Active Directory DNS Records

When a computer that is part of a domain using Active Directory integrated DNS boots up it queries the Service Record ( SRV) from a Domain Name System ( DNS) server to locate the nearest domain controller. DNS basically enables the translation of IP addresses into Fully Qualified Domain Names (FQDNs).

So instead of contacting a host through its IP address you can just type in a name like somesite.com which is a lot easier to remember for humans than let’s say 158.56.23.45 which of course is an IP address.

DNS plays a major role in Active Directory and can be used to run independently on a perimeter network.

All DNS communication – whether it be on your internal network or the Internet – always uses UDP port 53.

The root of the DNS hierarchy is the dot (.) after which you have the .com, .biz, .net, .info and other suffixes.

Active Directory Domain Name Resolution

Active Directory heavily relies on DNS to match IP addresses to names. DNS therefore provides host records contained in zones specifying a given name resolution for a specific namespace.

DNS and Active Directory – IPv6 Addresses

IPv6 addresses are made up of 128 bits which gives us a lot more addresses than the 32-bit IP4 range that has almost been depleted or used up globally. IPv6 uses 8 16-bit pieces in a hexadecimal format. This should enable us to support addressing on the Internet for a long time.

•    Link-Local – FE80:: – Similar to IPv4 APIPA addresses that get allocated when no DHCP server can be contacted
•    Site-Local – FEC0:: -  Equivalent to IPv4 internal addresses such as 10.0.0.0/8, 172.16.0.0/12 and 192.168.0.0/16
•    Loopback – ::1 – Similar to 127.0.0.1 in IPv4
•    Unspecified – :: – Comparable to 0.0.0.0 in IPv4 and thus indicating an absence of address
•    Global Unicast – Unique addresses that are routable on the Internet

Active Directory DNS Setup – Peer Name Resolution Protocol (PNRP)

The Peer Name Resolution Protocol (PNRP) relies on peer systems to resolve computer names in Windows 7 and Server 2008 R2. This means, that unlike DNS there is no hierarchical structure as each server or computer holds a record for the name to be resolved. The computer just contacts all other computers or servers until it gets an authorative answer thereby greatly improving the security risk of a single-point DNS server failing.

DNS in Active Directory – Global Names Zone (GNZ)

Replaces WINS but must be configured manually and is only suitable when you have a small number of clients to handle. Useful for older applications that cannot work with the more complex FQDN structure. If a multitude of applications or users require single-name resolution then WINS will have to be implemented.

Active Directory DNS Structures

•    Dynamic DNS servers – Default mode when running DCpromo or when installing an AD integrated DNS server. DDNS enables computers and devices to self-register in Active Directory as long as these devices or computers belong to a known entity within AD

•    Read-Write DNS Servers – Usually a primary DNS server that is deployed in perimeter networks and will accept writes from trusted sources

•    Read-Only DNS Servers – Primarily secondary DNS servers that hold a read-only copy of the primary DNS server.

In Windows 2008 we also have the read-only domain controller (RODC) which runs primary read-only zones when integrated in AD DS.

Remember that RODCs provide a copy of the primary zone whereas traditionally  read-only zones are secondary  zones

•    Stub Zones – Contains pointers to other DNS servers

Active Directory DNS Namespaces

It is considered best practices to use different extensions for your internal and external network such as .com for external and maybe .local for you internal network. The segregation of your internal network from the Internet is commonly called Splt-Brain DNS.
For more information on split-brain DNS setups, go to
http://technet.microsoft.com/en-us/library/ee382323(WS.10).aspx

Active Directory DNS Delegation

When you create a domain tree in an existing forest you have to manually configure delegation before the root tree is created. This is because the name of the domain tree is different from the forest root domain. If however you create a child domain in the same forest this process is automated for the same reasons.

Active Directory DNS – Windows Server 2008 R2

DNS Security Extensions

DNS Security Extensions (DNSSEC) provides additional security to spoofing, man-in-the-middle and cache poisoning attacks It uses digitally signed signatures to send its records. To enable DNSSES you will need to edit the registry.
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=7a005a14-f740-4689-8c43-9952b5c3d36f&displaylang=en

Active Directory DNS Cache Locking

DNS Cache Locking prevents malicious users to poison the DNS cache in order to redirect queries to their servers. In Windows Server 2008 the cache cannot be overwritten until its TTL has expired. TTL  Settings can be changed by running the command dnscmd /Config /CacheLockingPercent percentvalue

Active Directory DNS Socket Pool

When DNS Socket Pools are in use with Windows Server 2008 random ports get picked to perform DNS queries. This protects against attackers and randomizes the ports used. Socket Pools can be configured by editing the registry.

Active Directory DNS Devolution

For more information on devolution behaviour in Windows Server 2008 R2 and Windows 7,
go to http://technet.microsoft.com/en-us/library/ee683928%28WS.10%29.aspx

Active Directory Without DNS – Background Zone Loading

Whenever an AD DS integrated DNS server holds a large number of zones and records, it needs to load all that data before servicing requests. Background loading enables the server to start processing requests while loading its zone data.

Group Policy Management in Windows Server 2008 R2

Windows Group Policy management consists of  a setting for defining the configuration, a scope to define the users or computers the policy applies to and finally an application which enforces these settings within the scope. Group Policy is a part of Active Directory and allows you to centrally manage clients and servers alike.

