Lab 8.4.3 Performing a Vulnerability Analysis

CAUTION: This lab may violate legal and organizational security policies. The security analyzer downloaded in this lab should only be used for instructional purposes in a lab environment. Before using a security analyzer on a live network, check with your instructor and network administration staff regarding internal policies concerning the use of these tools.
Objectives
· Download and install security analyzer software.
· Test a host to determine potential security vulnerabilities.
Background / Preparation
Security analyzers are valuable tools used by network administrators and auditors to identify network and host vulnerabilities. There are many vulnerability analysis tools, also known as security scanners, available to test host and network security. In this lab, you will download and install the Microsoft Baseline Security Analyzer (MBSA). MBSA is designed to identify potential security issues related specifically to Microsoft operating systems, updates, and applications. It also identifies unnecessary services that may be running, as well as any open ports.
MBSA runs on Windows Server and Windows XP systems and scans for common security misconfigurations and missing security updates for the operating system as well as most versions of Internet Information Server (IIS), SQL Server, Internet Explorer (IE), and Office products. MBSA offers specific recommendations to correct potential problems.
This lab can be done individually or in teams of two.
The following resources are required:
· Computer running Windows XP Professional to act as the test station.
· High-speed Internet connection for downloading MBSA (unless pre-installed).
· Computer must be attached to the integrated router switch or a standalone hub or switch.
· Optionally, you can have a server running a combination of DHCP, HTTP, FTP, and Telnet (preconfigured).
Step 1: Download and install MBSA
a. Open a browser and go to the MBSA web page at: http://www.microsoft.com/technet/security/tools/mbsa2/default.mspx
b. What is the latest version of MBSA available?
Jawab;
MBSA 2.2
c. What are some of the features MBSA provides?
Jawab:
· Command-line and Graphical User Interface (GUI) options
· Scan local computer, remote computer, or groups of computer
· Scan against Microsoft's maintained list of updates (on Microsoft.com) or local server running Software Update Services 1.0
· Scan for common security configuration vulnerabilitie
· Scan for missing security updates
· View reports in MBSA Graphical User Interface or Command Line Interface
· Compatibility with SMS 2.0 and 2003 Software Update Services Feature Pack
· Support for single processor and multiprocessor configurations
· Localized to English, French, German, and Japanese although MBSA 1.2.1 can scan a machine of any local
d. Scroll down the page and select the desired language to begin the download process.
e. Click Continue to validate the copy of Microsoft Windows you are running.
f. Click Download Files below and select the file you want to download. (The English setup file is MBSASetup-EN.msi). Click the Download button on the right of this file. How many megabytes is the file to download?
Jawab:
11,5 MB
g. When the File Download – Security Warning dialog box displays, click Save and download the file to a specified folder or the desktop. You can also run it from the download website.
h. Once the download is complete, make sure all other applications are closed. Double-click the downloaded file. Click Run to start the Setup program, and then click Run if you are prompted with a Security Warning. Click Next on the MBSA Setup screen.
i. Select the radio button to accept the license agreement and click Next. Accept the defaults as the install progresses, and then click Finish. Click OK on the final MBSA Setup screen, and close the folder to return to the Windows desktop.

Step 2: Build the network and configure the hosts
a. Connect the host computer(s) to the integrated router, a hub, or a switch as shown in the topology diagram. Host-A is the test station where MBSA will be installed. The server is optional.
b. Set the IP configuration for the host(s) using Windows XP Network Connections and TCP/IP properties. If the host is connected to the integrated router, configure it as a DHCP client; otherwise go to Step 1d.
c. If the host is connected to a hub or switch and a DHCP server is not available, configure it manually by assigning a static IP address.
Which IP address and subnet mask does Host-A and the server (optional) have?
Jawab:
· IP address : 192.168.10.1
· Subnet mask : 255.255.255.0
Step 3: Run MBSA on a host
a. Double-click the desktop icon for MBSA or run it from Start > All Programs. When the main screen displays, which options are available?
Jawab:

· Pick a computer to scan
· Pick multiple computer to scan
· Pick a security report to view
· Help
· About
· Microsoft Security Web Site
Step 4: Select a computer to scan
a. On the left side of the screen, click Pick a computer to scan. The computer shown as the default is the one on which MBSA is installed.
b. What are the two ways to specify a computer to be scanned?
Jawab:
· Scan using assign Update Services servers only
· Scan using Microsoft Update only
c. Accept the default computer to be scanned. De-select Check for IIS and SQL administrative vulnerabilities, since these services are not likely to be installed on the computer being scanned. Click Start Scan.
Step 5: View security update scan results
a. View the security report. What are the results of the security update scan
Jawab:
Tidak ada terjadi masalah apa-apa
b. If there are any red or yellow Xs, click How to correct this. Which solution is recommended?
Jawab:
Tida ada terdapat red atau yellow Xs
Step 6: View Windows scan results in the security report
a. Scroll down to view the second section of the report that shows Windows Scan Results. Were there any administrative vulnerabilities identified?
Jawab:
Local Account Password Test, Automatic Update, Guest Account, File system.
b. On the Additional System Information section of the screen (below), in the Issue column forServices, click What was scanned, and click Result details under the Result column to get a description of the check that was run. What did you find? When finished, close both popup windows to return to the security report.
Step 7: View Desktop Application Scan Results in the Security report
a. Scroll down to view the last section of the report that shows Desktop Applications Scan Results. Were there any administrative vulnerabilities identified?
Jawab:
Macro security
b. How many Microsoft Office products are installed?
Jawab:
4
c. Were there any security issues with Macro Security for any of them?
Jawab:
Tidak
Step 8: Scan a server, if available
a. If a server with various services is available, click Pick a computer to scan from the main MBSA screen and enter the IP address of the server, and then click Start Scan. Which security vulnerabilities were identified?
Jawab:
b. Were there any potentially unnecessary services installed? Which port numbers were they on?
Jawab:
Step 9: Uninstall MBSA using Control Panel Add/Remove Programs
a. This step is optional, depending on whether the host will be automatically restored later by a network process.
b. To uninstall MBSA, click Start > Control Panel > Add/Remove Programs. Locate the MBSA application and uninstall it. It should be listed as Microsoft Baseline Security Analyzer 2.0.1. Click Remove, and then click Yes to confirm removal of the MBSA application. When finished, close all windows to return to the desktop.
Step 10: Reflection
a. The MBSA tool is designed to identify vulnerabilities for Windows-based computers. Search the Internet for other tools that might exist. List some of the tools discovered.
Jawab:
· Client versions of Windows, including Windows
· Windows Server, including Windows Server 2008
· SQL Server
· Internet Information Server (IIS)
· Internet Explorer
· Microsoft Office
b. Which tools might there be for non-Windows computers? Search the Internet for other tools that might exist and list some of them here.
Jawab:
SQL server
c. Which other steps could you take to help secure a computer against Internet attacks?
Jawab:
Step 8

Read more...

Lab 8.4.2 Configuring Access Policies and DMZ Settings

Objectives
· Log in to a multi-function device and view security settings.
· Set up Internet access policies based on IP address and application.
· Set up a DMZ for an open access server with a static IP address.
· Set up port forwarding to limit port accessibility to only HTTP.
· Use the Linksys WRT300N Help features.

