Gaurav

Saturday, 20 October 2012

COLOR-CODE STANDARDS

Again, please bear with me... Let's start with simple pin-out diagrams of the two types of UTP Ethernet cables and watch how committees can make a can of worms out of them. Here are the diagrams:

Note that the TX (transmitter) pins are connected to corresponding RX (receiver) pins, plus to plus and minus to minus. And that you must use a crossover cable to connect units with identical interfaces. If you use a straight-through cable, one of the two units must, in effect, perform the cross-over function.
Two wire color-code standards apply: EIA/TIA 568A and EIA/TIA 568B. The codes are commonly depicted with RJ-45 jacks as follows (the view is from the front of the jacks):

If we apply the 568A color code and show all eight wires, our pin-out looks like this:

Note that pins 4, 5, 7, and 8 and the blue and brown pairs are not used in either standard. Quite contrary to what you may read elsewhere, these pins and wires are not used or required to implement 100BASE-TX duplexing--they are just plain wasted.

However, the actual cables are not physically that simple. In the diagrams, the orange pair of wires are not adjacent. The blue pair is upside-down. The right ends match RJ-45 jacks and the left ends do not. If, for example, we invert the left side of the 568A "straight"-thru cable to match a 568A jack--put one 180° twist in the entire cable from end-to-end--and twist together and rearrange the appropriate pairs, we get the following can-of-worms:

This further emphasizes, I hope, the importance of the word "twist" in making network cables which will work. You cannot use an flat-untwisted telephone cable for a network cable. Furthermore, you must use a pair of twisted wires to connect a set of transmitter pins to their corresponding receiver pins. You cannot use a wire from one pair and another wire from a different pair.

Keeping the above principles in mind, we can simplify the diagram for a 568A straight-thru cable by untwisting the wires, except the 180° twist in the entire cable, and bending the ends upward. Likewise, if we exchange the green and orange pairs in the 568A diagram we will get a simplified diagram for a 568B straight-thru cable. If we cross the green and orange pairs in the 568A diagram we will arrive at a simplified diagram for a crossover cable. All three are shown below.

ETHERNET CABLE: COLOR-CODE STANDARDS

The information listed here is to assist Network Administrators in the color coding of Ethernet cables. Please be aware that modifying Ethernet cables improperly may cause loss of network connectivity. Use this information at your own risk, and insure all connectors and cables are modified in accordance with standards. The Internet Centre and its affiliates cannot be held liable for the use of this information in whole or in part.

T-568A Straight-Through Ethernet Cable

The TIA/EIA 568-A standard which was ratified in 1995, was replaced by the TIA/EIA 568-B standard in 2002 and has been updated since. Both standards define the T-568A and T-568B pin-outs for using Unshielded Twisted Pair cable and RJ-45 connectors for Ethernet connectivity. The standards and pin-out specification appear to be related and interchangeable, but are not the same and should not be used interchangeably.

T-568B Straight-Through Ethernet Cable

Both the T-568A and the T-568B standard Straight-Through cables are used most often as patch cords for your Ethernet connections. If you require a cable to connect two Ethernet devices directly together without a hub or when you connect two hubs together, you will need to use a Crossover cable instead.

RJ-45 Crossover Ethernet Cable

A good way of remembering how to wire a Crossover Ethernet cable is to wire one end using the T-568A standard and the other end using the T-568B standard. Another way of remembering the color coding is to simply switch the Green set of wires in place with the Orange set of wires. Specifically, switch the solid Green (G) with the solid Orange, and switch the green/white with the orange/white.
Ethernet Cable Instructions:

Pull the cable off the reel to the desired length and cut. If you are pulling cables through holes, its easier to attach the RJ-45 plugs after the cable is pulled. The total length of wire segments between a PC and a hub or between two PC's cannot exceed 100 Meters (328 feet) for 100BASE-TX and 300 Meters for 10BASE-T.

Start on one end and strip the cable jacket off (about 1") using a stripper or a knife. Be extra careful not to nick the wires, otherwise you will need to start over.

Spread, untwist the pairs, and arrange the wires in the order of the desired cable end. Flatten the end between your thumb and forefinger. Trim the ends of the wires so they are even with one another, leaving only 1/2" in wire length. If it is longer than 1/2" it will be out-of-spec and susceptible to crosstalk. Flatten and insure there are no spaces between wires.

Hold the RJ-45 plug with the clip facing down or away from you. Push the wires firmly into the plug. Inspect each wire is flat even at the front of the plug. Check the order of the wires. Double check again. Check that the jacket is fitted right against the stop of the plug. Carefully hold the wire and firmly crimp the RJ-45 with the crimper.