AD Group Policy Management and Group Policy Objects (GPOs)

A Group Policy Object contains one or more policy settings enabling it to apply these configuration settings to a user or computer. GPOs can be managed and created in Active Directory through the use of the Group Policy Management Console (GPMC). You can link a GPO to a site, domain or OU which thereby defines its scope.

Two types of filters for narrowing the scope are security filters which apply to specific global security groups as well as Windows Management Instrumentation (WMI) filters which are linked to the characteristics of the operating system (OS).

Windows Server 2008 comes with a third filter called Preferences.

Install Group Policy Management – Group Policy Configuration

Group Policy is applied to users and/or computers and has 3 states – Not configured, enabled or disabled. The standard setting for a new GPO is Not Configured which means that the policy has no effect on the existing configuration.  It is only by enabling or disabling that you make changes to the existing configuration of a computer or user.

Some policies only affect certain editions of Windows so be sure to read the policy settings explanatory text in the Group Policy Management Editor detail pane.

Group Policy Client-Side Extensions (CSEs)

Several dozen CSEs, such as security CSEs, CSEs that install software or others that process startup and logon scripts, are present in Windows now. They all are client driven and pull the GPO from the domain as opposed to a server driven, push technology triggering the CSE to apply theGPO settings on the client.

Standard CSE behavior is to only apply settings in a GPO if that GPO has changed to eliminate the need for redundant policy processing. Some settings could however be changed on the client computer especially if the user has local administrator rights. If this is the case, consider using CSEs that reapply policy settings at the next Group Policy refresh even when policy settings have not changed.

The only exception to this rule are Security CSEs which are reapplied every 16 hours by default even if a GPO has not changed. Group Policy Refresh happens every 90 minutes to 120 minutes thereafter and can be forced by running the command Gpupdate /force.
Resultant Set of Policy (RSOP)

Advanced Group Policy Management

Computers and users are likely to be within the scope of multiple GPOs linked to the specific site or domain they belong to. RSOP allows you to view the effective policies of these combined GPOs much like effective permissions when dealing with folder rights.

Local GPOs

Starting from Windows 2000 all clients contain at least one local GPO where all policies – except the Security Settings – are set to Not Configured. Once the computer becomes part of a domain local GPOs get overridden by the domain or site GPO in AD.

AD-Based GPOs

When AD DS is installed these two GPOs are created by default

• Default Domain Policy
  Contains no Security groups or WMI filters and affects all users and computers in the domain including servers.
  Takes care of password, account lockout and Kerberos policies
• Default Domain Controllers Policy
  Applied to the domain controllers OU only and should be used for auditing policies.

Group Policy Management Tools – GPO Components

A GPO consists of two components – the Group Policy Container (GPC) linked to the Group Policy Template (GPT) which contains the settings for a particular GPO. The GPC defines the settings for a GPO whereas the GPT contains the specific settings you apply.
Incremental version numbers keep track of the changes you make to any GPO and enable CSEs to discover that a policy has changed and needs updating during a policy refresh.

The GPC is replicated between domain controllers by the Directory Replication Agent (DRA) which in turn relies on the Knowledge Consistency Checker (KCC). The replication can be configured manually but usually happens within seconds between domains and between sites depending on your configuration.

The GPT on the other hand is located in the SYSVOL folder which is replicated by using either the File Replication Service (FRS) or Distributed File System Replication (DFS-R) if all your servers are running Windows Server 2008 or later.

The above also implies that both can be out of sync albeit for a short time. Clients will recognize this and will not process a new GPO until the GPT and GPC are in sync. To avoid conflicts and identify problems or version mismatch you can use gptool available from the Microsoft Download center.

Group Policy Manager – Group Policy Settings Console

• Software Settings
  Provides a way to manage how to install and manage software. Allows for independent software vendors to add templates for configuration.
• Windows Settings
  Includes scripts – startup/shutdown (computer), logon/logoff (user) -, security settings and policy based Qos nodes.
• Administrative Templates
  Contains registry-based Group Policy settings
• Preferences
  Only available since Windows Vista and requires the download of the correct version of the Remote Server Administration Tools (RSAT)
  Contains more than 20 extra CSEs to configure loads of additional settings

Group Policy Management Tool – Group Policy Central Store

Administrative templates used to have an .adm extension in versions prior to Windows Vista and used to be stored as part of a GPT in the SYSVOL folder. If used in multiple GPOs, multiple instances of the same template are stored causing for SYSVOL bloat.

Starting from Windows Vista and Server 2008 administrative templates are defined by two xml files , .admx to identify registry changes and .adml to provide language-specific settings. Any changes to be made can be applied to the .admx file and are automatically applied to all GPOs involved.

Group Policy Management Editor- http://technet.microsoft.com/en-us/windowsserver/bb310732

Active Directory Groups and Domain Services Administration

Active Directory as a directory service provides information on enterprise resources such as  active directory users and groups as well as computers. To make it easier to manage objects these resources are divided into organizational Units (OUs) providing an Active Directory OU structure. Active  Directory groups on the other hand are meant for controlling access to AD objects.

