Friday, 27 November 2020

The most common network devices used are routers and switches. But we still hear people talking about hubs, repeaters, and bridges. Do you ever wonder why these former devices are preferred over the latter ones? One reason could be: ‘because they are more efficient and powerful’. But what actually is the reason behind their efficiency? This is when terms like “Collision Domains” and “Broadcast Domains” come into picture.

Before going further, let us recall that a hub is a multiple-port repeater. Similarly, a switch is a multiple-port bridge so that you can understand why repeaters and bridges are not typically used in production networks(because of less number of ports).

Now, narrowing down to Hubs, Switches and Routers, let us discuss them in reference with the blow domains.

1. Collision Domain –

A Collision Domain is a scenario in which when a device sends out a message to the network, all other devices which are included in its collision domain have to pay attention to it, no matter if it was destined for them or not. This causes a problem because, in a situation where two devices send out their messages simultaneously, a collision will occur leading them to wait and re-transmit their respective messages, one at a time. Remember, it happens only in case of a half-duplex mode.

2. Broadcast Domain –

A Broadcast Domain is a scenario in which when a device sends out a broadcast message, all the devices present in its broadcast domain have to pay attention to it. This creates a lot of congestion in the network, commonly called LAN congestion, which affects the bandwidth of the users present in that network.

From this, we can realize that more the number of collision domains and more the number of broadcast domains, the more efficient is the network providing better bandwidth to all its users.

So, which of our network devices break collision domains and which of them break broadcast domains?

◉ HUB –

We start with a hub because we should get rid of it as soon as possible. The reason being, it neither breaks a collision domain nor a broadcast domain,i.e a hub is neither a collision domain separator nor a broadcast domain separator. All the devices connected to a hub is in a single collision and single broadcast domain. Remember, hubs do not segment a network, they just connect network segments.

◉ SWITCH –

Coming to switches, we have an advantage over the hub. Every port on a switch is in a different collision domain, i.e a switch is a collision domain separator. So messages that come from devices connected to different ports never experience a collision. This helps us during designing networks but there is still a problem with switches. They never break broadcast domains, means it is not a broadcast domain separator. All the ports on the switch are in still in a single broadcast domain. If a device sends a broadcast message, it will still cause congestion.

◉ ROUTER –

Last, but not least, we have our savior. A router not only breaks collision domains but also break broadcast domains, means it is both collision as well as broadcast domain separator. A router creates a connection between two networks. A broadcast message from one network will never reach the other one as the router will never let it pass.

Collision Domain, Broadcast Domain, Computer Network, Web Hosting, Compare Web Hosting, Web Hosting Reviews

Also, as repeaters and bridges differ from hubs and switches only in terms of the number of ports, a repeater does not break collision and broadcast domains, while a bridge breaks only collision domains.

Tuesday, 24 November 2020

In the Classful addressing the no of Hosts within a network always remains the same depending upon the class of the Network.

Class A network contains 2 (24) Hosts,

Class B network contains 2 (16) Hosts,

Class C network contains 2 (8) Hosts 

Now, let’s suppose an Organization requires 2(14) hosts, then it must have to purchase a Class B network. In this case, 49152 Hosts will be wasted. This is the major drawback of Classful Addressing.

In order to reduce the wastage of IP addresses a new concept of Classless Inter-Domain Routing is introduced. Now a days IANA is using this technique to provide the IP addresses. Whenever any user asks for IP addresses, IANA is going to assign that many IP addresses to the User.

Web Hosting, Compare Web Hosting, Web Hosting Reviews, Domain Routing

Representation: It is as also a 32-bit address, which includes a special number which represents the number of bits that are present in the Block Id.

a . b . c . d / n 

Where, n is number of bits that are present in Block Id / Network Id.

Example:

20.10.50.100/20 

Rules for forming CIDR Blocks:

1. All IP addresses must be contiguous.
2. Block size must be the power of 2 (2n).

If the size of the block is the power of 2, then it will be easy to divide the Network. Finding out the Block Id is very easy if the block size is of the power of 2.

Example:

If the Block size is 2(5) then, Host Id will contain 5 bits and Network will contain 32 – 5 = 27 bits.

Web Hosting, Compare Web Hosting, Web Hosting Reviews, Domain Routing

3. First IP address of the Block must be evenly divisible by the size of the block. in simple words, the least significant part should always start with zeroes in Host Id. Since all the least significant bits of Host Id is zero, then we can use it as Block Id part.

Example:

Check whether 100.1.2.32 to 100.1.2.47 is a valid IP address block or not?

1. All the IP addresses are contiguous.
2. Total number of IP addresses in the Block = 16 = 2(4).
3. 1st IP address: 100.1.2.00100000

Since, Host Id will contains last 4 bits and all the least significant 4 bits are zero. Hence, first IP address is evenly divisible by the size of the block.

