Types of malware

Viruses, worms, Trojan horse, keyloggers, rootkits, spyware and other malicious programs  are all part of a
class of software called malware.There are many different classes of malware that have varying ways of infecting systems and propagating themselves. Let divide these malwares into groups according to their threats and the way they operates.

what is malware

Malware is short for "malicious software" its a computer programs designed to infiltrate and damage computers without the users consent. Malware is general term covering all the different types of threats to your computer safety such as viruses, spyware, worm, Trojan  rootkits and other malicious programs. the majority of active malware threats are usually worms or Trojan rather than viruses. Some malware is disguised as genuine software, and may come from an official company website.

what is a computer worm

A computer worms are malicious programs that replicate, execute, and spread across the network connections independently with human interaction. Most of the worms are created only to replicate and spread across a network, consuming available computer resources; however, some worms carry a payload to damage the host system.

Attackers use worm payload to install backdoors in infected computers, which turns them into zombies and creates botnet; these botnets can be used to carry further cyber attacks.

what is a computer virus

A computer virus is another type of malware that can replicate itself and spread from one computer to another. It attached itself to a legitimate program, executive piece of software, and then reproduces itself when that program is run. Viruses spread by reproducing and inserting themselves into programs, documents, or e-mail attachments. They can be transmitted through e-mail or downloaded files and they can be presented on DVDs, CD's, USB-drivers and any other sort of digital media.

what is spyware

Spyware is a software that aids in gathering information about a person or organization without the users knowledge and sends the information gathered to the attacker. Spyware is used mostly for the purpose such as; tracking and storing internet activities users made on the web. Spyware can also be described as software that performs certain behaviors, generally without appropriately obtaining your consent first, such as:

What is rootkit

Rootkits are programs created to allow other malware programs to hide in plain sight. Rootkit are designed to hide from detection by users and computer security programs. Therefore they don't show up in windows Explorer, the running processes don't display in the windows Task manager, and many anti-virus programs can't find rootkit - hidden malware.

types of Trojan horse

Types of Trojan horse

Trojan horses are broken down in classification based on how they breach systems and the damage they cause. The seven main types of Trojan horses are:

Email Trojan. 
This is a type of Trojan an attacker use to gain remote control of a victim computer by sending e-mail messages. Attacker can then retrieve files or folders by sending commands through email.

What is Trojan horse

A Trojan is a program that runs hidden on an infected computer. A Trojan horse is a destructive program that masquerades as a benign application. unlike viruses, Trojan horse do not replicate themselves but they can be just as destructive even more. A Trojan horse may appear on a victim computer claiming to rid your computer of viruses but instead introduces virus into your system.

What is a Keylogger

Keyloggers or keystroke loggers are programs or hardware devices that monitor each keystroke a computer user types on a keyboard, it logs on to a file or transmits them to a remote location  Keyloggers are placed between the keyboard hardware and the operating system. Although keyloggers are promoted for benign purposes like allowing parents to monitor their children's whereabouts on the Internet, they can be used to spy on anyone. They are a form of spyware used by cyber criminals to covertly watch and record everything you type on your PC in order to harvest your log-in names, passwords, and other sensitive information, and send it on to the hackers. This may include any passwords you have asked your computer to remember for you to speed up logging in, as these are held as cookies on your machine.

What is Network Interface Card

Network interface cards is a computer hardware component that connects a computer to a computer network. To connect to a network, a PC must have a NIC. NICs can be built into the motherboard of the computer; can be connected through a USB, PC Card, CompactFlash or FireWire port; or can be an internal adaptor card that is installed into one of the computer's expansion slots. NICs are available that can connect to either wired or wireless networks.

Every Ethernet network controller has a unique 48-bit serial number called a MAC address, which is stored in read-only memory. Every computer on an Ethernet network must have at least one controller. No two NICs will share the same address. Because NIC vendors purchase blocks of address from  Institute of Electrical and Electronics Engineers (IEEE) and assign a unique address to each NIC at the time of manufacture.

The NIC allows computers to communicate over a computer network. It is both an OSI layer 1 (physical layer) and layer 2 (data link layer) device, as it provides physical access to a networking medium and provides a low-level addressing system through the use of MAC addresses. It allows users to connect to each other either by using cables or wirelessly.

