DOCSLIB.ORG

Download/802.3-2012.Zip REFERENCES [19] L

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Download/802.3-2012.Zip REFERENCES [19] L Towards the Forensic Identification and Investigation of Cloud Hosted Servers through Non-Invasive Wiretaps Hessel Schut∗, Mark Scanlony, Jason Farinaz and Nhien-An Le-Khacx ∗Korps Landelijke Politiediensten, Driebergen, Netherlands. yzxSchool of Computer Science and Informatics, University College Dublin, Ireland. Email: ∗[email protected], [email protected], [email protected], [email protected] Abstract—When conducting modern cybercrime investigations, where the networking devices such as switches and firewalls, evidence has often to be gathered from computer systems located are also owned by the customer of the data centre. An at cloud-based data centres of hosting providers. In cases where investigator may find themselves in a situation where the the investigation cannot rely on the cooperation of the hosting provider, or where documentation is not available, investigators hosting provider or data centre itself cannot be trusted to can often find the identification of which distinct server among provide accurate information. In these cases the investigator is many is of interest difficult and extremely time consuming. To confronted with multiple servers without any documentation address the problem of identifying these servers, in this paper about these servers. This poses a challenge in identifying the a new approach to rapidly and reliably identify these cloud computer system of interest to the investigation. hosting computer systems is presented. In the outlined approach, a handheld device composed of an embedded computer combined One approach available to the investigator is the use of with a method of undetectable interception of Ethernet based the European criminal process law which provides for the communications is presented. This device is tested and evaluated, interception of network traffic [1]. Because of the impact this and a discussion is provided on its usefulness in identifying of may have on privacy, a warrant for interception can only be server of interest to an investigation. given by an investigative judge. Analysis of intercepted traffic to the individual computer systems could reveal identifying I. INTRODUCTION information about these systems such as upstream source IP- The National High Tech Crime Unit (NHTCU) in a Euro- address and Ethernet MAC address and HTTP headers like pean country conducts investigations to crimes targeted at ICT Server and Host. So while the interception of network infrastructure, committed using new technology or methods traffic may be possible in many cases, the investigator needs that have the potential to be incapacitating to society or have a to consider the impact this activity will have on privacy. This high impact. This impact can be quantified in terms of financial is especially true when the discovery process may require the losses, incurred business continuity or recovery costs and loss interception of traffic from computer systems that are unrelated of goodwill in the form of public trust or confidence. Today, to the investigation. This impact may be considered dispro- in its investigations the NHTCU often conducts searches in portionate and therefore a less reliable method of identifying cloud-based data centres to collect evidence by preserving servers would be utilised. The argument can be made, that, arXiv:1510.00664v1 [cs.DC] 2 Oct 2015 stored data on hosted computer systems or to conduct wiretaps when performing discovery and, when the objective is the on these computer systems. preservation of data, the identification of servers and the traffic In most cases these computer systems are owned by a metadata, as permitted by criminal process law [1],that needs trusted hosting company that leases these computer systems to be gathered to do so is an integral part of this search. to end-users. Under subpoena, the hosting company locates Following this interpretation, it follows that Article 125n [2] the exact computer of which data is requested and hands this applies too, which states that all information gathered during server over to the investigators who will assert some other a search that is of no interest to the investigation needs to be investigative power such as the creation of a forensic copy of destroyed and that a written report of the destruction needs to data, placing a wiretap on the system or conducting live data be compiled. When applied to the problem of identification forensics. of servers, this means that an audit trail of all identification However, the assistance of the hosting provider is not always attempts needs to be kept, where the investigator can mark possible. Several times each year the NHTCU is confronted identifying information as either relevant, or irrelevant. In the with co-located servers on cloud platforms ( computer systems latter case data can be destroyed immediately, but a record owned by a third party that are hosted in a data centre). Often of destruction needs to be kept. Preferably no information is these co-located servers are part of a larger infrastructure, displayed to the investigator at all, other than a confirmation that a pre-determined identification is recognised. relative timestamps of activities and discoveries need to be Recent approaches in literature are concerned with the logged. creation of wiretaps for Ethernet networks by placing de- vices inline [3][4][5][6], or requiring administrative access II. RELATED WORK to configure a switch for port mirroring [7]. To place a In this section, related work on wiretaps for Ethernet wiretap in-line with the connection to the observed device, the networks is discussed. This work can be divided in to main connection to that device needs to be interrupted. This poses categories: passive and active approaches. no