Active Directory Groups and Domain Services - http://technet.microsoft.com/en-us/library/cc268216.aspx

Organizational Units (OUs) – Active Directory

The best way to think of an Active Directory OU design is by comparing it to the folder hierarchy of a common disk drive. Just as you make folders to group similar documents or other data you would collect similar objects in the same OU for the purpose of easy administration. OUs should therefore reflect the administrative structure of you organization.

Keep in mind that OUs are not used to assign permission to resources as this is what Active Directory groups are for. Users belong to Active Directory security groups which are in turn given permission to resources.

An OU in Active Directory is simply an administrative container enabling you to manage users and groups contained within that OU.

In Windows Server 2008 OUs are automatically protected from accidental deletion. You will not be able to delete an OU unless you disable this protection in advanced features.

Group Objects, Types and Scopes

Groups are meant to create a single point of management for objects in Active Directory such as users, computers or even other groups.

They are commonly used to grant or deny permissions to a shared folder to a group rather than a single user. In order to effectively manage even a simple organization you need to create security groups in Active Directory for 2 distinctive purposes.

• Role Defining Groups – based on common business needs such as location and job type
• Management Rule Defining Groups – based on how the resources need to be managed and accessed

A Security Group can be given permission to resources and can also be configured as an email distribution list

A Distribution Group eliminates the requirement for access to resources and is therefore only used as an email distribution list. This Group does not contain a SID and should be used for email distribution lists to avoid overhead network traffic generating unnecessary access tokens.

A Global Group defines or identifies objects by job roles, location and so forth. Global groups are available t any trusted domains

A Domain Local Group is used to bundle users that need access to similar resources. It is replicated to all domain controllers in the same domain only

A Universal Group contains users and groups from multiple domains and are therefore useful in multi-domain forests.

Group Nesting or IGDLA

Identities (Users and Computers) are members of

Global Groups which represent business roles and are in turn member of

Domain Local Groups representing management roles such as read and write permissions to a folder

Access to Resources is granted by adding the domain local group to the ACL of the folder in question

Shadow Groups

The major difference between an OU and a group is that an object can only exist within the context of a single OU whereas a security principal can belong to many groups.

One of the challenges includes managing an OU where you want to grant all users permission to a folder while this is not possible on the OU level.

This is where shadow Active Directory groups bring relief. You create a group and then just copy all the users of the OU into that group granting them the required permissions. Bear in mind that when you add or remove a user from the OU, you must do the same manually in the shadow group and vice versa.

Default Groups

• Enterprise Admins – full control over any domain controllers in the forest
• Schema Admins – full control over the AD schema
• Administrators (Builtin) – full control over all domain controllers in a domain. Full control in the forest root domain which means they can manage Enterprise, Schema and domain admins
• Domain Admins – Inherits all capabilities of the administrators group in a domain and is added to each client computer
• Server Operators (Builtin) – Can logon locally to perform maintenance tasks on domain controllers. Account has no members by default
• Account Operators – Can perform maintenance tasks on any OU except the Domain Controllers OU . Account has no members by default
• Backup Operators (Builtin) – Account has no members by default
• Print Operators – Can log on locally and shut down domain controllers

Special Identities

• Anonymous Logon – member of the Everyone group in versions prior to Server 2003
• Authenticated Users – Does not include Guest account
• Everyone – Authenticated users and guest
• Interactive – locally logged on users as well as remote desktop users
• Network – users accessing resources over the network

Relative Distinguished Names (RDNs) Common Names (CNs) and Domain Components (DCs)

Each object in Active Directory has a unique Distinguished Name (DN). The DN of an object is unique within the directory whereas the RDN of an object should be unique within its container or OU.

This is similar to not being able to create 2 documents or folders with the same name in the same folder.
As an example – DN CN=Bob Baker OU=User Accounts, DC=baker,DC=com

Name and Account Properties

• Logon Name (Pre-Windows 2000) – the samid should be unique within the organization. The sAMAcountName should therefore be a unique, name-independent logon based on an employee number and soforth
• User Logon Name – the userPrincipalName (UPN) consists of the logon name and the UPN suffix which is by default the DNS name of the domain where the object was created
• Name – Should be unique in the OU and is the first part of the DN attribute which should be unique in the forest
• Relative Distinguished Name (RDN) – Should be unique within an OU meaning the CN attribute must be unique in the OU. Easiest way to accomplish this is by including an employee number for example
• Display Name – No requirement for unique names that appear in the Microsoft Exchange Global Address List (GAL)

DS Command Line Options

• DSQuery to find objects in the directory
• DSAdd to create objects
• DSGet to return specific attributes of an object
• DSMod to modify attributes of an object
• DSMove to move an object to a new container or OU
• DSRm to remove an object and/or all objects in the subtree

Most commands are run by specifying the object type (e.g. user) as well as the object DN in quotes.

Windows PowerShell

Windows PowerShell is the recommended tool for performing and automating administrative tasks in Windows Server R2. System administration tasks can be performed by using command-lets (cmdlets) modules or snap-ins. A module or snap-in is a package of cmdlets and/or other items.

Windows Powershell is also backward compatible with cmd.exe making it easy to perform familiar tasks susch as ipconfig, ping or nslookup for example. Windows Poweshell return objects which can have properties – or attributes – that represent data maintained by the object such as a users first and last name.

Objects include methods which are actions you can perform on the object.

Comma-Separated Values Data Exchange (CSVDE) and LDIFDE

CSVDE is a powerful tool that can assist administrators in importing existing user information – such as user accounts – from MS Excel or MS Access databases. It can import and export AD objects from or to comma-delimited (.csv) text files.

