packet Data Network 1G 2G 2.5G 3G 4G 1986 1991 GPRS 2000 UMTS 2000 2010 EDGE 2006 HSPA 2008 History LTE Long Term Evolution
Lte = Long term evolution for UMTS 4th generation mobile network of 3GPP (3rd Generation Partnership Project) Successor of UMTS/HSDPA+ All IP network Worldwide available Lte
Lte worldwide
2G GSM/GPRS/EDGE 3G UMTS/HSPA 4G LTE T-Mobile Stand 03/2014
2G 3G 4G vodafone Stand 03/2014
Worldwide available Check at http://maps.mobileworldlive.com
Poland http://maps.mobileworldlive.com/network.php?cid=30&cname=Poland
Poland http://maps.mobileworldlive.com/network.php?cid=30&cname=Poland
Consumer Technology Mobile Communication
SMS
SMS Short message service Mobile Data Communication Short message service center
IP Communication GPRS/EDGE and UMTS/HSPA+ Mobile Data Communication
Mobile Data Communication
… must start in the mobile network Mobile Data Communication
Mobile Data Communication
Access Point APN Mobile Data Communication Private APN Public Web APN
Application examples Water supply Water cleaning Transportation Process industry Building automation Decentralized power generation Energy distribution
As a service for the end customer Easy installation only if required Reliable remote Ethernet access Designed for international use Mobile remote access via VPN Internet Mobile network Service team internal FL MGUARD DELTA2
Temporary remote access to control systems of door drives
VPN on demand Remote access via IPSec VPN tunnel Complete solution: mGuard Blade and mobile router Remote access for customer Internet 3G network End customer Service team 19“ FL MGUARD
Remote access to solar inverters
Secure communication via VPN Secure remote link to Ethernet networks Live video as an option International use Internet 3G network
Speeding cameras
Secure communication via VPN Secure communiaction solution Private network inside the mobile network High bandwidth Private APN Public Web APN

More Related Content

PDF
Step by Step guide to set up a simple network in Packet Tracer
Sorath Asnani
 
PPT
Networking basics
Sridhar Baithi
 
PPT
Training Day Slides
adam_merritt
 
PPTX
CCNA ppt Day 3
VISHNU N
 
PPTX
CCNA ppt Day 1
VISHNU N
 
PPTX
Ccna pres
Danish Nauman
 
PPTX
Basic to advance protocols
Varinder Singh Walia
 
DOCX
Packet tracer practical guide
Nishant Gandhi
 
Step by Step guide to set up a simple network in Packet Tracer
Sorath Asnani
 
Networking basics
Sridhar Baithi
 
Training Day Slides
adam_merritt
 
CCNA ppt Day 3
VISHNU N
 
CCNA ppt Day 1
VISHNU N
 
Ccna pres
Danish Nauman
 
Basic to advance protocols
Varinder Singh Walia
 
Packet tracer practical guide
Nishant Gandhi
 

What's hot (20)

PDF
designandimplementanetwork
Adi Fang
 
PDF
CCNA 200-120 Exam Quick Notes
Eng. Emad Al-Atoum
 
PPTX
IP Addressing and Subnetting
Atakan ATAK
 
PDF
CCNA Dec, 2015 Questions
Eng. Emad Al-Atoum
 
PPT
Packet tracer
Imdad Ullah
 
PDF
Computer Networking Lab File
Nitin Bhasin
 
PPTX
Virtual Local Area Network
Atakan ATAK
 
PPTX
Well known protocols port numbers
Varinder Singh Walia
 
PPTX
Networking basics and basic cisco commands
Krishna Mohan
 
PPTX
How to make a simple application on packet tracer
Federal Urdu University of Arts,Science and technology
 
PPT
UCL
Janak Chandarana
 
PDF
CCNA 200-120 Exam Questions
Eng. Emad Al-Atoum
 
PPTX
CCNA ALL IN ONE
Sripati Mahapatra
 
PPT
Test
sinha.mrinal
 
DOCX
CCNA Packet Tracer 1.6.1
Rafat Khandaker
 
PDF
Ccent notes part 1
ahmady
 
PDF
Ccna cheat sheet
aromal4frnz
 
PDF
Basic ccna interview questions and answers ~ sysnet notes
Vamsi Krishna Kalavala
 