problems when creating a long-term wiretap for network management or security purposes, e.g., to connect an Intrusion A. Active Approaches Detection System (IDS) sensor [3]. However, interruption of Switch Port Analyser or SPAN [7] is a method of inter- an Ethernet link can be signalled and logged at either side of cepting (wiretapping) Ethernet traffic for purposes such as the connection. This may pose a problem for law enforcement network monitoring. SPAN is a technique where a switch as this can alert an adversary that the connection has been has one or more ports defined as mirror ports to which tampered with. monitoring devices can be connected. A network administrator Therefore, a new technical solution is sought for to intercept can set up a mirroring policy that identifies types of traffic Ethernet traffic for the purpose of identification of computer that is being copied by the switch from the receiving port(s) servers. For this, a method needs to be developed that is to one or more mirror ports for analysis. In [7] the mirrored undetectable by the operator of the computer system. In most traffic is distributed to mirror ports in a round-robin manner, network investigation, most computer systems are identified thus distributing traffic over multiple ports to make it more by the public IP address. The solution must at least allow the likely that the mirror ports can handle the copied data without investigator to determine the IP-addresses used by a computer dropping traffic. system. Extending to other properties of network traffic, the [4] proposed a forensics evidence collection device called new solution should allow users to add other identifying PNFEC. The proposed device uses an embedded computer properties of the network traffic that are more appropriate to with multiple network interfaces and open-source software to identify the computer system. collect live network evidence from single hosts. The PNFEC The rest of this paper is organised as follows: Section II is placed inline between a network node of interest and the shows the related work of this research on different approaches rest of the network. After being placed inline between the on wiretaps for Ethernet networks. A new approach for the network node and the network, the device acts as a transparent identification of computer server using temporary wiretap s Ethernet bridge [8] between the observed network node and is presented in Section III. The software components of our the rest of the network. The bridge is created using the device is outlined in Section IV. A discussion is provided brconfig command in the OpenBSD operating system, thus on the wiretap attachment in Section V. An evaluation of the using the bridge kernel driver to forward traffic from one proposed device and an analysis of its performance is provided network interface to another. in Section VI. The conclusion and a discussion on future work An inline wiretap device is proposed in [6]. The proposed is outlined in Section VII. device is connected in parallel with the network cable to the observed device using alligator clips. A faster and more robust A. Aim and Contribution of this Work way of connecting to the network cable is left for further work. The parallel connection through the proposed device is The aim of the work presented as part of this paper is to routed through electromechanical switches (relays) for each expedite digital investigations in a cloud data centre environ- wire. These relays are in a normal closed state; therefore the ment. This can be achieved by focusing the investigation at original cable can be cut safely when the relays are unpowered. an early stage to pertinent servers through the identification of When power is applied to the relays, the relay contacts divert suspicious or targeted network traffic. the Ethernet signals to two network adapters that are operating In this paper, a device implementing a method for un- in a transparent bridge, as described in [4]. Should power to detectable interception of Ethernet network traffic for the the device fail, the relays fall back to a state where the cable purpose of identification of computer systems is presented.
Load more

Recommended publications
  • Ethernet Switches and Crossover Cables
    Ethernet Switch A switch is something that is used to turn various electronic devices on or off. However, in computernetworking, a switch is used to connect multiple computers with each other. Since it is an external device it becomes part of the hardware peripherals used in the operation of a computer system. This connection is done within an existing Local Area network (LAN) only and is identical to an Ethernet hub in terms of appearance, but with more intelligence. These switches not only receive data packets, but also have the ability to inspect them before passing them on to the next computer. That is, they can figure out the source, the contents of the data, and identify the destination as well. As a result of this uniqueness, it sends the data to the relevant connected system only, thereby using less bandwidth at high performance rates. The first Ethernet network switch was pioneered by Kalpana (computer networking equipmentmanufacturing company in Silicon Valley established by an entrepreneur of Indian origin, Vinod Bharadwaj) in 1990. Switches operate at Layer 2 of the OSI Model; the Data-Link Layer. This is in contrast to routers, which operate at Layer 3 of the OSI Model, the Network Layer. A switch stores the MAC Address of each and every device which is connected to it. The switch will then evaluate every frame that passes through it. The switch will examine the destination MAC Address in each frame. Based upon the destination MAC Address, the switch will then decide which port to copy the frame to. If the switch does not recognize the MAC Address, it will not know which port to copy the frame to.