It cannot be used to import passwords so you will need to reset the user password on any account imported as well as enable the account.

The LDAP Data Interchange Format (LDIF) is file format which can be utilized to perform batch operations against directories that conform to LDAP standards. Unlike CSVDE LDIFDE can be used to modify or remove objects in the directory.

LDIFDE is also capable of importing user passwords. Remember that these accounts will be disabled until you reset the passwords and enable the accounts.

Inheritable Permissions

The Discretionary Access Control List (DACL) which is a part of the objects Access Control Entry (ACE) assigned to users and Active Directory groups controls the security principals. This simply means assigning permissions that manage access to objects and properties in Active Directory such as resetting passwords or changing files in a folder.

Note that not every permission is inheritable and inheritance can be scoped to specific object classes. Generally speaking, new objects inherit permissions from the parent OU or container.
This can be manually modified by

• Disabling inheritance in the advanced settings of the new object
• Allowing inheritance while overriding it with an explicit permission assigned to the child object. Explicit permissions always override inherited permissions to the extent that an explicit Allow permission will override an inherited Deny permission
• Scoping the inheritance permission by changing the inheritance properties on the parent object. This is considered best practice as it defines the Access Control List (ACL) at its source rather than overriding permissions further down the line

You can use Delegation of Control Wizard to assign specific administrative tasks to appropriate groups and individuals.

User Account Templates

User account templates are generic user accounts prepopulated with common properties. Take care to disable this account for security purposes. When you create a new user you can just simply copy this template saving you the time of having to fill out each property again. Not all attributes can be copied and following is a list summarizing the attributes that do get copied.

1. General
2. Address
3. Account
4. Profile
5. Organization
6. Member Of

Modifying Properties of Multiple Users Simultaneously

You can select multiple users objects by holding the CTRL key as you click each user. After that you can right-click on any user and select properties from the menu. Properties that can be changed for multiple users are:

1. General
2. Account
3. Address
4. Profile
5. Organization

Active Directory Certificate Services (AD CS) Explained

Windows Server 2008 R2 uses Active Directory Certificate Services to build and control a Public Key Infrastructure (PKI) within an organization. AD CS in a Microsoft AD DS environment consists of the following components.

Certificate Authorities (CAs) such as root and child CAs which get their certificates from the root CA. Child CAs usually request a renewal of their certificate from the root CA as soon as their certificate expires. This is also the reason why root certificate durations are normally much longer than the subordinate CAs.

Certificate Revocation Lists (CRLs)

CA Web enrollment enables users to connect to a CA via a web browser and request certificates and Certificate Revocation Lists (CRLs) which is a list of certificates that have been revoked by your organization. A certificate on this list will consequently be refused.

Online Responder (OR)

The Online Responder service replaces the need to download a full CRL list as it responds to specific  certificate validation requests through the Online Certificate Status Protocol (ACSP).

ORs – which are a new feature in Windows Server R2 – are therefore much faster and more efficient than using CRLs.

Network Device Enrollment Service (NDES)

The Network Device Enrollment Service allows devices like routers and switches – that are typically not part of the AD DS system – to participate in the PKI system through the Network Device Enrollment Service (NDES) by using the Simple Certificate Enrollment Protocol (SCEP) developed by Cisco Systems. This protocol allows these low level network devices to be integrated and managed in the PKI hierarchy maintained by the AD CS.

Microsoft Active Directory Certificate Services – Stand-Alone and Enterprise CAs

A Stand-Alone CA can either be running as a member server or a stand-alone server in a workgroup. It is therefore also not necessary to be integrated in an AD DS. Stand-Alone CAs can run on Windows Server 2008 R2 Standard, Enterprise and Data Center editions.

They are used as internal root CAs in a multi-tier environment where the stand-alone CA generates certificates for the child CAs based on standard templates which cannot be modified. A Stand-Alone CA should be taken offline for security purposes after they have generated their certificates for the child CAs. Remember that AD DS directory membership is not a requirement for a Stand-Alone CA.

Enterprise CAs on the other hand must be integrated in an AD DS directory service as they automatically issue and approve certificates when requested by clients or endpoint devices. They are usually member servers in an AD DS domain that hold the role of child CAs. Their certificates are based on templates which can be edited to support specific requirements.

http://social.technet.microsoft.com/wiki/contents/articles/4954.certificate-status-and-revocation-checking.aspx

Install Active Directory Certificate Services – Final Configuration of an Issuing CA

• Configure a certificate revocation policy. This should be completed before starting to issue certificates and includes specifying the Certificate Revocation Lists (CRLs) distribution points as well as the CRL and Delta CRL overlaps and the scheduling of CRL publication. A delta CRL contains only the changes made since the last base CRL update
• Configure certificate templates for EFS, wireless networks, smart card certificates and web server certificates as needed
• Configure enrollment and issuance options

When using Online Responders you need to configure and install an Online Certificate Status Protocol (OCSP) Response Signing certificate and an Authority Information Access (AIA) extension to support it. The final step is to assign this template to a CA and enroll the system to obtain the certificate.