PDF
Networking
Tarun Jaiswal
 
PDF
Ccnav5.org ccna 1-v50_itn_practice_final_exam_answers
Đồng Quốc Vương
 
designandimplementanetwork
Adi Fang
 
CCNA 200-120 Exam Quick Notes
Eng. Emad Al-Atoum
 
IP Addressing and Subnetting
Atakan ATAK
 
CCNA Dec, 2015 Questions
Eng. Emad Al-Atoum
 
Packet tracer
Imdad Ullah
 
Computer Networking Lab File
Nitin Bhasin
 
Virtual Local Area Network
Atakan ATAK
 
Well known protocols port numbers
Varinder Singh Walia
 
Networking basics and basic cisco commands
Krishna Mohan
 
How to make a simple application on packet tracer
Federal Urdu University of Arts,Science and technology
 
UCL
Janak Chandarana
 
CCNA 200-120 Exam Questions
Eng. Emad Al-Atoum
 
CCNA ALL IN ONE
Sripati Mahapatra
 
Test
sinha.mrinal
 
CCNA Packet Tracer 1.6.1
Rafat Khandaker
 
Ccent notes part 1
ahmady
 
Ccna cheat sheet
aromal4frnz
 
Basic ccna interview questions and answers ~ sysnet notes
Vamsi Krishna Kalavala
 
Networking
Tarun Jaiswal
 
Ccnav5.org ccna 1-v50_itn_practice_final_exam_answers
Đồng Quốc Vương
 
Ad

Similar to Zdalna komunikacja sieciowa - zagadnienia sieciowe (20)

PPTX
16.) layer 3 (basic tcp ip routing)
Jeff Green
 
PDF
Tcpip Intro
Adil Jafri
 
PPTX
ComNet-Ethernet101.GW (1) routing and switching.pptx
azkamurat
 
PPT
Firewall
Manikyala Rao
 
PPTX
Cisco networking and protocals ccna.pptx
PranavToksha1
 
PPT
Firewalls
hemantag
 
PPT
FEGTS IP training - TCP/IP Introduction
Kae Hsu
 
PPT
Fundamentals of Networking
Israel Marcus
 
PDF
Free CCNA workbook by networkers home pdf
Networkershome
 
PPT
Aspects Stratégiques des Réseaux
Eric Vyncke
 
PDF
class12_Networking2
T. J. Saotome
 
ODP
Networking in Gnu/Linux
Ahmed Mekkawy
 
PPT
TCP/IP Basics
SMC Networks Europe
 
PPT
Networking 101
webhostingguy
 
PPT
Networking 101
webhostingguy
 
PPT
Networking 101
webhostingguy
 
PPT
Networking 101
webhostingguy
 
PPTX
TCP/IP Protocol Architeture
Manoj Kumar
 
DOCX
GREAT MINDS
Sione Taukinukufili
 
PPTX
IP fundamentals
sumit singh
 
16.) layer 3 (basic tcp ip routing)
Jeff Green
 
Tcpip Intro
Adil Jafri
 
ComNet-Ethernet101.GW (1) routing and switching.pptx
azkamurat
 
Firewall
Manikyala Rao
 
Cisco networking and protocals ccna.pptx
PranavToksha1
 
Firewalls
hemantag
 
FEGTS IP training - TCP/IP Introduction
Kae Hsu
 
Fundamentals of Networking
Israel Marcus
 
Free CCNA workbook by networkers home pdf
Networkershome
 
Aspects Stratégiques des Réseaux
Eric Vyncke
 
class12_Networking2
T. J. Saotome
 
Networking in Gnu/Linux
Ahmed Mekkawy
 
TCP/IP Basics
SMC Networks Europe
 
Networking 101
webhostingguy
 
Networking 101
webhostingguy
 
Networking 101
webhostingguy
 
Networking 101
webhostingguy
 
TCP/IP Protocol Architeture
Manoj Kumar
 
GREAT MINDS
Sione Taukinukufili
 
IP fundamentals
sumit singh
 
Ad

Recently uploaded (20)

PDF
Oracle AI Vector Search- Getting Started and what's new in 2025- AIOUG Yatra ...
Sandesh Rao
 
PDF
Doc9.....................................
SofiaCollazos
 
PDF
REPORT: Heating appliances market in Poland 2024
SPIUG
 
PDF
AI Unleashed - Shaping the Future -Starting Today - AIOUG Yatra 2025 - For Co...
Sandesh Rao
 
PDF
Trying to figure out MCP by actually building an app from scratch with open s...
Julien SIMON
 
PDF
Data_Analytics_vs_Data_Science_vs_BI_by_CA_Suvidha_Chaplot.pdf
CA Suvidha Chaplot
 
PDF
MASTERDECK GRAPHSUMMIT SYDNEY (Public).pdf
Neo4j
 
PPTX
IoT Sensor Integration 2025 Powering Smart Tech and Industrial Automation.pptx
Rejig Digital
 