Cisco IP Communicator

Cisco IP Communicator is a Microsoft Windows-based application that delivers enhanced telephony support through personal computers. It is easy to deploy and features some of the latest technology and advancements available with IP communications today. This application endows computers with the functions of IP phones, providing high-quality voice calls on the road, in the office, or from wherever you can access the corporate network. Cisco IP Communicator supports Session Initiation Protocol (SIP) as well as the Cisco Unified Communications Manager Skinny Client Control Protocol (SCCP).

Cisco IP Communicator is designed for users who require a supplemental telephone when away from their desk or traveling or telecommuting. When using Cisco IP Communicator remotely, you are not just taking your office phone extension with you - you still have access to the same familiar phone and video telephony services you have in the office. This advantage boosts business collaboration and responsiveness, and helps organizations keep pace with today’s mobile business environment.

Cisco IP Communicator works with Cisco Unified Video Advantage to bring video telephony to the communications experience. Now, telecommuters and mobile employees using Cisco IP Communicator can enhance their communications with video. When calls are made through Cisco IP Communicator, available video is automatically displayed through Cisco Unified Video Advantage. It is as easy as making a telephone call.

Cisco IP Communicator uses the Cisco Unified Communications Manager call-processing system to provide advanced telephony features and voice-over-IP (VoIP) capabilities. Access to eight telephone lines (or a combination of lines and direct access to telephony features) is included. When registered to the Cisco Unified Communications Manager system, Cisco IP Communicator has the capabilities of a full-featured Cisco Unified IP phone, including the ability to transfer calls, forward calls, and add participants to an existing conference call. As a result, system administrators can provision Cisco IP Communicator as they would any other Cisco Unified IP phone, greatly simplifying IP phone management. This solution also can help customers and developers deliver more innovative and productivity-enhancing Extensible Markup Language (XML)-based applications to the display.

Cisco debug command

Debug is a troubleshooting command that’s available from the privileged exec mode of Cisco IOS. It’s used to display information about various router operations and the related traffic generated or received by the router, plus any error messages.
It’s a useful and informative tool, but you really need to understand some important facts about its use. Debug is regarded as a very high-priority task because it can consume a huge amount of resources and the router forced to process-switch the packets being debugged. So you don’t just use debug as a monitoring tool – it’s meant to be used for short period of time and only as a troubleshooting tool. By using it, you can really find out some truly significant facts about both working and faulty software and/or hardware components.

Because debugging output takes priority over other network traffic, and because the debug all command generates more output than any other debug command, it can severely diminish the router’s performance – even render it unusable. So in virtually all cases, it’s best to use more-specific debug commands.

Backing Up and Restoring the Cisco Configuration

Any changes you make to the router configuration are stored in the running-config file. And if you don’t enter a copy run start command after you make a change to running-config, that change will go poof if the router reboots or gets powered down. So you probably want to make another backup of the configuration information just in case the router or switch completely dies on you. Even if your machine is healthy and happy, it’s good to have for reference and documentation reasons.

 

Backing up the Cisco Router Configuration

To copy the router’s configuration from a router to a TFTP server, you can use either the copy running-config tftp or the copy startup-config tftp command. Either one will back up the router configuration that’s currently running in DRAM or that’s stored in NVRAM.

Restoring the Cisco Router Configuration
If you’ve changed your router’s running-config file and want to restore the configuration to the version in the startup-config file, the easiest way to do this is to use the copy startup-config running-config command (copy start run for short). You can also use the Cisco command config mem to restore a configuration. Of course, this will work only if you copied running-config into NVRAM before making any changes!
       If you did copy the router’s configuration to a TFTP server as a second backup, you can restore the configuration using the copy tftp running-config command (copy tftp run for short) or the copy tftp startup-config command (copy tftp start for short).

 

APIPA

Windows clients support a feature known as automatic private IP addressing (APIPA), which is a feature that provides that, when a Windows client boots up and cannot contact a DHCP server, it will configure itself automatically with a 169.254.x.y address. If there is something wrong with the DHCP server and all the systems on the network cannot obtain an address from the DHCP server, the clients will all assign themselves an address within the 169.254 address range and then be able to communicate with one another.
            APIPA does not assign a default gateway, so you will be unable to access resources on a remote network and the Internet—but you can still communicate with systems on your network. When troubleshooting to find out why a machine cannot communicate on the network, watch for systems that have the 169.254.x.y address range because it means they could not find a DHCP server

Disaster recovery

Disaster recovery is a matter of ensuring that you can help the company recover from any kind of disaster. When preparing for disaster, you need to make sure that your disaster recovery plan includes backup and restore plans, contact information for product vendors, and step-by-step instructions on how to recover each part of your information systems.