    [Show full text]
  • 10/100 Physical Layer Ethernet Switch,16-Port
    10/100 PHYSICAL LAYER ETHERNET SWITCH,16-PORT Make 10/100 Physical Layer Ethernet connections without rewiring or rerouting cables. Key Features emotely configure, redistribute, Ethernet hub or network switch You can also instantly and Ideal for point-to-point R and monitor Ethernet devices using a crossover cable. Each effortlessly recall up to 16 Ethernet connections. in 10/100 Ethernet LAN connected device can be placed frequently-used patching environments. The 10/100 up to 328 ft. (100 m) away from the configurations (stored in the Auto-adapts port Physical Layer Ethernet Switch, switch. switch’s non-volatile memory) via speed to either 10 or 16-Port provides point-to-point The switch installs between the LAN or RS-232 serial port. 100 Mbps. connectivity without rewiring or your patch panels and network The control software works rerouting cables. And it switch. Since it operates at the with Windows® 95/98/2000/XP and Switch between up to automatically adapts to port Physical Layer, the switch can Windows NT®. The PC connected 16 devices, each speeds of 10 or 100 Mbps. shut down the physical connec- to the serial port can be located located up to 328 ft. Attach 10BASE-T Ethernet or tion to specific workstations, up to 50 ft. (15.2 m) from the (100 m) away from the 100BASE-TX Fast Ethernet departments, or buildings. You switch, while the workstation switch. devices via the 16 RJ-45 can do this remotely via the connected to the LAN port can be connectors on the switch’s front control software and a PC located up to 328 ft.
    [Show full text]
  • Ethernet Technology 1 Ethernet Technology 2
    • History - Xerox : LAN for open office automation (1970s) 3Mbps on 75 Ohm Coax, coverage 1km area - DEC, Intel, and Xerox Co-proposed “Ethernet v1.0” (9/1980) - D.I.X. Ö Ethernet ver 2.0 (11/1982): 50Ohm Coax, 2.8 km • ANSI/IEEE 802.3 (ISO 8802.3) - Reformulated Ethernet v2 in 1985 - Drop cable, connector technology, times and fields are redefined - It’s used with Ethernet interchangeably, but less meaningful than Ethernet (?retain the original name) - Supplementary documents (regarding to various medium) + Upgrades are published after Feb.1989 Î IEEE 802.3x Ethernet Technology 1 Ethernet Technology 2 NotationNotation ofof EthernetEthernet TechnologyTechnology # B X / # Bit rate in Mbps: Distance in 100m: -1 -10 -100 - 2, -5, -36, -1000 -10000 or Medium: Simplified to: Signaling method: - Baseband 10/100Æ T?/TX or F/FX invented by: Bob Metcalfe and David Boggs in 1970 1GE & 10GE - Broadband 1GEÆ (C/S/L)X or T 10GEÆ(S/L/E)(X/R/W) ൩೭ኬǻ Ethernet Technology 3 Ethernet Technology More on Ethernet Family 4 Bus Topology -- 10Base2/5/36 Explanation of the Abbreviations • Connecting nodes via (tap to) coaxial cable • Transmission and receiving over the same media (line) • Basic configuration (Ex: A 10Base5 segment = a coax) : TRL ~ Transceiver’s cable Length DBN ~ Distance Between Nodes ӕືႝᢑ୔ࢤȐനߏ 500 ϦЁȑ MSL node NPS ~ Nodes Per Segment DBT Terminator Multiple of 2.5m Coaxial Cable tap Extension ? MES MSL ~ Maximum Segment Length ԏวᏔ Ȑനߏ 50 ϦЁȑ TRL ԏวᏔႝᢑ Transceiver Terminator ಖᆄᏔ MES ~ Maximum Extendable Segments ୔ࢤനӭௗ 100 ঁȑ NPS؂Ȑ • Important parameters: TRL, DBT, NPS, MSL, and MND.