PDF
How Open Source Changed My Career by abdelrahman ismail
a0m0rajab1
 
PPTX
Coupa-Overview _Assumptions presentation
annapureddyn
 
PDF
A Day in the Life of Location Data - Turning Where into How.pdf
Precisely
 
PDF
Presentation about Hardware and Software in Computer
snehamodhawadiya
 
PDF
This slide provides an overview Technology
mineshkharadi333
 
PDF
Tea4chat - another LLM Project by Kerem Atam
a0m0rajab1
 
PDF
BLW VOCATIONAL TRAINING SUMMER INTERNSHIP REPORT
codernjn73
 
PDF
Using Anchore and DefectDojo to Stand Up Your DevSecOps Function
Anchore
 
PDF
Brief History of Internet - Early Days of Internet
sutharharshit158
 
PPTX
ChatGPT's Deck on The Enduring Legacy of Fax Machines
Greg Swan
 
PDF
Advances in Ultra High Voltage (UHV) Transmission and Distribution Systems.pdf
Nabajyoti Banik
 
PDF
Beyond Automation: The Role of IoT Sensor Integration in Next-Gen Industries
Rejig Digital
 
Oracle AI Vector Search- Getting Started and what's new in 2025- AIOUG Yatra ...
Sandesh Rao
 
Doc9.....................................
SofiaCollazos
 
REPORT: Heating appliances market in Poland 2024
SPIUG
 
AI Unleashed - Shaping the Future -Starting Today - AIOUG Yatra 2025 - For Co...
Sandesh Rao
 
Trying to figure out MCP by actually building an app from scratch with open s...
Julien SIMON
 
Data_Analytics_vs_Data_Science_vs_BI_by_CA_Suvidha_Chaplot.pdf
CA Suvidha Chaplot
 
MASTERDECK GRAPHSUMMIT SYDNEY (Public).pdf
Neo4j
 
IoT Sensor Integration 2025 Powering Smart Tech and Industrial Automation.pptx
Rejig Digital
 
How Open Source Changed My Career by abdelrahman ismail
a0m0rajab1
 
Coupa-Overview _Assumptions presentation
annapureddyn
 
A Day in the Life of Location Data - Turning Where into How.pdf
Precisely
 
Presentation about Hardware and Software in Computer
snehamodhawadiya
 
This slide provides an overview Technology
mineshkharadi333
 
Tea4chat - another LLM Project by Kerem Atam
a0m0rajab1
 
BLW VOCATIONAL TRAINING SUMMER INTERNSHIP REPORT
codernjn73
 
Using Anchore and DefectDojo to Stand Up Your DevSecOps Function
Anchore
 
Brief History of Internet - Early Days of Internet
sutharharshit158
 
ChatGPT's Deck on The Enduring Legacy of Fax Machines
Greg Swan
 
Advances in Ultra High Voltage (UHV) Transmission and Distribution Systems.pdf
Nabajyoti Banik
 
Beyond Automation: The Role of IoT Sensor Integration in Next-Gen Industries
Rejig Digital
 