The disaster recovery plan should contain detailed steps for recovering from any kind of data loss or physical disaster. The step-by-step plan should contain the location of backup tapes, specify which tapes to restore in different scenarios, and list the steps for rebuilding servers, including detailed information on what to do when a disk fails and how to replace and rebuild the data.

A number of disaster recovery documents overlook key elements such as location of software and CD keys needed to rebuild the system. Be sure that contact information for hardware and software vendors is included in the plan so that if you need to replace an item such as a disk you can contact the vendor.
             Along with detailed recovery steps, a disaster recovery plan should contain detailed information on backup and restore strategies, offsite storage, hot and cold spares, and hot and cold sites.

What is fault tolerance

Fault tolerance is the concept of ensuring that systems will continue to function because you have created a solution that involves having backup copies of power supplies, hard drives, and network links. If one of the links goes down, there would be another link ready to kick in at any time, reducing downtime and ensuring an available solution to clients on the network. The following is a list of widely used fault-tolerant components found on the network.

·         RAID solutions Redundant Array of Independent Disks (RAID) is the concept of storing redundant data on additional drives in case one drive in the RAID solution should fail. RAID solutions can apply to hardware or software. The hardware solution involves having a RAID controller that controls the RAID array, whereas in a software solution the RAID solution is managed by software such as the network operating system. The software solutions are cheaper, but the hardware solutions offer better performance and are more flexible

·         Power A number of network devices such as servers support a fault-tolerant power source such as a power supply in case the original power supply fails.

·         Network link In a number of networking environments a fault-tolerant network link is created to ensure that one network location can communicate with another location at all times or that there is a constant connection to the WAN environment or Internet. A number of business applications require a network link at all times; therefore, when you design the network infrastructure, you should decide whether the organization requires a fault tolerant network link.

How to back up your Cisco Router IOS

Follow the steps below on how to back up your Cisco Router IOS:

1.       Log into your router and go into privileged mode by typing en or enable.

2.       Make sure you can connect to the TFTP server that is on your network by pinging the IP address from the router console.

3.       Type show flash to see the contents of flash memory.

4.       Type show version at the router privileged-mode prompt to get the name of the IOS currently running on the router. If there is only one file in flash memory, the show flash and show version commands show the same file. Remember that the show version command shows you the file that is currently running and the show flash command shows you all of the files in flash memory.

5.       Once you know you have good Ethernet connectivity to the TFTP server and you also know the IOS filename, back up your IOS by typing copy flash tftp. This command tells the router to copy the content of flash memory (this is where the IOS is stored by default) to a tftp server.

6.       Enter the IP address of the TFTP server and the source IOS filename. The file is now copied and stored in the TFTP server’s default directory.

 

Internet Protocol Security (IPsec)

Internet Protocol Security (IPsec) is a fairly new security protocol that can be used to encrypt all IP traffic as well as take part in authentication services and ensure data integrity of information sent across an IP network. One of the things that are so exciting about IPsec is that if you enable IPsec, by means of an IPsec policy, you will not need to configure different encryption methods for each type of application you run on the computer—all IP traffic is encrypted by IPsec once the IPsec policy is implemented. For example, because IPsec encrypts all traffic you do not need to configure a separate encryption technology for your web server, FTP server, and Telnet server. They all run on top of TCP/IP, so IPsec can be used to secure traffic presented by each application.

When you enable IPsec, you can use one of the default IPsec policies built-in. The IPsec policy is used to determine the type of traffic to be encrypted and the method to be used to encrypt the traffic. The three default IPsec policies are as follows:

·         Client (respond only) If asked to communicate securely, this system will respond by using IPsec, but it will never request or initiate secure communication.

·         Server (request security) When enabled, this system will request to use IPsec to secure traffic; if the remote system does not support IPsec, the system will communicate insecurely.

·         Secure Server (require security) This system will communicate with a remote system only if the remote system supports and uses IPsec.

types of computer Network attack

Most types of attacks are considered network-based attacks where the hacker performs the attack from a remote system. There are a number of different types of network attacks:

·         Eavesdropping attack this widely used type of attack typically involves the use of network monitoring tools to analyze and read communications on the network.

·         Spoof attack in a spoof attack, the hacker modifies the source address of the packets he or she is sending so that they appear to be coming from someone else. This may be an attempt to bypass your firewall rules.

·         Hijack attack in a hijack attack, a hacker takes over a session between you and another individual and disconnects the other individual from the communication. You still believe that you are talking to the original party and may send private information to the hacker unintentionally.

