The Router, information about 
The_Duke247
the_duke247@garbage.com
routers, cisco, info, information, routing, net, lan, network, wan, firewall

Routing, not to be confused with bridging, is possible because
it is used to connect similar networks together.

Definition:

A router is used to transfer information from one network to
another.  For instance, this may be used to route requests from
network to network.  The method used in this transfer of data is
the RIP (Routing Information Protocol).

How A Router Works:

Based on the Xerox Network Systems (XNS), the RIP was designed
to be used in small to medium sized networks.  In order to
efficiently route a message, the RIP has to determine the route a
message is going to take over the network and uses a
distance-vector routing algorithm to achieve this.  


There are many routes a request could take over a network and 
all of these routes are assigned a cost.  The cost can represent 
a network throughput, type of line, or desirability of a path.  
The RIP protocol then determines the lowest cost path over the 
network to transmit the request.  

How the RIP works:

A routing table is kept in the router or computer memory and
holds a list of hops to adjacent nodes.  This table would be
updated every 30 seconds in order to keep up to date on the fastest
routes over the network.  When the routing table has been
updated, new costs are assigned to each path over the network depending
on the traffic and lines available etc.


A separate router on the network would send out, advertise, and
receive routing information.


There is a limit on the cost that can be assigned to a path. 
16 is currently the highest cost that can be assigned to a path. 
When the cost exceeds 16, the host would be deemed unreachable
as the request would take too long otherwise.  This is a
validation method to ensure that fast response times are available on
the network.


When there is a break in the network, the routers on that
network must retain least-cost paths.  This could take some time and
may involve requests taking longer over the network.  This is
because the paths that have been chosen during the network break
might have higher cost values and thus take longer.


When a router crashes, which is very common, adjacent routers
update their adjacency to a crashed router in 180 seconds.  When
this time has elapsed, if no routing information is returned
from the router, that path is removed from the local router's
database.

Possible Faults Within the RIP:

The RIP does not work with physical distances, only a cost. 
This means that the router could actually take a longer physical
distance to send a request or message over the network because
this has been assigned a lower cost.  This is a common fault
within the RIP and is currently being
revised.

------------------------------------------------------------------------

CISCO PIX 515 SERIES FIREWALL AND GENERAL FIREWALL SECURITY

Port access can be controlled on the firewall in order to
shutdown ports which may compromise network security.  "Wizard" type
software is available with the CISCO PIX 515 Series Firewall as
well as many others in order to block these ports.  


Under UNIX systems such as Solaris and UNIX clones etc. such as 
Linux, it is possible to configure ports which are needed e.g. 79 
for finger and 21 for FTP, but to configure them to a higher number 
so they would not be detected so easily in a port scan.  Here are 
some typical ports that should be shut down or closely monitored
if this is not possible.


PORT NUMBER     PROTOCOL REASONS
256, 257, 258 TCP/IP Administration ports

                ICMP ICMP Allows network mapping from the
internet
53         TCP/IP Enables DNS Lookup and pinging of firewall
20         TCP/FTP Enables the transfer of sometimes
compromising                          data and is considered un-needed
161         UDP      SNMP, Very high security risk, gives away 
                            sometimes extremely sensitive
information
139         SMB As Above

These are typical ports that a network port scanner, such as
nmap, would display.  These ports are widely considered security
loopholes within a network and I would strongly suggest admin
disable them.  This is possible by restricting access to use these
ports except for any machine with a specific, fixed IP address.


I would also disabled port 53 because it enables outside users
to ping the DNS of the internal network and gain information on
the firewall such as the IP address and also some further
information on the network which could later be used as a back door.


Users of any LAN should have to conform to a certain set of
standards, outlined in the acceptable use policy, and to see that
they (for their own good and the good of the network) conform to
these standards, the firewall is in place just in case.
Along with this set of standards, the firewall itself will have
a rule base to conform to.


The firewall, as mentioned, controls access to and from the
network and decides who has access to what and how they are sent to
their destination.  The firewall also works in conjunction with
the Cisco 1600 Series router on a network.


One of the main features of the firewall, in terms of internal
security,  is to allow URL/JAVA filtering.  JAVA in the past has
been known to be a source of sometimes malicious content on the
web that can sometimes be detrimental to personal computers and
networks alike.  Certain URL's should be filtered that are not
of suitable content by using the software on the firewall.  



This is not due to users of the network abusing the system, it is
because some sites have been known to contain certain ActiveX
controls that allow the upload/download of files to a computer.

 
This could be very harmful to a network and therefore all ActiveX
and JAVA should be disabled or configured via IE, or a suitable
Lynx browser, to a suitable level.  There are also certain
"patches" available from well recognised vendors to overcome these
problems.  


It has to be said however that these patches are
provided by Microsoft and certain rumours have arisen to suggest that
they enable the reading of local text files and remote access,
this is yet to be confirmed by me or any of my
affiliates.
------------------------------------------------------------------------
BIBLIOGRAPHY:

Using Linux - Special/Third Edition
Jack Tackett Jr. Davud Gunter
1997

Various Sites from Neworder and other places which I really
can't
remember.

------------------------------------------------------------------------

This article on the whole is from a wide range of sources and
has been collated by myself totally.  I have merged my existing
knowledge with the knowledge from others in order to produce a
document that maybe just technical enough for basic system
administrators and also give "newbies" a good insight into security. 
If anything proves to be incorrect in this article, please let me
know and change it post haste.