All the three rules are followed by this Block. Hence, it is a valid IP address block.

Friday, 20 November 2020

1. Trade Mark:

A trade name is a name used to register a business as a legal entity within the state where it operates. Usually, this is often done at the Secretary of State or the Department of Corporations, or an identical state-run agency. A trade name must be unique within the state where it is registered. The trade name is additionally registered with the interior Revenue Service for purposes of federal tax laws. 

A trademark can be a sign or symbol which represents graphically and it is capable of differentiating the products or services of 1 undertaking from those of other undertakings. An application for registration of a trademark shall be made to the Trade Marks Registry of the Property Department). The owner of a registered trademark has the prerogative to use the trademark in reference to the products and services that the mark is registered within the Hong Kong Special Administrative Region.

Example:

When the officer of an organization signs an agreement, he signs it as “CFO of XYZ Corporation.” Anyone who wants to see the status of that legal entity can interrogate XYZ Corporation on the records of the year of its state. For that reason, contracts normally will state the party to the contract and include something like this: “A Delaware indebtedness company” because that information allows someone to research the status of the business.

Trademark, Domain Name, Web Hosting, Web Hosting Reviews, Web Hosting Guides, Compare Web Hosting

2. Domain Name:


A domain name is an entry during a database—like a line during a spreadsheet. That entry corresponds to an online protocol address. A website name may be a website address on the web which provides you a web identity. A website name may be a human-readable Internet address, e.g, www.wilmerhale.com. It is the name that users/customers type into their Internet browsers to access your website. The proper to use a website name is regulated by name registrars.

You will obtain a website name by purchasing it from the registrar for your particular name. An application to register a website name under country code top-level domain(e.g. com.hk) or a generic top-level domain (e.g. .com) shall be made to at least one of the registrars. A website name is often registrable as a trademark if it functions to spot the source of particular goods or services.

Example:

It includes the utilization of the name on the particular pages of an internet site offering services, offline use of the name as something quite just a URL address, like the use of the name on marketing or promotional materials for services, and use of the name on the packaging for a product.

Trademark, Domain Name, Web Hosting, Web Hosting Reviews, Web Hosting Guides, Compare Web Hosting

Difference Between Trademark and Domain Name:


TRADE MARK DOMAIN NAME 
A trade mark may consist of words, designs, letters, numerals, colors, the shape of goods or their packaging etc. and any combination of such signs. A domain name must be contextual in for (e.g. www.ipd.gov.hk).
A trade mark would be registered in respect of the goods or services as classified under the Nice Classification.  A domain name does not have to be registered for a particular class of goods or services.
A registered trade mark is valid for 10 years and can be renewed for further periods of 10 years.  A domain name is only for a particular period as agreed between the registrant and the accredited registrar and these are subject to renewal.
A trade mark may not be registrable if it is different or similar to a previously registered trade mark.  A domain name is registrable if it is not different to a previously registered domain name.
A trade mark which consists exclusively of a sign or a symbol which describes the characteristics for the applied-of goods or services may not be registrable. Symbols such as “fresh bread” in respect of bakery services.  A domain name may describe the features of the application-of goods or services, e.g. “freshbread.com” for a bakery.
Trademark operates in the real world.  Domain name operates in the cyber world.
Different people living in different countries may have the same trademark for different goods and services as it does not generally have a global impact on it.  Domain names operates at a global level and so no two companies/persons can be having the same domain name.
Trademark can refer to or linked to a specific category of a product or products line.  The domain names are not given for every single product offered by a company.
As there are no jurisdiction issues, the dispute related to a trademark can be easily settled.  As the internet is very wide and does not any any boundries, so the disputes are hard to be settled.

Wednesday, 11 November 2020

A Domain Name System (DNS) converts a human-readable name (such as www.want2host.com) to Numeric IP-address. The DNS system response one or more IP-address by which your computer connects to a website (such as want2host.com) by using one of the IP-address.

There is not only one DNS server. There are series of DNS server used to resolve the domain name. DNS uses cache to work efficiently so that it can quickly refer to DNS lookups it’s already performed rather than performing a DNS lookup over and over again.

Although DNS caching increase the speed for domain name resolution process But the major change in the domain then it takes a day to reflect worldwide.

DNS Spoofing means getting a wrong entry or IP-address of the requested site from DNS server. Attackers find out the flaws in DNS system and take control and will redirect to a malicious website.

Web Hosting, Web Hosting Review, Compare Web Hosting, DNS

In above image –

1. Request to Real Website: User hit a request for paticular website it goes to DNS server to resolve the ip-address of that website.

2. Inject Fake DNS entry: Hackers already take control over the DNS server by detecting the flaws and now they add false entry in DNS server.