Background / Preparation
This lab provides instructions for configuring security settings for the Linksys WRT300N. The Linksys provides a software-based firewall to protect internal, local-network clients from attack by external hosts. Connections from internal hosts to external destinations can be filtered based on the IP address, destination website, and application. The Linksys can also be configured to create a demilitarized zone (DMZ) to control access to a server from external hosts. This lab is done in teams of two, and two teams can work together to test each other’s access restrictions and DMZ functionality. It is divided into 2 parts:
· Part 1 – Configuring access policies
· Part 2 – Configuring DMZ settings

The following resources are required:
· Linksys WRT300N or other multi-function device with the default configuration
· User ID and password for the Linksys device if different than the default
· Computer running Windows XP Professional to access the Linksys GUI
· Internal PC to act as a server in the DMZ with HTTP and Telnet servers installed (preconfigured or Discovery Live CD server)
· External server to represent the ISP and Internet (with preconfigured DHCP, HTTP, and Telnet servers running (real server with services installed or Discovery Live CD server)
· Cabling to connect the PC hosts, Linksys WRT300N or multi-function device, and switches

Part 1 – Configuring access policies
Step 1: Build the network and configure the hosts
a. Connect the host computers to switch ports on the multi-function device as shown in the topology diagram. Host-A is the console and is used to access the Linksys GUI. Host-B is initially a test machine but later becomes the DMZ server.
b. Configure the IP settings for both hosts using Windows XP Network Connections and TCP/IP properties. Verify that Host-A is configured as a DHCP client. Assign a static IP address to Host-B in the 192.168.1.x range with a subnet mask of 255.255.255.0. The default gateway should be the internal local network address of the Linksys device.
NOTE: If Host-B is already a DHCP client, you can reserve its current address and make it static using the DHCP Reservation feature on the Linksys Basic Setup screen.
c. Use the ipconfig command to display the IP address, subnet mask, and default gateway for Host-A and Host-B and record them in the table. Obtain the IP address and subnet mask of the external server from the instructor and record it in the table

Host IP Address Subnet Mask Default Gateway
Host A 192.168.10.1 255.255.255.0 192.168.10.1
Host B / DMZ server 192.168.20.1 255.255.255.0 192.168.20.1
Eksternal Server 192.168.30.1 255.255.255.0 192.168.30.1


Step 2: Log in to the user interface
a. To access the Linksys or multi-function device web-based GUI, open a browser and enter the default internal IP address for the device, normally 192.168.1.1.
b. Log in using the default user ID and password, or check with the instructor if they are different.
c. The multi-function device should be configured to obtain an IP address from the external DHCP server. The default screen after logging in to the multi-function device is Setup > Basic Setup. What is the Internet connection type?
Jawab
wireless internet connection
d. What is the default router (internal) IP address and subnet mask for the multi-function device?
Jawab:
· IP address : 192.168.1.1
· Subnet mask : 255.255.255.0

e. Verify that the multi-function device has received an external IP address from the DHCP server by clicking the Status > Router tab.
f. What is the external IP address and subnet mask assigned to the multi-function device?
Jawab:
· IP address : 192.168.2.1
· Subnet mask : 255.255.255.0
Step 3: View multi-function device firewall settings
a. The Linksys WRT300N provides a basic firewall that uses Network Address Translation (NAT). In addition, it provides additional firewall functionality using Stateful Packet Inspection (SPI) to detect and block unsolicited traffic from the Internet.
b. From the main screen, click the Security tab to view the Firewall and Internet Filter status. What is the status of SPI Firewall protection?
Jawab:
Status SPI firewall protection : enabled.
c. Which Internet Filter checkboxes are selected?
Jawab:
Internet filter yang digunakan : filter anonymous internet request, filter IDENT (port 113).
d. Click Help to learn more about these settings. What benefits does filtering IDENT provide?
Jawab:

Keuntungan memfilter IDENT Provide : mencegah penyusup dari luar menyerang router melalui internet.
Step 4: Set up Internet access restrictions based on IP address
In Lab 7.3.5, you saw that wireless security features can be used to control which wireless client computers can access the multi-function device, based on their MAC address. This prevents unauthorized external computers from connecting to the wireless access point (AP) and gaining access to the internal local network and the Internet.
The multi-function device can also control which internal users can get out to the Internet from the local network. You can create an Internet access policy to deny or allow specific internal computers access to the Internet based on the IP address, MAC address, and other criteria.
a. From the main multi-function device screen, click the Access Restrictions tab to define Access Policy 1.
b. Enter Block-IP as the policy name. Select Enabled to enable the policy, and then select Deny to prevent Internet access from a specified IP address.
c. Click the Edit List button and enter the IP address of Host-B. Click Save Settings and then Close. Click Save Settings to save Internet Access Policy 1 – Block IP.
d. Test the policy by attempting to access the external web server from Host-B. Open a browser and enter the IP address of the external server in the address area. Are you able to access the server?
Jawab:
Ya.
e. Change the status of the Block-IP Policy to Disabled and click Save Settings. Are you able to access the server now?
Jawab:
Tidak
f. What other ways can access policies be used to block Internet access?
Jawab:
Menggunakan proxy
Step 5: Set up an Internet access policy based on an application
You can create an Internet access policy to block specific computers from using certain Internet applications or protocols on the Internet.
a. From the main Linksys GUI screen, click the Access Restrictions tab to define an Internet Access Policy.
b. Enter Block-Telnet as the policy name. Select Enabled to enable the policy, and then click Allow to permit Internet access from a specified IP address as long as it is not one of the applications that is blocked.
c. Click the Edit List button and enter the IP address of Host-B. Click Save Settings and then Close. What other Internet applications and protocols can be blocked?
Jawab:
d. Select the Telnet application from the list of applications that can be blocked and then click the double right arrow to add it to the Blocked List. Click Save Settings.
e. Test the policy by opening a command prompt using Start > All Programs > Accessories > Command Prompt.
f. Ping the IP address of the external server from Host-B using the ping command. Are you able to ping the server?
Jawab:
Ya.
g. Telnet to the IP address of the external server from Host-B using the command telnet A.B.C.D (where A.B.C.D is the IP address of the server).
h. Are you able to telnet to the server?
Jawab:
Tidak.
NOTE: If you are not going to perform lab Part 2 at this time and others will be using the equipment after you, skip to Step 3 of Part 2 and restore the multi-function device to its default settings.

Part 2 – Configuring a DMZ on the multi-function device
Step 1: Set up a simple DMZ
It is sometimes necessary to allow access to a computer from the Internet while still protecting other internal local network computers. To accomplish this, you can set up a demilitarized zone (DMZ) that allows open access to any ports and services running on the specified server. Any requests made for services to the outside address of the multi-function device will be redirected to the server specified.
a. Host-B will act as the DMZ server and should be running HTTP and Telnet servers. Verify the Host-B has a static IP address or, if Host-B is a DHCP client, you can reserve its current address and make it static using the DHCP Reservation feature on the Linksys device Basic Setup screen.
b. From the main Linksys GUI screen, click the Applications & Gaming tab then click DMZ.
c. Click Help to learn more about the DMZ. For what other reasons might you want to set up a host in the DMZ?
Jawab:
Karena DMZ berguna untuk menambahkan lapisan keamanan untuk LAN.

d. The DMZ feature is disabled by default. Select Enabled to enable the DMZ. Leave the Source IP Address selected as Any IP Address, and enter the IP address of Host-B in the Destination IP address. Click Save Settings and click Continue when prompted.
e. Test basic access to the DMZ server by pinging from the external server to the outside address of the multi-function device. Use the ping –a command to verify that it is actually the DMZ server responding and not the multi-function device. Are you able to ping the DMZ server?
Jawab:
Ya.
f. Test HTTP access to the DMZ server by opening a browser on the external server and pointing to the external IP address of the multi-function device. Try the same thing from a browser on Host-A to Host-B using the internal addresses. Are you able to access the web page?
Jawab:
Ya.
g. Test Telnet access by opening a command prompt as described in Step 5. Telnet to the outside IP address of the multi-function device using the command telnet A.B.C.D (where A.B.C.D is the outside address of the multi-function device).
Are you able to telnet to the server?
Jawab:
Tidak.
Step 2: Set up a host with single port forwarding
The basic DMZ hosting set up in Step 6 allows open access to all ports and services running on the server, such as HTTP, FTP, and Telnet,. If a host is to be used for a particular function, such as FTP or web services, access should be limited to the type of services provided. Single port forwarding can accomplish this and is more secure than the basic DMZ, because it only opens the ports needed. Before completing this step, disable the DMZ settings for step 1.
Host-B is the server to which ports are forwarded, but access is limited to only HTTP (web) protocol.
a. From the main screen, click the Applications & Gaming tab, and then click Single Port Forwarding to specify applications and port numbers.
b. Click the pull-down menu for the first entry under Application Name and select HTTP. This is the web server protocol port 80.
c. In the first To IP Address field, enter the IP address of Host-B and select Enabled. Click Save Settings.
d. Test HTTP access to the DMZ host by opening a browser the external server and pointing to the outside address of the multi-function device. Try the same thing from a browser on Host-A to Host-B. Are you able to access the web page?
Jawab:
Ya.
e. Test Telnet access by opening a command prompt as described in Step 5. Attempt to telnet to the outside IP address of the multi-function device using the command telnet A.B.C.D (where A.B.C.D is the outside IP address of the multi-function device).
Are you able to telnet to the server?
Jawab:
Tidak
Step 3: Restore the multi-function device to its default settings
a. To restore the Linksys to its factory default settings, click the Administration > Factory Defaults tab.
b. Click the Restore Factory Defaults button. Any entries or changes to settings will be lost.
NOTE: The current settings can be saved and restored at a later time using the Administration > Management tab and the Backup Configuration and Restore Configuration buttons.