Check the color orientation, check that the crimped connection is not about to come apart, and check to see if the wires are flat against the front of the plug. If even one of these are incorrect, you will have to start over. Test the Ethernet cable.

Ethernet Cable Tips:

A straight-thru cable has identical ends.

A crossover cable has different ends.

A straight-thru is used as a patch cord in Ethernet connections.

A crossover is used to connect two Ethernet devices without a hub or for connecting two hubs.

A crossover has one end with the Orange set of wires switched with the Green set.

Odd numbered pins are always striped, even numbered pins are always solid colored.

Looking at the RJ-45 with the clip facing away from you, Brown is always on the right, and pin 1 is on the left.

No more than 1/2" of the Ethernet cable should be untwisted otherwise it will be susceptible to crosstalk.

Do not deform, do not bend, do not stretch, do not staple, do not run parallel with power cables, and do not run Ethernet cables near noise inducing components.

Basic Theory:

By looking at a T-568A UTP Ethernet straight-thru cable and an Ethernet crossover cable with a T-568B end, we see that the TX (transmitter) pins are connected to the corresponding RX (receiver) pins, plus to plus and minus to minus. You can also see that both the blue and brown wire pairs on pins 4, 5, 7, and 8 are not used in either standard. What you may not realize is that, these same pins 4, 5, 7, and 8 are not used or required in 100BASE-TX as well. So why bother using these wires, well for one thing its simply easier to make a connection with all the wires grouped together. Otherwise you'll be spending time trying to fit those tiny little wires into each of the corresponding holes in the RJ-45 connector.

Thursday, 18 October 2012

Mimecast Security Systems

What are the Mimecast Security Systems?

When Mimecast processes an inbound email, certain checks and scans are performed to ensure that only legitimate emails are accepted. Part of this processing includes Mimecast’s proprietary ARMed SMTP (Advanced Reputation Management), which helps to make inbound email scanning more efficient and effective by looking at the reputation of the sending IP and email address. Mimecast uses a combination of Policies, reputation checks, anti-spam and virus systems to detect, and if necessary, reject any unwanted emails.

Why use the Mimecast Security Systems?

There are many types of malware that could target your environment, and cause theft of data, irritation, loss of productivity, and other immeasurable losses. Mimecast provides a series of checks for all inbound email to prevent spam and malware. The order of these checks is significant, as it will assist you when troubleshooting delayed or failed inbound and outbound emails.

The following flow-chart shows the various steps involved in processing an inbound email, with a brief explanation of each point below:

1. Inbound lockout Policy:

This Policy blocks spoof attempts. In this way, if a spammer falsifies their sending address to masquerade as an internal domain address, Mimecast will reject the email.

2/3. Blocked Senders Policy:

This includes both those block entries created by the Administrator and those created by individuals. These Policies reject the connection, and as with all other rejections, the connection is dropped in protocol. This means that the email data cannot be released/retrieved, as it is not present in Mimecast.

4/5. Permitted Senders Policy:

Again these include global and individual Permit Policies. Permitted Sender Policies will bypass all spam checks (reputation-based and content-based), but not anti-virus checks. If an email address or domain is in both the Permit and Block Policy, as the Blocked Senders Policy is applied first, the email would be rejected. For example, an end user may have Permitted an email address, but the Administrator has Blocked that entire domain at a global level. In this case, the email would have the Block Policy applied first, and so be rejected.

6. Auto Allow Policy:

When an internal user sends an email outbound, Mimecast captures the recipient’s email address, and adds it to a database known as Auto Allow. When this recipient then sends an email inbound to the Mimecast user, Mimecast checks against this database, and if a match is found, the inbound email will be allowed through without applying additional spam reputation checks and content checks – similar to a permitted sender (virus checks are still applied).

7. IP reputation checks:

a. Real-time Blackhole List (RBL) are applied next. RBL’s contain the IP addresses of known malware senders. Mimecast uses its own Real-Time IP Block List, along with 3 other commercial DNS RBL’s.

b. The other IP reputation check functions as a global network outbreak detection system, which allows Mimecast to be the first responder to many malware threats, both known and unknown. This reputation service temporarily defers connections if they are suspected to have a bad reputation.

Note that IP Reputation checks are bypassed by the Auto Allow and Permitted Sender Policies.

8. Greylisting:

Compliance checks are applied to the sender’s mail server for all connections not previously seen before by Mimecast. Mimecast gives a busy signal, which prompts the sending server to retry the email delivery after 1 minute. If the sender’s mail server retries the connection, the email is processed. If the email is not retried within 12 hours, the email connection is dropped and rejected.

Note that Greylisting is bypassed by the Auto Allow and Permitted Sender Policies.