·         Denial of service: A denial of service (DOS) is a type of attack that causes the system or its services to crash. As a result, the system cannot perform its purpose and provide those services.

·         Distributed denial of service (DDOS) The hacker uses multiple systems to attack a single target system. A good example is the SMURF attack, in which the hacker pings a number of computers but modifies the source address of those packets so that they appear to come from another system (the victim in this case). When all of these systems receive the ping request, all systems will reply to the same address, essentially overburdening that system with data.

·         Buffer overflow: A buffer overflow attack is when the attacker sends more data to an application than is expected. A buffer overflow attack usually results in the attacker gaining administrative access to the system in a command prompt or shell.

·         Exploit attack: In this type of attack, the attacker knows of a security problem within an operating system or a piece of software and leverages that knowledge by exploiting the vulnerability.

·         Password attack: An attacker tries to crack the passwords stored in a network account database or a password-protected file. There are three major types of password attacks: a dictionary attack, a brute-force attack, and a hybrid attack. A dictionary attack uses a word list file, which is a list of potential passwords. A brute-force attack is when the attacker tries every possible combination of characters. With brute force a file is not read. A hybrid attack is similar to a dictionary attack in that it uses a word list file, but it also places numbers at the end of the word to catch passwords that are not dictionary words because the user placed a number at the end. For example, a dictionary attack would not find the password “pass1,” but a hybrid attack would.

Social engineering attacks

With a social engineering attack, the attacker compromises the network or system through social interaction with an individual, through an e-mail message or phone call, and tricks the individual into divulging information that can be used to compromise security. The information that the victim divulges to the hacker would most likely be used in a subsequent attack to gain unauthorized access to a system or network.
The key to protecting yourself and fellow employees from social engineering attacks is education! Keeping all personnel aware of the popularity of social engineering attacks and the different scenarios that could be examples of social engineering attacks will help raise the security level of the organization.

There are a number of different examples of social engineering attacks. The following are some of the most popular scenarios:

·         Hacker impersonates administrator in this example, the hacker may call the employee and impersonate the network administrator. The hacker will try to convince the employee to change their password or divulge password information.

·         Hacker impersonates user in this example, the hacker calls an unsuspecting network administrator and plays the role of a frustrated user who cannot log on to the network. The network administrator naturally helps the “user” by resetting the password and helping them log on—problem being it is actually the hacker!

·         Hacker impersonates vendor in this example, the hacker may e-mail a customer pretending to be the vendor of a piece of software. In this example, the hacker tries to get the user to install an update, but the user doesn’t realize the update is really a Trojan virus that gives the hacker access to the system.

Universal Serial Bus (USB)

Add caption

Universal Serial Bus (USB) is an innovation in computer peripheral technology that enables you to add devices such as audio players, scanners, printers, network cards, and external hard drives to your computer without having to add an adapter card or even having to turn the computer off. USB comes in two flavors right now:

 

·         USB 1.0 USB 1 has a transfer rate of 12 Mbps, which is an amazing speed, considering that serial ports and parallel ports offer only a speed up to 2 Mbps.

·         USB 2.0 USB 2.0 has a transfer rate of 480 Mbps! This difference in transfer rate dramatically reduces the time it takes to transfer data from one network component to another. For example, last week I was transferring a 3GB file from my USB 2.0 drive to the hard drive on the computer, but because there was not a USB 2.0 driver loaded, the system was treating the device as a USB 1.1 device. As a result, the file copy operation was going to take 67 minutes! I chose Cancel and then updated the driver to USB 2.0 and attempted the file copy a second time; this time it took 3 minutes. Gotta love USB 2.0!

Most systems today have USB ports on both the front and the back of the computer. You can also purchase a USB hub device that will connect to your system and allow additional devices to be connected to it.

Link state routing protocols

Link state routing protocols, also called shortest-path-first-protocols, are a little more advanced than distance-vector routing protocols in the sense that a link state routing protocol knows about the entire network topology. A link state protocol is responsible for monitoring the state of the link between the routers. This link state information is then used to determine the optimal route to a destination network. Although protocols such as RIP have knowledge of neighboring routers, link state protocols have knowledge of the entire network topology and multicast the routing table information to the entire network.

        One of the benefits of the link state routing protocols is that if a link is down, that information is stored in the routing table and that pathway will not be used. Because a distance vector routing protocol does not store link state information, it is possible that it will not know of a link that is unavailable for some time and it could still send traffic through that pathway.