Zdalna komunikacja sieciowa - zagadnienia sieciowe

  • 5. Standardized as IEEE 802.3x Max. 100m between two devices Transmission speed 10/100/1000MBit/s Tree-Topology with active point-to-point connections Twisted pair cable with RJ-45 connector Ethernet
  • 6. The TCP/IP four layer model
  • 7.  4 The Application layer defines TCP/IP application protocols. All higher network protocols are situated here e.g.: HTTP, DNS, DHCP, RDP…  3 Transport Layer Manages packets between different networks. All devices get an IP to be distinguished from each other. TCP, UDP are on this Layer 3.  2 Internet Layer Layer 2 are the MAC addresses. Information is divided into packets, senders and receivers are defined, so first basic transmission within a subnet can start here.  1 Network Access Layer Layer 1 stands for the cable and power. The TCP/IP four layer model
  • 8.  IP addresses have to be unique in each network segment  To address network participants Device IP192.168.1.254/24  To divide network into different subnets Network IP 192.168.1.0/24  Not allowed: the first and the last IP of a network are .0 is the description of the network .255 is always used for broadcasts. Subnet IP IP (Internet Protocol IPv4) Layer 3
  • 9.  Subnet masks  Example: 192.168.10.0/24 defines a subnet that ranges from 192.168.10.1 to 192.168.10.254. The IP „.0“ and „.255“ are reserved  Example: 192.168.10.0/30 defines a subnet that ranges from 192.168.10.1 to 192.168.10.2 offering space for 2 IP devices. “.0” is the subnet ID and the broadcast IP now is 192.168.10.3  Check http://www.subnet-calculator.com/ IP (Internet Protocol IPv4) Layer 3 CIDR notation Dot. Decimal Number of available: host IPs No. subnets /16 255.255.0.0 65534 - /24 255.255.255.0 254 1 /25 255.255.255.128 126 2 /26 255.255.255.192 62 4 /28 255.255.255.240 14 14 /30 255.255.255.252 2 128
  • 10.  Private IP ranges  DHCP Fallback network  Local Network  Own PC loopback address 127.0.0.1 IP special subnets 10.0.0.0 / 8 10.0.0.0 to 10.255.255.255 Network for private use 172.16.0.0 / 12 172.16.0.0 to 172.31.255.255 Network for private use 192.168.0.0 / 16 192.168.0.0 to 192.168.255.255 Network for private use 169.254.0.0 / 16 169.254.0.0 to 169.254.255.255 DHCP Fallback IP range 127.0.0.0 / 8 172.0.0.0 to 172.255.255.255 Local Network
  • 12. Connects two different networks Knows all IP addresses in his subnet Is Default Gateway Router Router 212.118.95.204 192.168.10.1 Internal / local area Network (LAN) 192.168.10.0/24 External Network
  • 13. Router inside the local network (LAN) Router Office production network Machine network 192.168.10.0/24 192.168.20.0/28 Internet Router Firewall mGuard WAN IP: 192.168.10.254 LAN IP: 192.168.20.1
  • 14. Direct communication inside a subnet but Communication outside the own subnet using a Default Gateway Routers handle all traffic from inside subnet to outside subnets and vice versa. Default Gateway
  • 15. Designed to block unauthorized access while permitting authorized communications based on user-defined rules Firewall Internet LAN WAN Incoming Outgoing
  • 16. Firewall Stateful Packet Inspection (SPI) Connection Tracking Table Internet LAN WAN Request from Port 1065 Request to Port 1065 Reply from Port 1065 Reply to Port 1065
  • 17. TCP (Transmission Control Protocol) Layer 4 establishes a connection on a specific port between sender and receiver receiver needs to acknowledge each received package UDP (User Datagram Protocol) Layer 4 connectionless protocol; no proof if packets have been transmitted successfully. UDP is much faster than TCP Examples: Voice-over-IP, Video, Web radio TCP and UDP Protocols
  • 18. Ports allow different network applications running on the same device to distinguish the traffic Ports for incoming connections are opened by a server which listens then for incoming connections Ports Server 10.10.1.254 84.58.39.58 : Port 21 10.10.1.11 file transfer 84.58.39.58 : Port 25 10.10.1.11 Email send 84.58.39.58 : Port 110 10.10.1.11 Email receive 10.10.1.11 Router Internet IP 84.58.39.58
  • 19. Standard ports and services
  • 20. Port 53 UDP DNS Server offers a large library of IP addresses and their expression as regular web side DNS uses a specific-to-general naming scheme for domain names The root domain is . (“dot”) DNS (Domain Name Services)
  • 21. Port 67,68, UDP A DHCP client connected to the network it immediately starts sending UPD broadcast (.255) packets The DHCP server will answer by giving the device an IP DHCP (Dynamic Host Configuration Protocol) 1 2 43
  • 22. NAT is modifying IP address information in IPv4 headers while in transit across a traffic routing device Hide an entire (private) IP address space behind a single (public) internet IP address  NAT provides a one-to-one translation of IP addresses to interconnect two IP networks that have incompatible addressing Network address translation (NAT)
  • 23. Applications for NAT Production floor network 10.10.0.0 / 16 Internet Machine #1 172.16.1.0 / 24 Machine #2 172.16.1.0 / 24 Machine #3 172.16.1.0 / 24
  • 24. 1:1 NAT Internet Machine #1 172.16.1.0 / 24 Machine #2 172.16.1.0 / 24 Machine #3 172.16.1.0 / 24 Network operator 10.10.0.0 / 16 10.10.1.0 /24 10.10.2.0/24 10.10.3.0/24