Read more...

CCNA Discovery 1 Module 9 Exam Answers Version 4.0

1. What should a network administrator do first after receiving a call from a user who cannot access the company web server?
• Ask the user what URL has been typed and what error message displays.

2. A customer called the cable company to report that the Internet connection is unstable. After trying several configuration changes, the technician decided to send the customer a new cable modem to try. What troubleshooting technique does this represent?
• substitution

3. Only one workstation on a particular network cannot reach the Internet. What is the first troubleshooting step if the divide-and-conquer method is being used?
• Check the workstation TCP/IP configuration.

4. Which two troubleshooting techniques are suitable for both home networks and large corporate networks? (Choose two.)
• documenting the troubleshooting process
• keeping a record of system upgrades and software versions

5. Identify two physical-layer network problems. (Choose two.)
• hardware failure
• loose cable connections

6. Which ipconfig command requests IP configuration from a DHCP server?
• ipconfig /renew

7. What command is used to determine the location of delay for a packet traversing the Internet?
• tracert

8. What command is used to determine if a DNS server is providing name resolution?
• nslookup

9. Which troubleshooting method begins by examining cable connections and wiring issues?
• bottom-up

10. A technician suspects that a Linksys integrated router is the source of a network problem. While troubleshooting, the technician notices a blinking green activity LED on some of the ports. What does this indicate?
• The ports are operational and are receiving traffic.

11. A PC is plugged into a switch and is unable to connect to the network. The UTP cable is suspected. What could be the problem?
• A crossover cable is being used.

12. Refer to the graphic. What configuration is incorrect in the network shown?
• The wired connection is the wrong type of cable.

13. Which three settings must match on the client and access point for a wireless connection to occur? (Choose three.)
• SSID
• authentication
• encryption key

14. A technician is troubleshooting a security breach on a new wireless access point. Which three configuration settings make it easy for hackers to gain access? (Choose three.)
• configuring NAT
• broadcasting the SSID
• using open authentication
• using the default internal IP address

15. Refer to the graphic. The wireless host cannot access the Internet, but the wired host can. What is the problem?
• The host WEP key is incorrect.

16. Refer to the graphic. What configuration is incorrect in the network shown?
• The host IP address is incorrect.

17. When acting as a DHCP server, what three types of information can an ISR provide to a client? (Choose three.)
• default gateway
• dynamic IP address
• DNS server address

18. What two items could be checked to verify connectivity between the router and the ISP? (Choose two.)
• router status page
• connectivity status as indicated by LEDs

19. A technician is unsuccessful in establishing a console session between a PC and a Linksys integrated router. Both devices have power, and a cable is connected between them. Which two troubleshooting steps could help to diagnose this problem? (Choose two.)
• Ensure the correct cable is used.
• Ensure the link status LED on the integrated router is lit.

20. Network baselines should be performed in which two situations? (Choose two.)
• after the network is installed and running optimally
• after major changes are implemented on the network

21. Typically, help desk personnel assist end users in which two tasks? (Choose two.)
• identifying when the problem occurred
• implementing the solution to the problem

22. How does remote-access software help in the troubleshooting process?
• Diagnostics can be run without a technician being present at the site.

23. Which two items should be added to the documentation following a troubleshooting event? (Choose two.)
• final resolution
• results of successful and unsuccessful troubleshooting steps

Read more...

CCNA Discovery 1 Module 8 Exam Answers Version 4.0

1. Identify three techniques used in social engineering. (Choose three.)
• vishing
• phishing
• pretexting

2. During a pretexting event, how is a target typically contacted?
• by phone

3. While surfing the Internet, a user notices a box claiming a prize has been won. The user opens the box unaware that a program is being installed. An intruder now accesses the computer and retrieves personal information. What type of attack occurred?
• Trojan horse

4. What is a major characteristic of a Worm?
• exploits vulnerabilities with the intent of propagating itself across a network

5. A flood of packets with invalid source-IP addresses requests a connection on the network. The server busily tries to respond, resulting in valid requests being ignored. What type of attack occurred?
• SYN flooding

6. What type of advertising is typically annoying and associated with a specific website that is being visited?
• popups

7. What is a widely distributed approach to marketing on the Internet that advertises to as many individual users as possible via IM or e-mail?
• spam

8. What part of the security policy states what applications and usages are permitted or denied?
• acceptable use

9. Which statement is true regarding anti-virus software?
• Only after a virus is known can an anti-virus update be created for it.

10. Which two statements are true concerning anti-spam software? (Choose two.)
• When anti-spam software is loaded, legitimate e-mail may be classified as spam by mistake.
• Even with anti-spam software installed, users should be careful when opening e-mail attachments.

11. What term is used to describe a dedicated hardware device that provides firewall services?
• appliance-based

12. Which acronym refers to an area of the network that is accessible by both internal, or trusted, as well as external, or untrusted, host devices?
• DMZ

13. Which statement is true about port forwarding within a Linksys integrated router?
• Only external traffic that is destined for specific internal ports is permitted. All other traffic is denied.

14. To which part of the network does the wireless access point part of a Linksys integrated router connect?
• internal

15. Refer to the graphic. What is the purpose of the Internet Filter option of Filter IDENT (Port 113. on the Linksys integrated router?
• to prevent outside intruders from attacking the router through the Internet

16. What statement is true about security configuration on a Linksys integrated router?
• Internet access can be denied for specific days and times.

17. What environment would be best suited for a two-firewall network design?
• a large corporate environment

18. What is one function that is provided by a vulnerability analysis tool?
• It identifies missing security updates on a computer.

19. Many best practices exist for wired and wireless network security. The list below has one item that is not a best practice. Identify the recommendation that is not a best practice for wired and wireless security.
• Disable the wireless network when a vulnerability analysis is being performed.

20. What best practice relates to wireless access point security?
• a change of the default IP address

21. Refer to the graphic. In the Linksys Security menu, what does the SPI Firewall Protection option Enabled provide?
• It requires that packets coming into the router be responses to internal host requests.

Read more...

CCNA Discovery 1 Module 7 Exam Answers Version 4.0

1. Why is IEEE 802.11 wireless technology able to transmit further distances than Bluetooth technology?
• has higher power output

2. What are three advantages of wireless over wired technology? (Choose three.)
• anytime, anywhere connectivity
• easy and inexpensive to install
• ease of adding additional devices

3. What are two benefits of wireless networking over wired networking? (Choose two.)
• mobility
• reduced installation time

4. A technician has been asked to provide wireless connectivity to the wired Ethernet network of a building. Which three factors affect the number of access points needed? (Choose three.)
• the size of the building
• the number of solid interior walls in the building
• the presence of microwave ovens in several offices

5. Why is security so important in wireless networks?
• Wireless networks broadcast data over a medium that allows easy access.