Active Directory Certificate Services 2008 New Features

• Certificate Enrollment Web Service and Certificate Enrollment Policy Web Service to enable certificate enrollment over HTTP
• Certificate Enrollment across forests allowing for consolidation in multi-forest deployments
• Better support for high-Volume CAs such as Network Access Protection (NAP) and other high-volume CAs.

http://technet.microsoft.com/en-us/library/dd448537%28WS.10%29.aspx

AD DS Management Tools for controlling AD CS can be accessed through server manager in Windows Server 2008. To manage a CA, certificates, certificate templates or an Online Responder use the appropriate Microsoft Management Console (MMC) snap-ins. The AD DS tools to add to an MMC in order to manage Active Directory Certificate Services are Certification Authority, Certificates, Certificate Templates and Online Responder.

Network Monitoring Tools

Network monitoring, website monitoring and server monitoring is a 24/7 job which necessitates consistent attention for optimum functioning. If this job is performed properly, it is the online business that reaps all of the rewards in the end. Written below are some of the benefits that can be obtained from website as well as server monitoring tools.

Boost Website Performance

- With the help of web and network monitoring tools, online businesses and stores can guarantee maximum website performance, increase webpage load up time and ensure that all of the site’s applications are running ceaselessly and providing all services smoothly.

Fast Troubleshooting

- A large amount of data is kept on servers, together with other essential files as well as folders. Network monitoring tools which monitor a website as well as server maintain a watchful eye on all of the crucial components and hence provide web administrators notifications of each and every important event.

Overall Downtime Minimization

- With up to date and excellent network monitoring tools, the downtime of a website can be minimized to up to ninety percent. This is sustained through fixed actionable peripheries on memory consumption, CPU consumption, as well as traffic on the NIC, etc.

Round the Clock Communication

- Servers are actually accountable for performing different functions and video and voice communication, email, instant messaging and the like, are just among the most crucial ones. A server makes sure of the continuous flow of data and information across every vertical and ensures that business dealings between the client and you are uninterrupted.

Enhanced Client Satisfaction

- Continuous web presence produces enhanced client satisfaction, loyalty as well as retention rate. With a fast webpage load time as well as reduced downtime, online businesses can prevent their clients from going to the domains of their competitors while at the same time, conveying a high level of dependability.

Error Correction

- Superior performance web and server monitoring tools evaluates as well as informs you also of any kind of discrepancy regarding your website’s internal linking construction, which is actually an additional benefit for active websites that have always changing contents.

People may consider web and server network monitoring tools as an added expense to their entire web maintenance cost. However, in the long run it is you who still benefits since it can save you the cash that you can lose because of web downtime. Hence, it is very important that you consider investing in web monitoring tools which will guarantee your site’s optimum uptime.

What is an Ethernet Cable

Loosened electrons that do not move and have a negative charge are called static electricity.
If these static electrons have an opportunity to jump to a conductor, this can lead to electrostatic discharge (ESD).

Voltage is sometimes referred to as electromotive force (EMF). Ethernet cables basically allow for the transportation of data along several wires depending on the protocol used.

Resistance and Impedance in Ethernet Cable Installation

Impedance includes resistance, capacitance, and inductance and is similar to the concept of resistance.
Attenuation is important in relation to networks. Attenuation refers to the resistance to the flow of electrons and explains why a signal becomes degraded as it travels along the conduit.

Semiconductors are materials that allow the amount of electricity they conduct to be precisely controlled.
Silicon (Si) is the most important semiconductor because it makes the best microscopic-sized electronic circuits.

Current in an Ethernet Cable Network

Electrical current is the flow of charges created when electrons move. In electrical circuits, the current is caused by a flow of free electrons.
When voltage is applied and there is a path for the current, electrons move from the negative terminal along the path to the positive terminal.

The negative terminal repels the electrons and the positive terminal attracts the electrons. The letter I represents current. The unit of measurement for current is Ampere (A). An ampere is defined as the number of charges per second that pass by a point along a path.

Current can be thought of as the amount or volume of electron traffic that flows. Voltage can be thought of as the speed of the electron traffic.
The combination of amperage and voltage equals wattage. Electrical devices such as light bulbs, motors, and computer power supplies are rated in terms of watts. Wattage indicates how much power a device consumes or produces.

It is the current or amperage in an electrical circuit that really does the work. For example, static electricity has such a high voltage that it can jump a gap of an inch or more. However, it has very low amperage and as a result can create a shock but not permanent injury.

The starter motor in an automobile operates at a relatively low 12 volts but requires very high amperage to generate enough energy to turn over the engine.
Lightning has very high voltage and high amperage and can cause severe damage or injury.

Ethernet Lan Cable

Two ways in which current flows are alternating current (AC) and direct current (DC).

The relationship among voltage, resistance, and current is voltage (V) equals current (I) multiplied by resistance (R). In other words, V=I*R. This is Ohm’s law, named after the scientist who explored these issues.

An oscilloscope is an electronic device used to measure electrical signals relative to time.

Power lines carry electricity in the form of AC because it can be delivered efficiently over large distances. DC can be found in flashlight batteries, car batteries, and as power for the microchips on the motherboard of a computer, where it only needs to go a short distance.

Make Your Own Ethernet Cable – Ethernet Cable Wiring Specifications

The metallic shielding materials in STP and ScTP need to be grounded at both ends. If improperly grounded or if there are any discontinuities in the entire length of the shielding material, STP and ScTP can become susceptible to major noise problems.