    [Show full text]
  • Modern Ethernet
    Color profile: Generic CMYK printer profile Composite Default screen All-In-One / Network+ Certification All-in-One Exam Guide / Meyers / 225345-2 / Chapter 6 CHAPTER Modern Ethernet 6 The Network+ Certification exam expects you to know how to • 1.2 Specify the main features of 802.2 (Logical Link Control) [and] 802.3 (Ethernet): speed, access method, topology, media • 1.3 Specify the characteristics (for example: speed, length, topology, and cable type) of the following cable standards: 10BaseT and 10BaseFL; 100BaseTX and 100BaseFX; 1000BaseTX, 1000BaseCX, 1000BaseSX, and 1000BaseLX; 10GBaseSR, 10GBaseLR, and 10GBaseER • 1.4 Recognize the following media connectors and describe their uses: RJ-11, RJ-45, F-type, ST,SC, IEEE 1394, LC, MTRJ • 1.6 Identify the purposes, features, and functions of the following network components: hubs, switches • 2.3 Identify the OSI layers at which the following network components operate: hubs, switches To achieve these goals, you must be able to • Define the characteristics, cabling, and connectors used in 10BaseT and 10BaseFL • Explain how to connect multiple Ethernet segments • Define the characteristics, cabling, and connectors used with 100Base and Gigabit Ethernet Historical/Conceptual The first generation of Ethernet network technologies enjoyed substantial adoption in the networking world, but their bus topology continued to be their Achilles’ heel—a sin- gle break anywhere on the bus completely shut down an entire network. In the mid- 1980s, IBM unveiled a competing network technology called Token Ring. You’ll get the complete discussion of Token Ring in the next chapter, but it’s enough for now to say that Token Ring used a physical star topology.
    [Show full text]
  • Ethernet Networks: Design, Implementation, Operation, Management
    Ethernet Networks: Design, Implementation, Operation, Management. Gilbert Held Copyright 2003 John Wiley & Sons, Ltd. ISBN: 0-470-84476-0 ethernet networks Fourth Edition Books by Gilbert Held, published by Wiley Quality of Service in a Cisco Networking Environment 0 470 84425 6 (April 2002) Bulletproofing TCP/IP-Based Windows NT/2000 Networks 0 471 49507 7 (April 2001) Understanding Data Communications: From Fundamentals to Networking, Third Edition 0 471 62745 3 (October 2000) High Speed Digital Transmission Networking: Covering T/E-Carrier Multiplexing, SONET and SDH, Second Edition 0 471 98358 6 (April 1999) Data Communications Networking Devices: Operation, Utilization and LAN and WAN Internetworking, Fourth Edition 0 471 97515 X (November 1998) Dictionary of Communications Technology: Terms, Definitions and Abbreviations, Third Edition 0 471 97517 6 (May 1998) Internetworking LANs and WANs: Concepts, Techniques and Methods, Second Edition 0 471 97514 1 (May 1998) LAN Management with SNMP and RMON 0 471 14736 2 (September 1996) ethernet networks Fourth Edition ♦ Design ♦ Implementation ♦ Operation ♦ Management GILBERT HELD 4-Degree Consulting, Macon, Georgia, USA Copyright 2003 John Wiley & Sons Ltd, The Atrium, Southern Gate, Chichester, West Sussex PO19 8SQ, England Telephone (+44) 1243 779777 Email (for orders and customer service enquiries): [email protected] Visit our Home Page on www.wileyeurope.com or www.wiley.com All Rights Reserved. No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except under the terms of the Copyright, Designs and Patents Act 1988 or under the terms of a licence issued by the Copyright Licensing Agency Ltd, 90 Tottenham Court Road, London W1T 4LP, UK, without the permission in writing of the Publisher.
    [Show full text]
  • Ethernet Explained
    Technical Note TN_157 Ethernet Explained Version 1.0 Issue Date: 2015-03-23 The FTDI FT900 32 bit MCU series, provides for high data rate, computationally intensive data transfers. One of the interfaces used for this high speed communication is Ethernet. This application note discusses some of the key features of an Ethernet link and how the FT900 assists in establishing the link. Use of FTDI devices in life support and/or safety applications is entirely at the user’s risk, and the user agrees to defend, indemnify and hold FTDI harmless from any and all damages, claims, suits or expense resulting from such use. Future Technology Devices International Limited (FTDI) Unit 1, 2 Seaward Place, Glasgow G41 1HH, United Kingdom Tel.: +44 (0) 141 429 2777 Fax: + 44 (0) 141 429 2758 Web Site: http://ftdichip.com Copyright © 2015 Future Technology Devices International Limited Technical Note TN_157 Ethernet Explained Version 1.0 Document Reference No.: FT_001105 Clearance No.: FTDI# 442 Table of Contents 1 Introduction .................................................................................................................................... 3 1.1 Scope ....................................................................................................................................... 3 2 What is Ethernet? ........................................................................................................................... 4 2.1 Speeds ....................................................................................................................................