6. What does the Wi-Fi logo indicate about a wireless device?
• The device is interoperable with other devices of the same standard that also display the Wi-Fi logo.

7. Which statement is true concerning wireless bridges?
• connects two networks with a wireless link

8. Which WLAN component is commonly referred to as an STA?
• wireless client

9. Which statement is true concerning an ad-hoc wireless network?
• created by connecting wireless clients in a peer-to-peer network

10. Refer to the graphic. In the Wireless menu option of a Linksys integrated router, what does the Network Mode option Mixed mean?
• The router supports 802.11b, 802.11g, and 802.11n devices.

11. Refer to the graphic. In the Wireless menu of a Linksys integrated router, what configuration option allows the presence of the access point to be known to nearby clients?
• SSID Broadcast

12. Which two statements about a service set identifier (SSID) are true? (Choose two.)
• tells a wireless device to which WLAN it belongs
• all wireless devices on the same WLAN must have the same SSID

13. Which two statements characterize wireless network security? (Choose two.)
• With SSID broadcast disabled, an attacker must know the SSID to connect.
• Using the default IP address on an access point makes hacking easier.

14. What type of authentication does an access point use by default?
• Open

15. Which statement is true about open authentication when it is enabled on an access point?
• requires no authentication

16. What are two authentication methods that an access point could use? (Choose two.)
• EAP
• pre-shared keys

17. What is the difference between using open authentication and pre-shared keys?
• Pre-shared keys require an encrypted secret word. Open authentication does not require a secret word.

18. What term describes the encoding of wireless data to prevent intercepted data from being read by a hacker?
• encryption

19. What access-point feature allows a network administrator to define what type of data can enter the wireless network?
• traffic filtering


20. What are the two WEP key lengths? (Choose two.)
• 64 bit
• 128 bit

21. Complete the following sentence: WEP is used to ______ , and EAP is used to _____ wireless networks.
• encrypt; authenticate users on

Read more...

Lab 7.3.5 Configuring Wireless Security

Objectives

* Create a security plan for a home network.
* Configure the wireless access point (AP) portion of a multi-function device using security best practices.


Background / Preparation
A well-planned security implementation is critical to the safety of a wireless network. This lab goes over the steps that must be taken to ensure the safety of the network using the following scenario.

You have just purchased a Linksys WRT300N wireless router, and you want to set up a small network in your home. You selected this router because the IEEE 802.11n specification claims that it has 12 times the speed of an 802.11g and 4 times the range. Because the 802.11n uses 2.4 GHz, it is backward compatible with both the 802.11b and 802.11g and uses MIMO (multiple-in, multiple-out) technology.

You should enable security mechanisms before connecting your multi-function device to the Internet or any wired network. You should also change the default values provided, because they are well-known values that are easily obtainable on the Internet.

The following resources are required:

* Windows-based computer
* Linksys WRT300N
* Straight-through Ethernet cable


Step 1: Plan the security for your home network

1. List at least six security best practices that you should implement to secure your multi-function device and wireless network.

1) Kurangi kekuatan pancar antena WAP
2) Berikan security code
3) Aktifkan MAC address filter.
4) Ganti Password default
5) Disable Broadcast SSID
6) Disable DHCP Server

2. Describe what the security risk is for each item.

1) Kelemahan atau resikonya misalnya disebuah tempat usaha atau perusahaan maka semakin jauh titik akses dari akses point mengakibatkan kecepatan akses sangat terpengaruh atau bahkan tidak menjanjikan sama sekali.
2) Bagi orang yang tidak paham teknologi akan kebingungan dalam memberikan security code.
3) Jika seandainya MAC address seseorang client pernah diblokir pada suatu tempat, akan tetapi belum dibuka kembali maka tidak bisa digunakan pada tempat akses lain.
4) Jika password pada default diganti, akan susah mengetahui paswor yang baru jika tidak dikonfirmasikan terhadap teknisi.
5) Jika tidak diaktifkan kembali, maka titik access tidak dapat diditeksi oleh wireless adapter.
6) Jika di disabledkan maka hanya IP address yang telah diregisterkan yang bisa mengakses jaringan, sehingga jaringan tidak bersifat bebas layaknya wi-fi zone pada umumnya.

Step 2: Connect a computer to the multi-function device and log in to the web-based utility

1. Connect your computer (Ethernet NIC) to the multi-function device (port 1 on the Linksys WRT300N) by using a straight-through cable.
2. The default IP address of the Linksys WRT300N is 192.168.1.1, and the default subnet mask is 255.255.255.0. The computer and Linksys device must be on the same network to communicate with each other. Change the IP address of the computer to 192.168.1.2, and verify that the subnet mask is 255.255.255.0. Enter the internal address of the Linksys device (192.168.1.1) as the default gateway. Do this by clicking, Start > Control Panel > Network Connections. Right click on the wireless connection and choose Properties. Select the Internet Protocol (TCP/IP) and enter the addresses as shown below.
3. Open a web browser, such as Internet Explorer, Netscape, or Firefox and enter the default IP address of the Linksys device (192.168.1.1) into the address field and press Enter.
4. A screen appears, requesting your user name and password.



1. Leave the User name field blank and enter admin for the password. It is the default password on the Linksys device. Click OK. Remember that passwords are case-sensitive.
2. As you make the necessary changes on the Linksys device, click Save Settings on each screen to save the changes or click Cancel Changes to keep the default settings.


Step 4: Change the Linksys device password

a. The initial screen displayed is the Setup > Basic Setup screen.
b. Click the Administration tab. The Management tab is selected by default.
c. Type in a new password for the Linksys device, and then confirm the password. The new password must not be more than 32 characters and must not include any spaces. The password is required to access the Linksys device web-based utility and Setup Wizard.

4. The Web Utility Access via Wireless option is enabled by default. You may want to disable this feature to further increase security..
5. Click the Save Settings button to save the information.


NOTE: If you forget your password, you can reset the Linksys device to the factory defaults by pressing the RESET button for 5 seconds and then releasing it. The default password is admin.

Step 5: Configure the wireless security settings

1. Click the Wireless tab. The Basic Wireless Settings tab is selected by default. The Network Name is the SSID shared among all devices on your network. It must be identical for all devices in the wireless network. It is case-sensitive and must not be more than 32 characters.
2. Change the SSID from the default of linksys to a unique name. Record the name you have chosen:

Jawab:

3. Leave the Radio Band set to Auto. This allows your network to use all 802.11n, g, and b devices.
4. For SSID Broadcast, select the Disabled button to disable the SSID broadcast. Wireless clients survey the area for networks to associate with and will detect the SSID broadcast sent by the Linksys device. For added security, do not broadcast the SSID.
5. Save your settings before going to the next screen.


Step 6: Configure encryption and authentication

1. Choose the Wireless Security tab on the Wireless screen.
2. This router supports four types of security mode settings:

· WEP (Wired Equivalent Privacy)
· WPA (Wi-Fi Protected Access) Personal, which uses a pre-shared key (PSK)
· WPA Enterprise, which uses Remote Access Dial In User Service (RADIUS)
· RADIUS

d. Select WPA Personal Security Mode.
e. On the next screen, choose an Encryption algorithm.
To secure a network, use the highest level of encryption possible within the Selected Security mode.The following Security Modes and Encryption levels are listed from least secure (WEP) to mostsecure (WPA2 with AES)

· WEP
· WPA
· TKIP (Temporal Key Integrity Protocol)
· AES (Advanced Encryption System)
• WPA2
• TKIP
• AES

AES is only supported by newer devices that contain a co-processor. To ensure compatibility with all devices, select TKIP.

f. For authentication, enter a pre-shared key between 8 and 63 characters. This key is shared by the Linksys device and all connected devices.
g. Choose a key renewal period between 600 and 7200 seconds. The renewal period is how often the Linksys device changes the encryption key.
h. Save your settings before exiting the screen.