  • 25. Portforwarding is like a hole in a wall Is a direct link to a single device It is limited to max. one internal IP for each port. Traffic from the outside addressing the outside IP is directly transferred to the configured IP behind the NAT router. Note: There are no Firewall rules which could secure a forwarded port. Portforwarding on a NAT-Router
  • 26. Port Forwarding Router External IP 81.7.12.96 Internal net 10.10.1.0/24 10.10.1.13 10.10.1.11 HTTP Web Server 201.87.11.2 Router configuration (Port Forwarding): From IP: 201.87.11.2 on Port: 80 Forward to IP: 10.10.1.13 on Port: 80 From IP: 201.87.11.2 on Port: 125 Forward to IP: 10.10.1.15 on Port: 125 Request Web http://81.7.12.96: 80 -> Web Server Request Email smtp://81.7.12.96:125-> Mail Server Remark: Always assign the external router IP and not the internal devices IP! 10.10.1.15 SMTP Mail Server Port forwardings allow single or all network particiants to reach a specific device behind a NAT directly on one or more specific ports. Port forwardings allow direct connection between devices. Port: 80 Port: 125 DMZ
  • 27. DMZ – Lower security area within corporate networks Demilitarized zone (DMZ) Internet LAN (Office) LAN (Production) Firewall Firewall DMZ Router Server Intranet / LAN
  • 28. Private computer network in an additional software layer on top of existing public network IPSec A protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet Virtual Private Network (VPN)
  • 29. Virtual Private Network (VPN) Internet Machine Manufacturer Operator Network Encryption Decryption Encrypted Data
  • 30. OPC VPN connection Secure Unsecure Secure VPN connection Secure remote communication
  • 31. mGuard firewall secures VPN connections protects both communicating parties if one of them is attacked OPC VPN connection Secure mGuard firewall secures VPN connections
  • 32. I: ISAKMP SA (key exchange) II: IPsec SA (data exchange)  Phase I (ISAKMP SA or IKE SA key exchnage) - Authentication of VPN gateways - Negotiating of encryption code to secure phase II  Phase II (IPsec SA: data exchange) - IPsec connection parameters VPN communication phases Internet
  • 33. Authentication with X.509 certificates Asymmetric Encryption with a pair of keys (private and public key) VPN communication
  • 36. VPN Remote access Internet 3G network Service team 19“ FL MGUARD
  • 37. Connection test with ping to check whether a network device is reachable or not Type „ping“ followed by the IP or host name of the device Tools: ping
  • 38. Tools: tracert More detailed connection testing with tracert; tracert allows to see which gateways were passed. So the last working gateway can be easily determined.
  • 39. Tools: ipconfig Network Adapter Information with IPConfig Ipconfig /all shows detailed information on the network adapters of a PC
  • 41. mGuard firewall secures VPN connections protects both communicating parties if one of them is attacked OPC VPN connection Secure mGuard firewall secures VPN connections
  • 42. Remote service with VPN Machine Service 1. Configure mGuards 2. Create a Certificate 3. VPN-Connection configuration 3a. Central 3b. Machine How can I maintenace the machine? Machine
  • 43. Mobile networks: … no wires!
  • 44. GSM Global System for Mobile Communications 1. Voice (primary) 2. Data (secondary) CSD = Circuit Switching Data UMTS/HSPA+ Universal Mobile Telecommunications System/ High Speed Packet Access Packet Data Network GPRS/EDGE General Packet Radio Service/ Enhanced Data Rates for GSM Evolution Packet Data Network 1G 2G 2.5G 3G 4G 1986 1991 GPRS 2000 UMTS 2000 2010 EDGE 2006 HSPA 2008 History LTE Long Term Evolution
  • 45. Lte = Long term evolution for UMTS 4th generation mobile network of 3GPP (3rd Generation Partnership Project) Successor of UMTS/HSDPA+ All IP network Worldwide available Lte
  • 47. 2G GSM/GPRS/EDGE 3G UMTS/HSPA 4G LTE T-Mobile Stand 03/2014
  • 49. Worldwide available Check at http://maps.mobileworldlive.com
  • 53. SMS
  • 54. SMS Short message service Mobile Data Communication Short message service center
  • 55. IP Communication GPRS/EDGE and UMTS/HSPA+ Mobile Data Communication
  • 57. … must start in the mobile network Mobile Data Communication
  • 59. Access Point APN Mobile Data Communication Private APN Public Web APN
  • 60. Application examples Water supply Water cleaning Transportation Process industry Building automation Decentralized power generation Energy distribution
  • 61. As a service for the end customer Easy installation only if required Reliable remote Ethernet access Designed for international use Mobile remote access via VPN Internet Mobile network Service team internal FL MGUARD DELTA2
  • 62. Temporary remote access to control systems of door drives
  • 63. VPN on demand Remote access via IPSec VPN tunnel Complete solution: mGuard Blade and mobile router Remote access for customer Internet 3G network End customer Service team 19“ FL MGUARD
  • 64. Remote access to solar inverters
  • 65. Secure communication via VPN Secure remote link to Ethernet networks Live video as an option International use Internet 3G network
  • 67. Secure communication via VPN Secure communiaction solution Private network inside the mobile network High bandwidth Private APN Public Web APN