 Ethernet Cable Speeds

Installing Ethernet Cable – Optical Media

• The wavelength of the light in optical fiber is either 850 nm, 1310 nm, or 1550 nm.
• The greater the optical density of a material, the more it slows light down from its speed in a vacuum.
• The core of the optical fiber has to have a larger index of refraction than the material that surrounds it.
• The material that surrounds the core of the fiber is called the cladding.
• The angle of incidence of the light ray is greater than the critical angle for the core and its cladding.

Fiber Optic Ethernet Cable

Wireless Media

• FHSS – Frequency Hopping Spread Spectrum
• DSSS – Direct Sequence Spread Spectrum
• OFDM – Orthogonal Frequency Division Multiplexing

AP cell range is from 91.44 to 152.4 meters. A 20-30% overlap is desirable when roaming between AP’s.

Active scanning causes a probe request to be sent from the wireless node seeking to join the network. The probe request will contain the Service Set Identifier (SSID) of the network it wishes to join.

When an AP with the same SSID is found, the AP will issue a probe response. The authentication and association steps are completed.

Passive scanning nodes listen for beacon management frames (beacons), which are transmitted by the AP (infrastructure mode) or peer nodes (ad hoc). When a node receives a beacon that contains the SSID of the network it is trying to join, an attempt is made to join the network.

Passive scanning is a continuous process and nodes may associate or disassociate with APs as signal strength changes.

Joining a W-Lan

• SSID match
• Authenticate
• Associate

Frame Types

Security

• EAP-MD5 Challenge
• Lightweight extensible authentication protocol (LEAP)
• User Authentication
• Encryption
• Data Authentication

There is no such thing as a serial Ethernet cable. There exist however serial Ethernet converters which are capable of linking any serial devices via Ethernet.

Asus Eee pad Transformer Tablet

In 2011 we have seen a lot of interesting tablets on the market which have pushed the envelope when it comes to style, features and performance. Such a tablet is the Asus Eee Pad Transformer prime which is to replace the old Transformer and to pave the path for 2012 tablets to walk on.

As a result, we know that the Transformer Prime comes with the Tegra 3 CPU, 1GB of RAM and a very intuitive and innovative design, but can this make it the best 2012 tablet?

Asus Eee Pad Transformer Specs

First of all, the Transformer Prime has a clean yet very business-like appeal to it. The front of the tablet is simple and clean, with only the Asus logo, the screen and the webcam.

On the back we see the webcam tucked in at the top of the tablet as well as the impossible-to-miss metal finish of the tablet that gives it its strong look and feel.

The screen of this tablet is a 10.1 inch Super IPS+ 1920 x 1200 px resolution display that gives us a very clear and crisp image even in bright sunlight.

Second of all, as mentioned in this Asus Eee Pad Transformer Prime Review, the Tegra 3 1.3GHz processor really manages to give the Prime the power it needs to compete against the iPad. Paired with 1GB of RAM, the tablet’s CPU manages to handle multitasking well and provide us with good response times in both complex applications and games.

You can get the tablet with 32GB or 64GB of storage space, with prices starting from $649.99. It is clearly a good price for a Tegra 3 tablet, but for more detailed info consider reading this tablet PC 2012 mash-up. Nevertheless, you can find cheaper tablets on the market but not actually with what the transformer has to offer.

The battery life of the transformer is one of its strongest points: you can get this tablet to run for almost 12 hours without a charge and by adding the optional dock you get an additional 6 hours of runtime. That’s impressive and manages to surpass the competition without a problem.

Eee Pad Transformer Asus Conclusion

All in all, the Transformer Prime is aimed at people who want a powerful tablet with good battery life and flawless performance. It is true that you pay more for the Prime compared to other 2012 tablets like the Acer Iconia Tab A510 or A700, but overall it’s surely worth it. The only disadvantage worth mentioning about this Asus tablet is the fact that you will have to buy the dock yourself as it is no longer included in the tablet’s price.

Internet Security programs help prevent against attacks from the hacking community and minimizes the risk of getting hacked for corporate networks which are often a popular target. Remember when the Anonymous hackers syndicate came into action just after the MegaUpload site got taken offline by the FBI.

At the height of the Distributed Denial of Service (DDoS) attack against American government sites and several big music industry sites like EMI, RIAA and Warner the traffic compromised more than 10 % of all the internet traffic.

Internet Security risks for Android apps are also on the rise as Android is considered to be the Microsoft OS for the mobile platform. Thanks to its popularity it is therefore a greatly attractive target for scammers and malware developers.  The number of malicious Android apps is increasing day by day and are often found on third party sites.

There are really no internet security solutions to this problem as most users of mobile phones are completely oblivious to the threats that these apps can pose. Let’s also not forget that the developers of these apps have little or no experience regarding internet security issues.

Supervisory control or data acquisition (SCADA) refers to industrial computer systems that monitor things like water plants or nuclear facilities like was the case with Stuxnet. The Iranian program got attacked and infiltrated last year and got into the media.

Just imagine how many of these types of internet security attacks don’t make it to the news ans are kept a secret just so to not scare the general public. The weaknesses in SCADA systems make them relatively easy to exploit and therefore make them a popular target with hackers.