Step 7: Configure MAC address filtering

1. Choose the Wireless MAC Filter tab on the Wireless screen.
2. MAC address filtering allows only selected wireless client MAC addresses to have access to yournetwork. Select the radio button to Permit PCs listed below to access the wireless network. Click the Wireless Client List button to display a list of all wireless client computers on your network.
3. The next screen allows you to identify which MAC addresses can have access to the wireless network. Click the Save to MAC Address Filter List check box for any client device you want to add, and then click the Add button. Any wireless clients, other than those in the list will be prevented from accessing your wireless network. Save your settings before exiting the screen.


Step 8: Reflection

1. Which feature that you configured on the Linksys WRT300N makes you feel the most secure and why?

Jawab:

aplikasi atau program yang membuat saya merasa lebih aman dan nyaman ketika mengkonfigurasi ialah MAC address filtering. Alasannya karena pada aplikasi ini terdapat sebuah pilihan untuk memberikan izin access kepada client yang telah terlebih dahulu alamat IP dan MAC address nya dicantumkan atau didaftarkan.


2. Make a list of other items that could be done to make your network even more secure.

Jawab:

Pada pengaturan wireless kita pilih wireless security dan security modenya kita ganti dari disabled menjadi WEP sehingga dapat memberikan kunci berlapis. Atau pada system operasi windows biasa kita aktifkn juga menu firewall dan kita aktifkan juga menu SYS.

Read more...

Lab 7.2.6 Configuring a Wireless Client

Objective
• Install and configure a driver for a wireless USB NIC for a wireless client computer.
• Determine the version of the driver installed and check the Internet for updates.

Background / Preparation
In this lab you will install a driver for a wireless USB NIC in a computer. The driver is a type of software that controls the wireless NIC. The driver comes on a CD with the NIC or can be downloaded from the Internet. Many manufacturers require that the driver is installed before the adapter is connected. The procedure described in this lab is for a Linksys USB 802.11g wireless NIC, but is similar to others. You should always follow the procedure recommended by the wireless NIC manufacturer.
The following resources are required:
• Windows XP-based computer with an available USB port
• Wireless USB NIC and associated driver
• Administrator rights to install the driver
• Linksys WRT300N with wireless access configured from previous lab

Step 1: Install the wireless NIC driver
a. Insert the CD that contains the wireless NIC driver into the CD/DVD drive and install the driver according to the manufacturer recommendations. Most USB devices require that the driver be installed before the device is physically attached. Note that you may do part of the installation process now and part of it after the wireless NIC is installed.
b. Who is the manufacturer of the wireless NIC?
Jawab:
Linksys
c. Describe how you installed the wireless NIC driver.
Jawab :
Saya melakukan penginstalan driver terlebih dahulu dengan CD/DVD yang sudah di sediakan oleh produsen wireless NIC tersebut, setelah dilakukan penginstalan baru saya memasangkan perangkat UCB. Cara penginstalannya adalah:
o Masukkan CD.
o Buka webrowser kemudian masukkan alamat default IP-nya.
o Kemudian buka menu setup, seting sesuai kebutuhan. atur penggunaan IP static atau automating, dan tentukan range IP yang diizinkan mengakses.
o Kemudian buka menu wireless, atur network mode (ex: mixed), nama SSID, Radio band, dan yang terakhir enable kan SSID broadcast.
o Security sesuaikan dengan kebutuhan.
o Save setup.


Step 2: Install the wireless NIC
a. When prompted, connect the USB NIC cable to an available USB port. Click Next to continue.

Step 3: Attach to the wireless network
a. Most wireless NIC adapters have client software to control the NIC. The software shows any wireless networks that are discovered. Select the SSID of the wireless network that you configured on the AP in a previous lab.
b. Which SSID are you using?
Jawab:
c. If the wireless NIC did not connect to the wireless network, perform the appropriate troubleshooting.
d. What is the signal strength for the wireless NIC
Jawab;
Elektronika2
e. Did the wireless NIC see any other wireless networks in the area?
Jawab:
Ya
Why or why not?
Jawab:
Karena ada wireless adapter.
f. Show your active wireless connection to a fellow student or the lab assistant.
g. What is another name for a wireless host?
Jawab:
Elo_1Tes, elktronika UNP, elektronika1, elektronika2
h. Is it better to use the client software from the wireless NIC manufacturer or let Windows XP control the wireless NIC?
Jawab:
Lebih bagus menggunakan client siftware.
Step 4: Determine the NIC driver version
a. Hardware manufacturers continually update drivers. The driver that ships with a NIC or other piece of hardware is frequently not the most current.
b. To check the driver version for the NIC you installed, click Start, select Control Panel and then Network Connections. Right-click on the wireless connection and select Properties. Click the Configure button for the NIC and then the Driver tab. What is the name and version of the driver you installed?
Jawab:
Atheros AR5007EG Wireless Network Adapter

Step 5: Determine if the NIC driver is the most current
a. Search the NIC manufacturer web site for drivers that support the wireless NIC you installed. Are there more current ones available?
Jawab:
- Atheros AR5007EG Wireless Network Adapter
- Marvell Yukon 88E8039 PCI-E Fast Ethernet Controller
b. What is the most current one listed?
Jawab:
- Atheros AR5007EG Wireless Network Adapter

c. If there is a more current driver, how would you apply it?
Jawab;
Tinggal menambahkan satu buah NIC lagi.


Step 6: Verify connectivity
a. Once you have installed the NIC, it is time to verify connectivity with the Linksys WRT300N.
b. Open a web browser such as Windows Internet Explorer or Mozilla Firefox.
c. In the address line type http://192.168.1.1, which is the default setting on the AP.
d. In the Connect to 192.168.1.1 dialog box, leave the username text box empty, and type admin in thepassword text box. Leave the Remember my password checkbox unchecked. Click OK.
e. If you receive the Linksys Setup screen, you have established connectivity with the AP. If you do not establish connectivity, you will have to troubleshoot the connection by checking to ensure the devices are turned on and the IP addresses on all devices are correct. Which IP address should be configured on the wireless NIC?
Jawab:
Pada saat kita masuk pada pengaturan Linksys pada acses point, kita harus menyeting pada menu set up range IP yabg mana saja yang di izinkan untuk mengakses jaringan tersebut.
Step 7: Reflection
a. Do you think the process of setting up a wireless network at a food store or book store is any different from what you just did?
Jawab:
sama
Why or why not?
Jawab:
Karena alat yang digunakkan juga sama, dari mulai proses penginstalan sampai pengaturannya sama.ss
b. Do you think the AP model that you are using would be sufficient for the food store in your neighborhood? Why or why not?
Jawab:
Jika di toko buku dan toko makanan menggunakan PSK (Pre shared- Key), jadi pengunjung yang ingin menggunakan jaringan di berikan key atau password untuk wireless AP dapat mengontrol pengaksesan pada jaringan

Read more...

Lab 7.2.5 Configuring a Wireless Access Point

Objective

· Configure the wireless access point (AP) portion of a multi-function device to allow access to a wireless client.

Background / Preparation

The Linksys WRT300N includes an integrated 4-port switch, a router and a wireless Access Point (AP). In this lab, you will configure the AP component of the multi-function device to allow access for wireless clients. The basic wireless capabilities of the multi-function device will be configured but this will not be a secure wireless network. Setting up a secure wireless network will be covered in a later lab. The following resources are required:

· Windows XP based computer that is cabled to the multi-function device
· Linksys WRT300N

Step 1: Verify connectivity between the computer and the multi-function device

a. The computer used to configure the AP should be attached to one of the multi-function device’s switch ports.
b. On the computer, click the Start button and select Run. Type cmd and click OK or press Enter.
c. At the command prompt, ping the multi-function device using the default IP address 192.168.1.1 or the IP that has been configured on the multi-function device’s port. Do not proceed until the ping succeeds.
d. Write down the command used to ping the multi-function device

Jawab:

192.168.1.1

NOTE: If the ping is not successful, try these troubleshooting steps:

· Check to make sure the IP address of the computer is on the 192.168.1.0 network. The computer must be on the same network as the multi-function device to be able to ping it. The DHCP service of the multi-function device is enabled by default. If the computer is configured as a DHCP client it should have a valid IP address and subnet mask. If the computer has a static IP address, it must be in on the 192.168.1.0 network and the subnet mask must be 255.255.255.0.
· Make sure the cable is a known-good straight-through cable. Test to verify.
· Verify that the link light for the port where the computer is attached is lit.
· Check whether the multi-function device has power. If none of these steps correct the problem, check with your instructor.