3. Resolve to Fake Website: Since fake entry in DNS server redirect user to wrong website.

To Prevent From DNS Spoofing –

DNS Security Extensions (DNSSEC) is used to add an additional layer of security in DNS resolution process to prevent security threats such as DNS Spoofing or DNS cache poisoning.
DNSSEC protects against such attacks by digitally ‘signing’ data so you can be assured it is valid.

Wednesday, 4 November 2020

Prerequisite – Domain Name System (DNS) in Application Layer

In the world of networking, computers do not represent by names like humans do, they represent by numbers because that is how computers and other similar devices talk and identify with each other over a network, which is by using numbers such as IP addresses.

Humans on the other hand are accustomed to using names instead of numbers, whether is talking directly to another person or identifying a country, place, or things, humans identify with names instead of numbers. So in order to bridge the communication gap between computers and humans and make the communication of a lot easier networking engineers developed DNS. 

DNS stands for a Domain Name System.

DNS resolves names to numbers, to be more specific it resolves domain names to IP addresses. So if you type in a web address in your web browser, DNS will resolve the name to a number because the only thing computers know are numbers. 

Domain Name System (DNS) Server, Web Hosting, Web Hosting Reviews, Compare Web Hosting

Working: 


If you wanted to go to a certain website you would open up your web browser and type in domain name of that website. Let us use google.com. Now technically you really do not have to type in google.com to retrieve Google web page, you can just type in IP address instead if you already knew what IP address was, but since we are not accustomed to memorizing and dealing with numbers, especially when there are millions of websites on Internet, we can just type in domain name instead and let DNS convert it to an IP address for us. 

So back to our example, when you typing google.com on your web browser DNS server with search through its cache to find a matching IP address for that domain name, and when it finds it it will resolve that domain name to IP address of Google web site, and once that is done then your computer is able to communicate with a Google web srver and retrieve webpage. 

So DNS basically works like a phone book, when you want to find a number, you do not look up number first, you look up name first then it will give you number. So to break this down into further detail let us examine steps that DNS takes. So when you type in google.com in your web browser and if your web browser or operating system cannot find IP address in its own cache memory, it will send query to next level to what is called resolver server. Resolver server is basically your ISP or Internet service provider, so when resolver receives query, it will check its own cache memory to find an IP address for google.com, and if it cannot find it it will send query to next level which is root server. The root servers are top of root of a DNS hierarchy. 

There are 13 sets of these root servers from a.root-servers.net to m.root-servers.net and they are strategically placed around world, and they are operated by 12 different organizations and each set of these root servers has their own unique IP address. So when root server receives query for IP address for google.com, root server is not going to know what IP address is, but root server does know where to send resolver to help it find IP address. So root server will direct resolver to TLD or top-level domain server for .com domain. So resolver will now ask TLD server for IP address for google.com. 

The top-level domain server stores address information for top-level domains such as .com and .net, .org, and so on. This particular TLD server manages .com domain which google.com is a part of. So when a TLD server receives query for IP address for google.com, TLD server is not going to know what IP addresses for google.com. So the TLD will direct resolver to next and final level, which are authoritative name servers. So once again the resolver will now ask authoritative name server for IP address for google.com. Authoritative name server or servers are responsible for knowing everything about domain which includes IP address. 

They are final authority. 

So when the authoritative name server receives query from resolver, name server will respond with IP address for google.com. And finally, resolver will tell your computer IP address for google.com and then your computer can now retrieve google web page. It is important to note that once resolver receives IP address, it will store it in its cache memory in case it receives another query for google.com. So it does not have to go through all those steps again.

DNS servers has different types of records to manage resolution efficiently and provide important information about a domain. These records are the details which are cached bu DNS servers. Each records have a TTL(Time To Live) value in seconds associated with it, these values set time for the expiration of cached record in DNS server which ranges to 60 to 86400 depending on the DNS provider.

◉ A records – points to IPv4 address of machine where website is hosted
◉ AAAA records – points to IPv6 address of machine where website is hosted
◉ MX – points to email servers
◉ CNAME – canonical name for alias points hostname to hostname
◉ ANAME – Auto resolved alias, works like cname but points hostname to IP of hostname
◉ NS – nameservers for subdomains
◉ PTR – IP address to hostname
◉ SOA  – containing administrative information about the DNS zone
◉ SRV – service record for other services
◉ TXT – Text records mostly used for verification, SPF, DKIM, DMARC and more
◉ CAA – certificate authority record for SSL/TLS certificate

DNSSEC(Domain Name System Security Extensions) are the cryptographic suite of authentication protocols added to the DNS to protect it from malicious actors  from using forged or manipulated DNS data, such as that created by DNS cache poisoning by digitally signing DNS zones. DNSSEC does not provide confidentiality of data; in particular, all DNSSEC responses are authenticated but not encrypted. DNSSEC is still yet to be implemented by some registrars and registrys

Monday, 2 November 2020

Increased mobility of the devices, the concept of remote access to a network, and many more opportunities like these have complicated the complete task of preventing hackers from accessing your private data.