9. Recipient validation:

Recipient validation is used to prevent inbound emails with invalid recipient addresses. To be effective, spammers send out numerous emails, most of which are guessed or a result of directory harvesting.

Mimecast uses different types of recipient validation, and this is configured against each domain in Mimecast.

10. Next the emails are moved to the scanners.

a. Spam scanning: Mimecast uses multiple content-based, heuristic scanning engines. These engines examine the content of emails, and look for key phrases and other identifiers commonly used by spammers. These include content-matching rules, and also DNS-based, checksum-based and statistical filtering definitions. Depending on the policy configured, if a match is found, the email is held for review.

Note that spam scanning is bypassed by the Auto Allow and Permitted Sender Policies.

b. Virus scanning: Mimecast uses its own proprietary software, as well as market leading Commercial software, providing malware protection software with combined intelligence gathered from the millions of commercial and freeware users. Mimecast’s engines combine signature and heuristic malware detection technologies. These detection systems work on-the-wire, which also allows Mimecast to shut off viral and intrusive transmissions early. Any email which matches a malware signature will be rejected.

11. Content Policies:

If Content Policies have been configured, emails are then scanned for any text matches. Content Policies can be configured to scan the content of an email for a word, phrase or combination thereof. Matches can then be held for review, encrypted or sent using Mimecast’s secure mail (CCM – Closed Circuit Messaging).

12. Attachment scanning:

Attachment Policies are configured to look for certain attachment types and sizes. If found, the following actions can take place:

a. Hold for Review: Email delivery is interrupted, and a Notification or a Digest is sent to the recipient.

b. Deny (strip): Removes the attachment from the email, but delivers the email to the recipient. The email content is modified to include a note on the details of the attachment that has been denied. The user is able to contact the Administrator to have the attachment released, if necessary.

c. Strip and Link: The attachment is removed from the email, and is replaced with an FTP download link within the body of the message. The user has the ability to download the attachment using the FTP link.

During these checks, any email that matches a security Policy will be rejected in protocol. Any scanning engine match may be sent to the Hold Review Queue, or if it is an attachment, this may be stripped. Ultimately, emails that pass all these checks will be accepted, and moved to the Delivery Queue for final delivery to the recipients mail server.

An Exchange 2007 Server Stops Responding to a MAPI Client

This problem may occur if a MAPI client opens more than the maximum number of server objects. In Exchange 2007, the number of server-side objects that are allowed to be opened by a single MAPI session is limited. This behavior prevents a single MAPI client from exhausting resources on the Exchange server.

When an Exchange 2007 server stops responding to a MAPI client and generates Event 9646, it indicates that a MAPI client may be opening too many objects or may be leaving too many objects open on the server.

The following table lists the default values for the maximum number of server objects that can be opened at one time in Exchange 2007.

Default values of the maximum number of open server objects

Entry	Default value
objtMessage	250
objtFolder	500
objtAttachment	500
objtFolderView	500
objtMessageView	500
objtAttachView	500
objtStream	250
objtACLView	50
objtRulesView	50
objtFXSrcStrm	50
objtFXDstStrm	50
objtCStream	50
objtNotify	500,000

Resolution

To resolve the problem, do the following:

Investigate any third-party applications or add-ins that are running on the MAPI client. Some third-party applications keep objects open for long periods of time or open many objects concurrently.
Investigate the user behavior that is associated with the indicated logon. This will help you better understand why the default number of objects is insufficient.

In rare cases, you may need to add a registry key to adjust the maximum number of open objects. This new registry key will override the default value. Such rare cases include situations in which it is acceptable or necessary to use applications that keep objects open or open many objects concurrently.

Caution:
When you increase the maximum number of an object type, you also increase the memory that may be consumed by all client requests connecting to the server. Incorrectly configuring this value could lead to out-of-memory warnings or virtual memory fragmentation warnings.

Caution:
Incorrectly editing the registry can cause serious problems that may require you to reinstall your operating system. Problems resulting from editing the registry incorrectly may not be able to be resolved. Before editing the registry, back up any valuable data.

Before You Begin

To perform the following procedure, the account you use must be delegated membership in the local Administrators group. For more information about permissions, delegating roles, and the rights that are required to administer Exchange 2007, see Permission Considerations.

Procedure

To use Registry Editor to adjust the maximum number of open objects that a MAPI client can use at the same time

Start Registry Editor (regedit).
Locate the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeIS\ParametersSystem
Right-click ParametersSystem, point to New, and then click Key.
Type MaxObjsPerMapiSession, and then press ENTER to name the new subkey.
Right-click MaxObjsPerMapiSession, click New, and then click DWORD Value.
Type the object type, and then press ENTER to name the entry. For example, type objtMessage, and then press ENTER to create an entry that changes the default maximum of objtMessage objects.
Right-click the entry that you created in Step 6, and then click Modify.
In the Value data box, type the new maximum number of objects to which you want to limit this entry, and then click OK.