Step 2: Log in to the multi-function device and configure the wireless network

a. Open a web browser. In the address line, type http://ip_address, where ip_address is the IP address of the wireless router (default is 192.168.1.1). At the prompt, leave the user name textbox empty, but type the password assigned to the router. The default password is admin. Click OK.
b. In the main menu, click on the Wireless option.
c. In the Basic Wireless Settings window, the Network Mode shows mixed by default, because the AP supports 802.11b, g, and n wireless devices. You can use any of these standards to connect to the AP. If the wireless portion of the multi-function device is NOT being used, the network mode would be set to Disabled. Leave the default of Mixed selected.
d. Delete the default SSID (linksys) in the Network Name (SSID) textbox. Enter a new SSID using your last name or name chosen by your instructor. SSIDs are case-sensitive.
e. Write down the exact SSID name that you are using.

Jawab:

f. Click on the Radio Band drop-down menu and write down the two options.
Jawab:

Auto

g. For a wireless network that can use 802.11b, g, or n client devices, the default is Auto. Auto allows the Wide Channel option to be chosen and gives the best performance. The Standard Channel option is used if the wireless client devices are 802.11b or g, or both b and g. The Wide Channel option is used if only 802.11n client devices are being used. Leave the default of Auto selected.
h. SSID Broadcast is set to enabled by default, which enables the AP to periodically send out the SSID using the wireless antenna. Any wireless devices in the area can detect this broadcast. This is how clients detect nearby wireless networks.
i. Click on the Save Settings button. When the settings have been successfully saved, click on Continue.
j. The AP is now configured for a wireless network with the name (SSID) that you gave it. It is important to write down this information before starting the next lab or attaching any wireless NICs to the wireless network.

Step 3: Reflection

a. How many wireless networks do you think could be configured in one classroom? What would limit this?
Jawab:

50 user

Mulai dari 192.168.10.1 – 192.168.10.50


b. What do you see as a potential security problem when you broadcast your SSID from the AP?
Jawab:

Jika kita tetap menggunakan setingan default pada SSID maka akses point kita akan mudah di serang oleh People attack, mereka akan mudah mengakses jaringn kita.

Read more...

Lab 6.2.3 Exploring FTP Objective

Demonstrate how to use FTP from the command prompt and GUI.
Background / Preparation
File Transfer Protocol (FTP) is part of the TCP/IP suite. FTP is used to transfer files from one network device
to another network device. Windows includes an FTP application that you can execute from the command prompt. There are also many free GUI versions of FTP that you can download. The GUI versions are easier to use than typing from a command prompt.
When using FTP, one computer is normally the server and the other computer is the client. When accessing the server from the client, you need to provide a username and password. Some FTP servers have a userID named anonymous. You can access these types of sites by simply typing “anonymous” for the userID, without a password. Usually, the site administrator has files that can be copied but does not allow files to be posted with the anonymous userID.
If your class does not have an FTP server available, you can download and install a freeware version, such as Home FTP Server or Cerberus FTP server. The FTP Server on a computer running the CCNA Discovery Live CD may also be used. Another computer will act as the FTP client by using FTP from the command line, a web browser, or download a freeware version of an FTP client, such as SmartFTP Client or Core FTP LE client. Work in teams of two to complete this lab.
The following resources are required:
Windows-based computer with an FTP client
FTP server (Existing FTP server, downloaded freeware, or use Live CD)
Step 1: Examine FTP from the command prompt
a. Click the Start button, select Run, type cmd on the command line, and then click OK.
b. At the prompt, type ftp to start the FTP application. The prompt changes.
c. From the ftp prompt, type ? to see a list of the commands that can be used in this mode.

d. List three FTP commands.:append,ascii,bell
e. At the prompt, type help put to see a short description of the put command.
f. What is the purpose of the put command? send one file
g. Use the help command again to get the purpose of the get, send, and recv commands.
Get receive file
send send one file
recv receive file
NOTE: The original FTP commands were PUT to send a file to an FTP server and GET to download a file from the FTP server. You also had to select ASCII or binary file mode. If you download a binary file in ASCII mode it could end up being corrupted. Some of the newer graphical programs now use send and receive in their place.
h. Partner with another student. Using procedures demonstrated in previous labs, write down the names and IP addresses of each partner computer. It is very important to get these names correct. Some FTP applications allow you to use either the IP address or the computer name.
Computer 1:
Computer 2:
Step 2: Use a GUI FTP client or web browser
a. If you are using a web browser as the FTP client, open the web browser and type
ftp://ip address of FTP server. If the FTP server is configured to use an anonymous userID, connect directly to the FTP server. Using the FTP client, download an available file from the server.
b. If you are using a GUI FTP client, open the application. For most FTP clients, you must configure a new connection by giving it a name, the IP address of the FTP server, and a username and password. You may have to type anonymous if the FTP server allows this type of connection. Some applications have a checkbox that allows an anonymous login. When you have configured the connection, connect to the FTP server and download a file.
c. What is the name of the file you downloaded from the FTP server?
d. List one example of when FTP might be beneficial to a computer technician.
Step 3: (Optional) Use both an FTP server and client
a. If you control both the FTP server and client, practice sending files to and getting files from the client and the server.
b. Show your transferred files to another group of students.
c. Close the FTP server and client applications.

Read more...

CCNA DISCOVEY 1.6

NAMA : FANI AYU FRASTIKA
NIM/BP: 02845/08
PEND. TEKNIK INFORMATIKA

CCNA Discovery 1 Module 6 Exam Answers Version 4.0
1. A user types www.cisco.com into a web browser address textbox. What does www.cisco.com represent?
• the IP address of a web server

2. What type of server would use IMAP?

• e-mail


3. Which type of server would most likely be used first by a network client in a corporate environment?

• DHCP


4. Which protocol is used by FTP to transfer files over the Internet?
• TCP


5. Which protocols are TCP/IP application layer protocols? (Choose two.)

• FTP

• SMTP


6. Which of the following are layers of the TCP/IP model? (Choose three.)
• Application

• Internet

• Presentation

7. You are creating a network-based video game. What influences your decision about which transport protocol to use for the application?
• UDP will not disrupt the game to retransmit dropped packets.

8. Whenever e-mail clients send letters, what device is used to translate the domain names into their associated IP addresses?

• DNS server

9. Which application is most likely used to translate www.cisco.com to 198.133.219.25?

• DNS


10. Refer to the graphic. Which protocol is used to access this website?

• HTTP

11. Which port number is used by SMTP?

• 25


12. Which protocol is used by e-mail servers to communicate with each other?


• SMTP
13. What client software enables logged in users to communicate with other logged in users in real time?

• instant messaging

14. An Internet server is running both FTP and HTTP services. How does the server know which of these applications should handle an incoming segment?
• The segment destination port number identifies the application that should handle it.

15. What term is used to describe how TCP/IP protocols are layered and interact to format, address, and transmit information across a network?
• protocol stack

16. What three items are contained in an Ethernet frame? (Choose three.)
• source IP address
• source MAC address
• destination MAC address
• error-checking information

17. What information is contained in an IP header?
• source and destination IP addresses

18. Cabling issues are associated with which OSI layer?
• 1

19. A device receives an Ethernet frame and recognizes the MAC address as its own. What does the device do to the message to get to the encapsulated data?

• removes the Ethernet header and trailer

20. A client has decoded a frame and started the de-encapsulation process. In which order does the de-encapsulation process occur?