In most fatal attacks, an attacker can take down your complete website without even accessing your system. An attacker could take advantage of the Internet to divert your website visitors and other incoming data before they reach your network. Here DNS system is the key. It is the first line of defense and plays a major role in data security.

What is DNS?

DNS- Domain Name System is a hierarchical naming system that is used for computers, services, or any other resource or device that is connected to the Internet. Or we can say that in simple language, DNS translates more readily memorized domain names to numerical IP Addresses needed for locating and identifying devices and services with the underlying network protocols.

Web Hosting, Web Hosting Reviews, Compare Web Hosting

A DNS server encompasses all the Domain Names and their corresponding IP Addresses. Whenever you enter a URL-

◉ Your browser will send IP Request (domain name- For example www.want2host.com) to the DNS Server.
◉ DNS Server will match the corresponding IP address of this URL and directs your browser to the website.

DNS system is essential as the browser is unable to understand the alphabetic URL and can only process the numerical IP Address.

What do you mean by DNS Leak?


As we have discussed above, DNS acts as a correspondent between the Internet and your device. However, in the case of default DNS settings, the online activities of the user are visible to the ISP or anyone with legal or illegal access to the DNS Server.
To eradicate such situations, many individuals tend to use VPN-Virtual Private Network, which helps to create a safe and virtual connection over the Internet. Adding a VPN pushes all the DNS requests and data through a VPN tunnel.

Unfortunately with pros there comes the cons. VPN Servers are not 100% secure, they could leak DNS requests. This is known as DNS Leak. Thus we can say DNS Leak is a security flaw, that exposes DNS requests to ISP DNS Servers.

Ways to check DNS Leak –


Checking DNS Leak is a very simple task. There are so many one-click testing tools available in the market to test DNS vulnerabilities. 

How a DNS Leak Test Work?


The answer is very simple if you are behind the VPN and perform a DNS Leak Test.

◉ The result should be the same IP where you have connected through a VPN.
◉ If you see your ISP on the list, it points to a DNS Leak.
◉ The lists which are not directed under your VPN Service could signal a leak.

Try not to select a DNS Leak Test tool offered by any VPN Service. VPN Service these days are developing their tools and using it as a bait to scare users and sell their products.

What are the major DNS Leak Issues?


In this section, we will be discussing major issues contributing to DNS Leak.

1. Irregular Network Configuration: When connecting to VPN, connect your device first to the local network. Ensure proper settings as DHCP settings can sometimes automatically assigns a DNS Server when you connect to a new network and this could be your ISP DNS Server.

2. IPv6 Leak: Most VPNs have IPv4 support and they are unable to handle any request to or from an IPv6 device. The request sent from the machine using a dual-stack tunnel which converts IPv4 to IPv6 couldn’t be handled by these VPNs. Therefore, the DNS request eventually goes to the DNS Server and DNS leak causes real IP to expose.

3. Transparent DNS Proxies: In cases where ISPs detect users changing their DNS Server setting to a third-party server, they enforce their own DNS Servers. This transparent server will interrupt the user web traffic and send it to the ISP DNS Server. Such types of servers can be detected through DNS Leak Test.

4. Teredo Technology: Mircosoft has introduced Teredo Technology to resolve the issue of IPv6 and IPv4. However, in the case of VPN, it can still cause DNS Leak as it is a tunneling protocol and it is capable of bypassing VPNs encrypted tunnel too.

5. Windows OS Versions 8, 8.1, and 10: Windows feature Smart Multi-Homed Name Resolution has been introduced in Windows 8 and later versions. This feature tends to send the request to all available DNS Servers. It makes sure that the response from the non-standard server is only acceptable in case favorites fail to respond. Most probably, that ISP DNS response is accepted which eventually results in DNS Leak.

How to Prevent DNS Leak?


◉ Encrypt DNS requests using DNS over HTTPS or DNS over TLS.
◉ Use VPN Client which sends DNS requests over the VPN.
◉ Use Firewalls to disable DNS on the whole device or setting DNS servers to non-existing ones like 127.0.0.1 or 0.0.0.0
◉ Use anonymous browsers like Tor Browser, which makes user anonymous and doesn’t require any DNS to be set up on the operating system.
◉ Use your own DNS resolving server.
◉ Use Cloudflare DNS Server.
◉ Use proxy or VPN, system-wide, via third-party app helpers like Proxifier or in the form of a web browser extension.

Facebook

Popular Posts

Blog Archive

Total Pageviews