As computers are more and more omni-present they are slowly replacing the traditional ballot box making it easy for a skillful hacker to rig votes. Experienced fraudsters can easily compromise an e-voting system with the right software or hardware in place.

Most of us won’t realize that many internet security threats come from social media. Think about it, it is all very nice to share your music, pictures etc. with your friends. What goes on your wall in Facebook or gets tweeted on Twitter is also available to advertisers who just love to know your habits so they can target you with relevant ads.

Who cares, you might say. Think twice, would you like to go for a job interview knowing that the interviewer has just checked your online ramblings on Facebook or Twitter.

An internet security system starts with the way you use the internet. If you go around posting details about your private life all over the place then don’t be surprised that this might backfire one day as the Internet is a free for all place.

All information posted on the Internet is freely available to anybody so take some care next time you had a few drinks and want to post something funny on Facebook for example. Once it is out there, there is no way back.

The same goes for e-mail. It might be a very convenient way to communicate but in the old days of pen and paper people used to sit down and think about the message they were about to send unlike an e-mail where you can just start typing and hit the Send button.

Bottom line is that internet security starts with you. Realize that the Internet is a public place and although you might feel safe behind your computer all by yourself, there is a vicious world out there once you put private information online.

Internet Security Firewall – http://news.cnet.com/8301-27080_3-57347329-245/five-predictions-for-security-in-2012/

Distributed firewall - http://en.wikipedia.org/wiki/Distributed_firewall

Ethernet Cable Installation

• Wave — energy or disturbance traveling from point A  to B
• Amplitude — height of the wave (V)
• Period — amount of time that it takes to complete 1 cycle or period between waves (s)
• Frequency — the number of complete cycles or waves per second (Hz)

Pulses and Sine Waves

A pulse is a disturbance that was deliberately created with a fixed or predictable duration. Pulses are an important part of electrical signals because they are the basis of digital transmission. The pattern of the pulses represents the value of the data being transmitted.

Sine waves, or sinusoids, are graphs of mathematical functions. Sine waves are periodic and display the same pattern at regular intervals. Sine waves also vary continuously meanings that no adjacent points on the graph have the same value.

Square waves are likewise periodic but unlike sine waves they do not continuously vary with time. Their value stays the same  to then suddenly change only to return to the original value at regular time periods. Square waves represent digital signals or pulses and can be measured in terms of amplitude, period, and frequency.

Installing Ethernet Cable and Noise

There are many possible sources of noise

• Data signal carrying cables in the vicinity
• Radio Frequency Interference or RFI from other signals that are transmitted nearby
• Electromagnetic Interference (EMI) or Radio Frequency Interference (RFI) due to electromagnetic induction or electromagnetic radiation coming from artificial or natural external sources such as motors, lights, the sun or even the Northern Light.

Similarly to white light, white noise is a random signal that affects all frequencies as opposed to narrowband interference which only affects a small range of frequencies. In ethernet cable data transmission white noise will completely disrupt data transmissions while narrowband interference would only affect some signals.

Bandwidth

Analog bandwidth refers to the range of frequency between the highest and the lowest frequency components and is measured in Hertz .

Digital bandwidth measures the throughput of data in a given amount of time. (bps) In general, media that will support higher analog bandwidths without high degrees of attenuation will also support higher digital bandwidths.

Make Your Own Ethernet Cable Considerations

Attenuation is the general loss in flux or signal amplitude over the length of an ethernet cable or other medium. The longer the ethernet cable and the higher the signal frequency the more signal attenuation will occur. The maximum length of ethernet cable should not exceed 100 m.

Attenuation on a cable is measured with a cable tester using the highest frequencies that the cable is rated to support. Attenuation is usually measured in negative units of decibels numbers. The lower the dB values the higher the ethernet cable speeds so 2 dB would be better than 4 dB.

In ethernet cabling the length of the cable and the frequency of the signal is a major factor in contributing to attenuation. Defective connectors, a bad ethernet cable patch, bad insulation or resistance of the wiring all have their influence on signal degradation, signal loss or attenuation.

http://en.wikipedia.org/wiki/Attenuation

Impedance relates to the resistance, capacitance, and inductance of the ethernet cable to the electrical current and is measured in ohms. Category 5 cable are typically rated at around 100 ohms. Improperly installed connectors will have a negative influence on the impedance on a Cat 5 ethernet cable causing an impedance discontinuity or an impedance mismatch.

Return loss or impedance discontinuities occur when  a portion of a transmitted signal is bounced back due to an incorrect connector or a cable fault. The higher the network speed the more pronounced the problem will be as the discontinuities cause additional portions of the signal to be reflected back to the transmitter.

Cross Talk

Cross talk is extreme noise generated by the signal traveling down the wire thereby creating an electrical field which interferes with any wires close by. The twists in ethernet cables are supposed to prevent this.

• Near-end Crosstalk (NEXT)
• Far-end Crosstalk (FEXT
• Power Sum Near-end Crosstalk (PSNEXT)

http://www.openxtra.co.uk/articles/network-cable-testing-causes-data-loss

Cable Testing Standards

The ten primary test parameters that must be verified for a cable link to meet TIA/EIA standards are

• Wire Map
• Insertion Loss
• Near-end Crosstalk (NEXT)
• Power Sum Near-end Crosstalk (PSNEXT)
• Equal-level far-end crosstalk (ELFEXT)
• Power sum equal-level far-end crosstalk (PSELFEXT)
• Return Loss
• Propagation Delay
• Cable Length
• Delay Skew

Cable Wire Map Problems

• Reversed-Pair Wiring Fault
• Split-Pair Wiring Fault
• Transposed-Pair Wiring Fault

Propagation delay in ethernet cable testing measures the amount of time it takes for the signal to travel from point A to point B or from the sender to the receiver end. The electrical properties, length and twist rate of the cable all contribute to the delay which is measured in hundredths of nanoseconds.