• 1) remove Ethernet header and trailer
2) remove IP header
3) remove TCP header
4) pass data to the application
.
• It prevents changes in one layer from affecting other layers.
.

22. What is the correct order of the layers of the OSI reference model, starting at the lowest layer and working up the model?

• physical, data link, network, transport, session, presentation, application

Read more...

Jawaban quiz CCNA chapter 6

1. 1. The part of message that is missing is retransmitted

2. 2. DNS => A user request a website by typping in it’s name
E-mail => Internet protocol enable user to send the message to each other over the internet
File transfer => A user upload new to his or her website
DHCP => A workstation gets its ip address automaticly
Web service => A user types in a URL and a page loads in the client browser
Telnet => A network technician logs into a workstation from the remote site

3. 3. DNS server => translate a domain name to an ip address
Commond DNS port number => 53
Domain name => cisco.com

4. 4. DNS

5. 5. Web server => host a web page
Web client => request a web page
HTML => used to create web page
HTTPS => secure protocol that uses port 443
HTTP=> protocol commonly used by a web browser

6. 6. Protocol used to process e-mail
• SMTP
• IMAP4
• POP3
7. 7. VoIP

8. 8. DHCP => 68
DNS=> 53
FTP data=> 20
HTTP=> 80
HTTPS=> 443
POP3=> 110
SNMP=161
Telnet=> 23

9. 9. FTP, POP3, , DHCP

Read more...

Lab 6.2.1 Observing DNS Name Resolution Objectives

• Observe the conversion of a URL to an IP address.
• Observe DNS lookup using the nslookup command.
Background / Preparation
Domain Name System (DNS) is invoked when you type a Uniform Resource Locator (URL), such as http://www.cisco.com, into a web browser. The first part of the URL describes which protocol is being used. Common ones are HTTP (Hypertext Transfer Protocol), HTTPS (Hypertext Transfer Protocol over Secure Socket Layer), and FTP (File Transfer Protocol).
DNS uses the second part of the URL, which in this example is www.cisco.com. DNS translates the domain name (like www.cisco.com) to an IP address in order to allow the source host to reach the destination host. Work in pairs to complete this lab.
The following resources are required:
• Windows-based computer with Internet connectivity
• Access to the Run command
Step 1: Observe DNS conversion
a. Click the Start button, select Run, type cmd, and then click OK. The command prompt window appears.
b. At the command prompt, type ping www.cisco.com. The computer needs to translate www.cisco.com into an IP address so it knows where to send the Internet Control Message Protocol (ICMP) packets. Ping is a type of ICMP packet.
c. The first line of the output shows www.cisco.com converted to an IP address by DNS. You should be able to see the effect of DNS even if your school has a firewall that prevents pinging, or if Cisco has prevented people from pinging their web server.


d. Which IP address is shown on the screen? 96.6.224.170
e. Is it the same as the one shown in the figure? No it’s not Why do you think this occurred? _
f. Work together with another student and discuss one or two other instances (besides the ping command) in which the computer would use DNS.
DNS.core FTP Lite
Step 2: Verify DNS operation using the nslookup command
a. At the command prompt, type the nslookup command.
b. What is the default DNS server being used? ns4.unp.ac.id
c. Notice how the command prompt changed. This is the NSLOOKUP prompt. From this prompt, you can enter commands related to DNS.
d. At the prompt, type ? to see a list of all the available commands that you can use in NSLOOKUP mode.
e. Write three commands that you can use with NSLOOKUP. _
1.[no]debug :print debugging information, 2.[no]d2 :print exhaustive debugging information
3.[no]defname :append domain name to each query
____________________________________________________________________________
____________________________________________________________________________
f. At the NSLOOKUP prompt, type www.cisco.com.
g. What is the translated IP address? 60.254.168.170
h. Is it the same as the IP address shown with the ping command? _no it’s not
i. At the prompt, type the IP address of the Cisco web server that you just found. You can use NSLOOKUP to get the domain name of an IP address if you do not know the URL.
Using the previous procedures, find an IP address associated with www.google.com. _deploy.akamaitechnologies.com___
Step 3: Identify mail servers using the nslookup command
a. At the prompt, type set type=mx to have NSLOOKUP identify mail servers.
b. At the prompt, type www.cisco.com.
What is the primary name server, the responsible mail address, and the default Time to Live (TTL)? Ns4.unp.ac.id
c. At the prompt, type exit to return to the regular command prompt.
d. At the prompt, type ipconfig /all.
e. Write the IP addresses of all the DNS servers that your school uses.
192.168.194.129 , 10.1.1.5 , 202.134.0.155
f. Type exit to close the command prompt window.

Step 4: Reflection
a. If your school did not have a DNS server, what effect would this have on your use of the Internet?
________but my school have a DNS server!!!!
I’m so sorry____________________________________________________________________
____________________________________________________________________________
____________________________________________________________________________
b. Some companies do not dedicate a single server for DNS. Instead, the DNS server provides other functions as well. Which functions do you think might be included on a DNS server? Use the ipconfig /all command to help you with this.
____________________________________________________________________________

Read more...

Tugas CCNA chapter 5

Background / Preparation
Network technicians work with binary, decimal, hexadecimal numbers with computers and networking devices. In this lab you will use the Windows Calculator application to convert between the binary, decimal, and hexadecimal number systems. You will also use the powers function to determine the number of hosts that can be addressed based on the number of bits available.
The following resources are required:
• PC with Windows XP installed and functional
Step 1: Access Windows Calculator and determine mode of operation
a. From the Start button menu, select All Programs > Accessories, and click on Calculator. An
alternate method of starting the Calculator application is to access the Start menu, click on Run, type
calc and press Enter. Try both methods.
b. Once the Calculator application opens, select the View menu option.
c. Which mode [Standard | Scientific] is currently active? Mode yang aktif ialah model kalkulator standar.
d. Select the Standard mode. This is a basic mode for simple calculations. How many mathematical
functions are available in this mode?fungsi matematika yang terdapat pada kalkulator standar hanya ada 7 fungsi

e. From the View menu option, select the Scientific Calculator mode.



f. How many mathematical functions are available in this mode? Model operasi matematika pada kalkulator Scientific ada 33 fungsi jika telah aktif semua

Step 2: Convert between number systems
a. Access Scientific mode. Notice the number system modes available—Hex (Hexadecimal), Dec
(Decimal), Oct (Octal), and Bin (Binary).
b. Which number system is currently active? Number system yang aktif pada Scientific mode pada awal pertama dijalankan ialah Dec yang artinya Desimal.
c. Which numbers on the number pad are active in Decimal mode? Pada mode decimal seluruh angka dari 0-9 aktif.
Click on the Bin (Binary) mode radio button. Which numbers on the number pad are now active? Pada mode Binary angka yang aktif hanya 0 dan 1

d. Why do you think the other numbers are grayed out? Karena pada pengoperasian bilangan binary angka yang dikenal hanya 1 dan 0. Pada binary angka yang bisa dioperasikan hanya 1 dan 0.
e. Click on the Hex (Hexadecimal) mode radio button.

f. Which characters on the number pad are now activated? Jika menggunakan mode hexadecimal pada pad number ditamabah dengan aktifnya komponen huruf A, B, C, D, E, F.
g. Click on the Dec radio button. Using your mouse, click on the number 1 followed by the number 5 on
the number pad. The decimal number 15 has now been entered. Click on the Bin radio button.
h. What happened to the number 15 listed in the textbox at the top of the window? Ketika diganti ke mode Bin angka 15 berubah menjadi 1111

i. By selecting different modes, numbers are converted from one number system to another. Select Dec
mode again. The number in the window converts back to decimal. Select the Hex mode.
j. Which hexadecimal character (0 through 9 or A through F) represents decimal 15? Ketika angka 15 dikonvresikan ke hexadecimal yang muncul ialah F.