    [Show full text]
  • Fast Ethernet Hub Instruction Leaflet 5 Port Hub RS Stock No
    Issued March 1998 10772 Fast Ethernet Hub Instruction Leaflet 5 port hub RS stock no. 288-5825 Table of contents Page 1.0 Introduction______________________________________________2 1.1 Inspecting the package and product __________________________________2 1.2 Product description ________________________________________________2 1.2.1 Ports 1-5: 100Mbps shared ports ________________________________3 1.2.2 Port 6: 10Mbps or 100Mbps switched port________________________3 1.3 Features and Benefits ________________________________________________3 1.4 Applications________________________________________________________4 2.0 Installation ______________________________________________6 2.1 Locating the hub __________________________________________________6 2.2 Ethernet media connections __________________________________________6 2.3 Collision domain diameter __________________________________________6 2.4 Connections to auto-negotiation 10/100 NICs____________________________9 2.5 Powering the Hub __________________________________________________9 3.0 Operation ______________________________________________9 3.1 Functionality ______________________________________________________9 3.1.1 Filtering and forwarding________________________________________9 3.1.2 Address learning (address table maintenance) __________________10 3.1.3 Throughput increase__________________________________________10 3.1.4 Software transparency ________________________________________11 3.2 LED’s ____________________________________________________________11 3.3 100Mb
    [Show full text]
  • Physical Layer Standards
    ELEC3030 (EL336) Computer Networks S Chen Physical Layer Standards • Physical layer: concern with transmission of raw bit stream over physical medium • A physical layer “protocol” or standard deals with mechanical, electrical and procedural characteristics to access physical medium • Parts of a physical layer are completely related to the medium and others are independent of the medium → useful thinking physical layer as two sublayers – “Medium dependent sublayer”: specifies the medium, physical connectors, related mechanical and electrical characteristics – “Medium independent sublayer”: covers line coding – how to transmit 0 and 1 bits; synchronisation – sender and receiver clocks must be synchronised to know the start/end of a bit, usually by organising block of bits into a frame; other issues not directly linked to the medium Do not confuse layer-1 framing with framing in layer-2: It is really concerned with how to reliably transmit bit stream (timing), while layer-2 framing includes some other higher functional purposes 25 ELEC3030 (EL336) Computer Networks S Chen IEEE 802.3 Ethernet • A bus LAN, “medium dependent” part of physical layer specifies things related to the medium: Controller name (a) 10Base5 (b) 10Base2 (c) 10Base-T Controller Twisted pair Transceiver medium thick coax cable thin coax cable twisted pair Transceiver + controller cable max. length 500 m 200 m 100 m Core Vampire tap nodes 100 30 1024 data rate 10 Mbps 10 Mbps 10 Mbps Transceiver Connector Hub (a) (b) (c) • “Medium independent”: the Manchester encoding is
    [Show full text]
  • Industrial Ethernet
    Industrial Ethernet ... from the Office to the Machine - world wide - Band I Ronald Dietrich Industrial Ethernet ... from the Office to the machine - world wide - HARTING The best connections worldwide – because quality connects. HARTING was founded in 1945 by the family that still retains sole ownership of the company. HARTING presently employs more than 2 000 people including 150 highly qualified engineers and over 100 sales engineers who take care of the daily needs of our customers. Today, HARTING is the leading manufacturer of connectors with 34 subsidiary companies in Europe, America and Asia. As the market leader, HARTING offers the advantage of ‘just in time’ services. It is therefore no wonder that the company maintains close business relationships with all of its important customers active in the world market. HARTING is the market leader in several of its product sectors. HARTING can draw on many years of extensive experience gained in achieving high degrees of protection in industrial environments (IP 65 and higher), all of which has flowed into expanding its product portfolio as well as the development of its family of devices for industrial communication. HARTING products are manufactured utilizing cutting edge and efficient productions methods. CAD systems support research and development as well as tool making activities. We abide by our philosophy of quality, which states that only fully automatic manufacturing processes can achieve a zero error rate. In accordance with DIN EN ISO 9001, the organisation and procedures constituting our quality assurance measures are documented in a quality assurance manual. HARTING employs approximately 60 members of staff in quality assurance.