Note:
The server will automatically recognize the new limit within five minutes. http://technet.microsoft.com/en-us/library/bb676486%28EXCHG.80%29.aspx

How to jailbreak your iPhone and iPod touch using BlackRa1n for Windows

Step One
Open your web browser of choice and navigate to http://www.blackra1n.com. Click the Windows logo at the bottom of the screen.

Step Two
When prompted save the download to your desktop

Step Three
Then double click the blackra1n executable file from the desktop to launch the program

Step Four
Make sure your iPhone or iPod is connected to the computer then click the large make it ra1n button

Step Five
You iPhone will now be placed in recovery mode.

You will see a picture of GeoHot that replaces the regular recovery mode screen on your device.

blackra1n will run and then your device will reboot.

A popup message will appear informing you that BlackRa1n is free software and if you appreciate it you can donate to GeoHot at geohot@gmail.com.

Step Six
Once your device reboots it will be jailbroken and you will notice a blackra1n icon on the desktop. Make sure you have an internet connection and press to launch the application.

Choose the installer application of your choice then press the Install button at the top right of the screen

BlackRa1n will begin to download and install the package you selected.

Step Seven
Once complete BlackRa1n will respring your iPhone and you will find the installer package of your choice on the Springboard.

Step Eight
Once you have confirmed your installer package is working correctly you may use the Uninstall blackra1n button inside the BlackRa1n app to remove it from your springboard.

Step Nine

Its done :)

OSPF Metric Calculation

OSPF has one of the easiest metric calculations; by default, the bandwidth of the outbound interface is used to calculate each part of the route path. The default formula is shown in Figure 1:

Figure 1 - OSPF Metric Formula

For example, a network contained two routers that were connected together, as shown in Figure 2:

Figure 2 - OSPF Metric Sample Topology

Assuming that OSPF is configured, R1 would have an OSPF routing table entry for the network that is connected to R2’s F0/1 interface. For traffic from R1 to reach that network it would need to pass through both R1’s F0/0 interface and R2’s F0/1 interface. R2 would calculate the OSPF metric for its F0/1 interface (100,000,000 / 100,000,000 = 1) and R1 would calculate the OSPF metric for its F0/0 interface (100,000,000 / 100,000,000 = 1). Based on this information from R1’s perspective, the OSPF metric to the network off of R2’s F0/1 interface is 2.

It is very important to note that the bandwidth that OSPF is using in its metric calculations is based on the configured interface bandwidth using the bandwidth interface configuration mode command. The bandwidth that is configured with the bandwidth command does not have to match the physical bandwidth of the interface, and does not affect the physical bandwidth of the network. If the network administrator changed the bandwidth of R2’s F0/1 interface to 50 Mbps (bandwidth 50000) the metric for the OSPF route would change on R1, specifically, it would change to 3 (100,000,000 / 50,000,000) = 2 + 1 (R1’s F0/0 OSPF metric) = 3.

Another common issue that is found by network engineers in modern networks is that the reference bandwidth used in the OSPF metric calculation is rather small with the availability of 1, 10 and 100 gigabit interfaces. From the perspective of the OSPF metric, an interface with a bandwidth of 100 Mbps (1) has the same metric as one with a bandwidth of 100 Gbps (1) (The OSPF metric calculation only uses whole numbers). To remedy this, it is possible to change the reference bandwidth that the OSPF process is using for metric calculation. To change this, use the auto-cost reference-bandwidth reference-bandwidth command, where reference-bandwidth is set in Mbps (i.e. the default is 100). Make note that the reference bandwidth must be changed on ALL of the devices in the OSPF network.

To make this a little clearer, Figure 3 shows the same network using up-to-date interface bandwidths and a higher reference bandwidth:

Figure 3 – OSPF Reference Bandwidth Example

Using these bandwidths, the OSPF metric to the network off of R2’s F0/1 interface would be calculated as follows:

R1’s F0/0 interface – 100,000,000,000 / 100,000,000 = 1,000

R2’s F0/1 interface – 100,000,000,000 / 10,000,000,000 = 10

R1’s routing table will have an entry for R2’s F0/1 network with a metric of 1010.

Summary

Most of the time when routing protocols are implemented on small simple network topologies, they work without much additional configuration. When working on networks that are larger, the complexity of the routing protocol configuration can increase; this complexity and the size of the topology can make troubleshooting very complex as well. The OSPF metric is very simple to calculate and allows even novice engineers the ability to easily trace how traffic should pass through a network. Take the time to memorize how these metrics are calculated and future troubleshooting will become easier even on complex networks.