k. Clear the number 15 in the window. Select Dec mode again. Not only can the mouse be used to enter numbers, but the numerical keypad on the keyboard as well as numbers on the keyboard can also be used. Using the numerical keypad to the right of the ENTER key, type the number 22. Note that if the number does not enter into the calculator, press the Num Lock key to enable the numeric keypad. While the number 22 is showing in the calculator, use the number keys across the top of the keyboard to add a 0 to the number 22 (220 should now be on the calculator). Select the Bin radio button.
l. What is the binary equivalent of 220? Hasil konversi decimal 220 ke Binary menghasilkan 11011100
m. Clear the number 220 in the window. From Binary mode, type in the following binary number:
11001100. Select the Dec radio button.
n. What is the decimal equivalent to the binary number of 11011100? Hasil konversi bilangan Bin 11011100 pada decimal ialah 220
o. Convert the following decimal numbers to binary.
DECIMAL BINARY
86 1010110
175 10101111
204 11001100
19 10011

p. Convert the following binary numbers to decimal.
BINARY DECIMAL
11000011 195
101010 42
111000 56
10010011 147

Step 3: Convert host IP addresses
a. Computer hosts usually have two addresses, an Internet Protocol (IP) address and an Ethernet Media Access Control (MAC) address. For the benefit of humans, the IP address is normally represented as a dotted decimal notation, such as 135.15.227.68. Each of the decimal octets in the address or a mask can be converted to 8 binary bits. Remember that the computer only understands binary bits. If all 4 octets were converted to binary, how many bits would there be?karena masing-masing octet terdiri dari 8 bit jika diterjemahkan akan terdapat 32 bit
b. IP addresses are normally shown with four decimal numbers ranging from 0 to 255 and separated by a period. Convert the 4 parts of the IP address 192.168.10.2 to binary.
Decimal Binary
192 11000000
168 10101000
10 1010
2 10
c. Notice in the previous problem how the 10 converted to only four digits and the number 2 converted
to only two digits. When IP addresses can have any number from 0 to 255 in each position, eight digits are normally used to represent each number. In the previous example, eight digits were needed to convert 192 and 168 to binary, but 10 and 2 did not need as many digits. Normally 0s are added to the left of the digits to have eight digits in binary for each IP address number. The number 10 would be shown as 00001010. Four extra zeros are added to the front of the other four binary digits.
d. On the calculator in Binary mode, enter the digits 00001010 and select the Dec radio button.
e. Which decimal number is equivalent to 00001010? Setelah dikonfersikan kebilangan desimal hasilnya 10
f. Did adding “leading” zeros affect the number any? Tidak, angka nol didepan tidak berpengaruh.
g. What would the number 2 (in the previous example) be if you were to make it eight digits? 00000010
itu hasilnya jika dikonversi kedalam 8 bilangan bit.
Step 4: Convert host IP subnet masks
a. Subnet masks, such as 255.255.255.0, are also represented as dotted decimal. A subnet mask will always consist of four 8-bit octets, each one represented as a decimal number. With the exception of decimal 0 (all 8 binary zeros) and decimal 255 (all 8 binary ones), each octet will have some number of ones on the left and some number of zeros on the right. Convert the 8 possible decimal subnet octet values to binary.


decimal binary
0 00000000
128 10000000
192 11000000
224 11100000
240 11110000
248 11111000
25 11111100

254 11111110

255 11111111
b. Convert the four parts of the subnet mask 255.255.255.0 to binary.
Decimal BInary
255 11111111
255 11111111
255 11111111
0 00000000
Step 5: Convert broadcast addresses
a. Computer hosts and network devices use broadcast addresses to send messages to all hosts.
Convert the following broadcast addresses.
Address Binary
IP broadcast
255.255.255.255 11111111. 11111111. 11111111. 11111111
MAC broadcast
FF:FF:FF:FF:FF:FF 11111111. 11111111. 11111111. 11111111. 11111111. 11111111



Step 6: Convert IP and MAC addresses for a host
a. Click the Start button, select Run, type cmd, and press Enter. From the command prompt, type ipconfig /all.

b. Make a note of the IP address and physical address (also known as a MAC address).
IP Address:
MAC Address:
c. Using the calculator, convert the four numbers contained in the IP address to binary.
Ip addressnya ialah 192.168.194.189
Decimal Binary
192 11000000
168 10101000
194 11000010
189 10111101
d. The MAC or physical address is normally represented as 12 hexadecimal characters, grouped in pairs and separated by dashes (-). Physical addresses on a Windows-based computer are shown in a format of xx-xx-xx-xx-xx-xx, where each x is a number from 0 to 9 or a letter from a to f. Each of the hex characters in the address can be converted to 4 binary bits which is what the computer understands. If all 12 hex characters were converted to binary, how many bits would there be? Akan ada 96 biner yang terbentuk
e. Convert each of the hexadecimal pairs to binary. For example, if the number CC-12-DE-4A-BD-88-34 was the physical address, convert the hexadecimal number CC to binary (11001100). Then convert the hexadecimal number 12 to binary (00010010) and so on. Be sure to add the leading zeros for a total of 8 binary digits per pair of hex digits.
Hexadecimal binary
00 0
16 10110
44 1000100
F5 11110101
F2 11110010
52 1010010

Step 7: Manipulate powers of 2 to determine the number of hosts on a network
a. Binary numbers use two digits, 0 and 1. When you calculate how many hosts can be on a subnetwork, you use powers of two because binary is being used. As an example, we have a subnet mask that leaves six bits in the host portion of the IP address. In this case, the number of hosts on that network is 2 to the 6th power minus 2 (because you need a number to represent the network and a number that can be used to reach all the hosts—the broadcast address). The number 2 is always used because we are working in binary. The number 6 is the number of bits that are used for the host bits.
b. On the calculator, in Dec mode, input the number 2. Select the x^y key, the key which raises a number to a power. Input the number 6. Click on the = key, press Enter on the keyboard, or press the= key on the keyboard—all give the total. The number 64 appears in the output. To subtract two, click on the minus (-) key and then the 2 key followed by the = key. The number 62 appears in the output. This means 62 hosts could be utilized.
c. Using the previously described process, determine the number of hosts if the following number of bits are used for host bits.
No. of Bits Used for
Hosts No. of Hosts
5 30 hosts
14 16382 hosts
24 16777214 host
10 1022 hosts
d. Using a similar technique as learned previously, determine what 10 to the 4th power equals.
Maka diperoleh 9998
e. Close the Windows Calculator application.

Step 8: (Optional) Determine the network number and number of hosts based on subnet mask
a. Given the IP network address of 172.16.203.56 and a subnet mask of 255.255.248.0, determine the network portion of the address and calculate how many hosts can be created from host bits left.
b. Start by converting the 4 octets of the decimal IP address to binary and then convert the decimal subnet mask to binary. Remember to include leading zeros when converting to binary in order to make a total of 8 bits per octet.
Decimal IP address
and subnet mask Binary IP address and subnet mask
172.16.203.56 10101100.00010000.11001011.00111000
255.255.248.0 11111111.11111111.11111000.00000000
c. Align the 32 bits of the subnet mask to the 32 bits of the IP address and compare them. The bits in the IP address that align with the ones bits in the subnet mask represent the network number. What is the binary and decimal network number for this IP address? Determine the binary address first (include all 32 bits) and then convert it to decimal.
Binary network address:
10101100.00010000.11001011.00111000
11111111.11111111.11111000.00000000

10101100.00010000.11001000.00000000

Decimal network address:
172.16.200.0

d. How many ones bits are in the subnet mask? Banyak bit di subnet mask = 2n = 23=8
e. How many bits are left for host bits? Host = 2n-2= 25-2= 30

f. How many hosts can be created with the bits left? Host =2n-2= 211-2= 2046

Step 9: Reflection
a. List one other thing for which you might use the Windows Calculator scientific mode. It does not have to be related to networking.
Fungsi dari kalkulator bawaan microsoft bukan hanya sebagai alat operasi hitung dasar. aplikasi ini dapat digunakan untuk mengkonversi nilai dari satu satuan ke satuan yang lain.

Read more...