A Time Domain Reflectometry (TDR) test is not only used to measure the length of  a cable but also to locate faults and discontinuities  such as shorts and opens.

Delay skew refers to the difference in transmit speeds or propagation delay of the multiple twisted pairs that make up an ethernet cable. Delay skew is determined by measuring the difference between the wire with the highest delay against the wire with the lowest delay.

http://www.siemon.com/us/white_papers/97-06-03-delayskew.asp

Fiber Optic Ethernet Cable

Fiber optic ethernet cables send signals over hair thin strands of glass fiber and eliminate crosstalk or noise problems. Just like tradirional coper wire UTP cables, improperly installed connectors will greatly reduce the data transmission speed.

A fiber optic ethernet cable uses light to transmit data and as such is also susceptible to optical discontinuities that will reduce the speed of the data arriving at the receiver.

Power over Ethernet Cable

Power over Ethernet (PoE) is very much self explanatory in the sense that it consists of a technology which enables electrical power to safely use the same ethernet cable.

http://en.wikipedia.org/wiki/Power_over_Ethernet

Data Communication and Networking

Two examples of data communications networks that use token passing are Token Ring and Fiber Distributed Data Interface (FDDI).
A variation of Token Ring and FDDI is Arcnet. Arcnet is data segment token passing on a bus topology.

Network Systems and Data Communication Include

• How the physical network is built
• How computers connect to the network
• How the data is formatted for transmission
• How that data is sent
• How to deal with errors

Data Communication Systems and WANs

• Operate over a large and geographically separated area
• Allow users to have real-time communication capabilities with other users
• Provide full-time remote resources connected to local services
• Provide e-mail, Internet, file transfer, and e-commerce services

Some Common WAN Technologies

• Modems
• Integrated Services Digital Network (ISDN)
• Digital subscriber line (DSL)
• Frame Relay
• T1, E1, T3, and E3
• Synchronous Optical Network (SONET)

SANs Offer the Following Features

• Performance – SANs allow concurrent access of disk or tape arrays by two or more servers at high speeds. This provides enhanced system performance.
• Availability – SANs have built-in disaster tolerance. Data can be duplicated on a SAN up to 10 km (6.2 miles) away.
• Scalability – A SAN can use a variety of technologies. This allows easy relocation of backup data, operations, file migration, and data replication between systems.

Secure Data Communication – VPN’s

• Access VPN – links small office and home (SOHO) users to the corporate network using a dedicated session over DSL, cable, ISDN or analog dial-up
• Intranet VPN – links regional and remote offices to the the internal company network using dedicated connections
• Extranet – link external business partners to the company’s internal network over a dedicated connection

Data Communication Protocol and Bandwith

• Limited by physics and technology
• Not Free
• Requirements growing at a rapid rate
• Critical to network performance
• Bandwidth is the measure of how many bits of information can flow from one place to another in a given amount of time

The actual bandwidth of a network is determined by a combination of the physical media and the technologies chosen for signaling and detecting network signals.

Thisl bandwidth is determined by the signaling methods, NICs, and other network equipment that is chosen.
Therefore, the bandwidth is not determined solely by the limitations of the medium.

Throughput refers to actual measured bandwidth, at a specific time of day, using specific Internet routes, and while a specific set of data is transmitted on the network.

Unfortunately, for many reasons, throughput is often far less than the maximum possible digital bandwidth of the medium that is being used.

Factors that Determine Throughput in Data Communication

• Internetworking devices
• type of data being transferred
• Network topology
• Number of users on the network
• User computer
• Server computer
• Power conditions

Analog bandwidth is measured by how much of the electromagnetic spectrum is occupied by each signal.
The analog video signal that requires a wide frequency range for transmission cannot be squeezed into a smaller band.

Therefore, if the necessary analog bandwidth is not available, the signal cannot be sent.
In digital signaling all information is sent as bits, regardless of the kind of information it is.

Unlimited amounts of information can be sent over the smallest or lowest bandwidth digital channel.

Open Systems Interconnection Model

Dividing the Network into Seven Layers Provides the Following Advantages

• It breaks network communication into smaller, more manageable parts.
• It standardizes network components to allow multiple vendor development and support.
• It allows different types of network hardware and software to communicate with each other.
• It prevents changes in one layer from affecting other layers.
• It divides network communication into smaller parts to make learning it easier to understand.

Networks Layers in Data Communication perform These 5 Conversion Steps to Encapsulate and Transmit Data

• Images and text are converted to data.
• The data is packaged into segments.
• The data segment is encapsulated in a packet with the source and destination addresses.
• The packet is encapsulated in a frame with the MAC address of the next directly connected device.
• The frame is converted to a pattern of ones and zeros (bits) for transmission on the media.

TCP/IP and OSI Model - http://homepages.uel.ac.uk/u0214757/tcpip.html