    [Show full text]
  • Baystack Access Node and Access Node Hub Data Sheet
    BAYSTACK ACCESS NODE AND ACCESS NODE HUB WORKGROUP PRODUCTS The Bay Networks BayStack™ Access Node (AN®) and Access Node Hub (ANH™) routers cost-effectively connect small remote offices and ensure network availability while minimizing network operating costs. Typical connectivity requirements of remote offices are supported by the BayStack AN router’s LAN interfaces (Ethernet and Token Ring) and serial interfaces (Synchronous, one T1/FT1 data service unit/channel service unit (DSU/CSU) or 56/64 Kbps DSU/CSU adapter module, and one ISDN Basic Rate Interface (BRI)). The fully managed BayStack ANH supports either eight or twelve 10BASE-T repeater ports, as well as Synchronous interfaces, one or two Synchronous and ISDN BRI interfaces, and one T1/FT1 DSU/CSU or 56/64 Kbps DSU/CSU adapter module, reducing equipment and management complexity. In all BayStack AN and ANH configurations, the serial interfaces provide remote office network design flexibility. For mission-critical applications, they facilitate Dial Backup and Bandwidth-on-Demand support. In addition, Dial-on- Demand functionality enables a BayStack AN to extend network availability on an as-needed basis to small remote sites, minimizing WAN service costs. Optionally, Synchronous interfaces can be used for Synchronous Data Link Control (SDLC), allowing both IBM SNA and multiprotocol LAN traffic over one consolidated WAN link to the internetwork backbone. The BayStack AN and ANH easily integrate with the enter- prise internetwork by supporting Bay Networks Routing Services (BayRS™), which provides support for all major LAN and WAN protocols. The Motorola MC68360 micro- processor, used in the BayStack AN and ANH router’s highly integrated design, easily maintains high forwarding and filtering rates regardless of the number of protocols and network interfaces used—even when processing SNMP management inquiries.
    [Show full text]
  • Affordable Industrial Ethernet - Ctrlink™ by George Thomas, Contemporary Controls the Power Source
    Volume 3 • Issue 1 JANUARY – FEBRUARY 2002 Past issues of the Extension are the available. If you would like a copy, please send your request to EXTENSION [email protected] A Technical Supplement to control NETWORK © 2002 Contemporary Control Systems, Inc. Affordable Industrial Ethernet - CTRLink™ By George Thomas, Contemporary Controls the power source. For safety, some control panels only provide low-voltage AC or DC power to control devices. INTRODUCTION Wall-mounted power supplies may not be acceptable. The electromagnetic compatibility (EMC) requirements differ with CTRLink™ gives its name to a new line of Industrial industrial locations requiring a higher immunity to EMI and Ethernet connectivity products that facilitate the use of ESD. Regulatory safety approvals differ from that in an office. Ethernet on the plant floor. Ethernet is recognized as Process plants may require hazardous location ratings. the most popular local area network technology— A factory may require an industrial control panel approval finding more applications in factories and process while a building automation system may necessitate a smoke plants. Why? Ethernet’s low cost, its familiarity with and fire approval rating. These are unique application customers and use as the simplest means of connecting standards that low-cost, office-grade Ethernet hubs and to the Internet make this technology the preferred switches fail to address. However, the CTRLink™ family choice. CTRLink is an evolving line of Industrial addresses these issues. Ethernet media converters, hubs, switches, routers, gateways and adapters that are required when CTRLink™ ENCLOSURES implementing an Ethernet network in an industrial or commercial environment. All CTRLink™ products are intended to be mounted in control panels and are available in two sizes.
    [Show full text]
  • 20 Computer Terms Every Mac User Should Know
    macworld 2/14/14, 10:23 AM This is from a macworld.com article dated July 4, 2013… 20 computer terms every Mac user should know Wired and wireless networking Magic is the word some people use to describe the ability to connect your computer and mobile devices wirelessly to the Internet. But other—and more specific—means and protocols include the following. Ethernet: This wired standard is used in local computer networking (that is, in networked devices that are located in the same physical space and share a common router address). An ethernet connector looks like a large telephone plug; and like a telephone plug, it snaps into its host receptacle. The most common forms of ethernet Page 1 of 9 macworld 2/14/14, 10:23 AM are 10Base-T, 100Base-T, and 1000Base-T (also known as gigabit ethernet). These forms differ considerably in speed. 10Base-T operates at a limit of 10 megabits per second (mbps), 100Base- T bumps that limit up to 100 mbps, and 1000Base-T offers a limit of 1000 mbps (or one gigabit per second). Ethernet connections are handled through Cat-5 and Cat-6 cables like this. Ethernet can be faster than a Wi-Fi connection, depending on the devices you’re using. If, for example, your Mac supports gigabit ethernet but a device it’s connected to supports only 100Base-T, your Mac must move data between it and that device at the slower speed. The other advantage ethernet offers is range. You can string a very long ethernet cable that allows you access to a network where a Wi-Fi signal would have long since Page 2 of 9 macworld 2/14/14, 10:23 AM petered out.
    [Show full text]