         In link-state protocols the routers each create three separate tables. One of these tables keeps track of directly attached neighbors, one determines the topology of the entire internetwork, and one is used as the routing table. Link-state routers know more about the internetwork than any distance-vector routing protocol. OSPF is an IP routing protocol that is completely link state. Link-state protocols send updates containing the state of their own links to all other routers on the network.

distance vector routing protocol

Distance vector routing protocols measure the best route to use based on the lowest hop count. The hop count is increased by one for every router between the source and the destination. With distance vector routing protocols, the route with the lowest hop count is typically selected as the destination path for the data.

         The distance-vector routing protocol algorithm passes complete routing table contents to neighboring routers, which then combine the received routing table entries with their own routing tables to complete the router’s router table. This is called routing by rumor, because a router receiving an update from a neighbor router believes the information about remote networks without actually finding out for itself.

      

       It’s possible to have a network that has multiple links to the same remote network, and if that’s the case, the administrative distance of each received update is checked first. If the AD is the same, the protocol will have to use other metrics to determine the best path to use to that remote network. Example of distance-vector routing protocol is RIP and IGRP.

 

Assigning IP address to a Cisco Router

To assign an IP address to the Ethernet interface on ROUTER, you will need to type the following
Commands (excluding what appears before > or #—those are the prompts):

ROUTER> enable
ROUTER# configure terminal
ROUTER(config)# interface ethernet0
ROUTER(config-if)# ip address 192.168.1.1 255.255.255.0
ROUTER(config-if)# no shutdown

Let’s take a look at what each of these commands do. The first command, enable, is used to move from user exec mode of the router to privilege exec mode. In user exec mode you are unable to make changes, so you had to go to privilege exec mode. In order to change the settings of the Ethernet interface, you need to go to the interface prompt, which is in global configuration, where most changes are made. To move to global configuration, you typed configure terminal, and to move to the interface prompt, you typed interface ethernet0. Ethernet0 is the first Ethernet interface on the router; the second Ethernet interface would be Ethernet1 (if you had a second Ethernet interface).

Once at the Ethernet interface prompt, you then assigned the IP address with the ip address command. The last command, no shutdown, is used to enable the interface. To disable the interface at any time, you could use the shutdown command. To assign the IP address to the Serial 0 port on ROUTER, you would type the following commands:

ROUTER> enable
ROUTER# configure terminal
ROUTER(config)# interface serial0
ROUTER(config-if)# ip address 192.168.2.1 255.255.255.0
ROUTER(config-if)# no shutdown

 

 

types of Network address Translation (NAT)

1.       Static NAT:   This type of NAT is designed to allow one-to-one mapping between local and global addresses. Keep in mind that the static version requires you to have one real Internet IP address for every host on your network.

2.       Dynamic NAT:   This version gives you the ability to map an unregistered IP address to registered IP address from out of a pool of registered IP addresses. You don’t have to statically configure your router to map an inside to an outside address as you would use static NAT, but you do have to have enough real, bona-fide IP addresses for everyone who’s going to be sending packets to and receiving them from the internet.

3.       Overloading:   This is the most popular type of NAT configuration. Understand that overloading really is a form of dynamic NAT that maps multiple unregistered IP addresses to a single registered IP address – many-to-one – by using different ports. Now, why is this so special? Well, because it’s also known as Port Address Translation (PAT). And by using PAT (NAT overload), you get to have thousands of users connect to the internet using only real global IP address – cool right, yeah? Seriously, NAT Overload is the real reason we haven’t run out of valid IP address on the internet,

 

Dial-up connections

Dial-up lines are local loop public Switched Telephone Network (PSTN) connections that use modems, existing phone lines, and existing long-distance carrier services to provide low-cost, low-bandwidth WAN connectivity and remote network access. Dial-up lines are generally limited to 56Kbps, and are sometimes used for backups for higher-bandwidth WAN services.

Dial-up Hardware
You can keep hardware requirements simple and use a modem attached to a serial port on a PC, or you can use a specialized modem card installed in the server to support multiple phone connections.

RJ-11 Connectors

RJ-11 connectors are four- or six – wire connectors that are used to connect telephones and modems to telephone outlets. The RJ-11 connector looks much like the RJ-45 connector that is used to connect network cards to LANs. When you are looking at an RJ-11 and RJ-45 connector, the RJ-11 connector is smaller.

 

Benefits and Drawbacks of Dial-up

Dial-up lines have two major drawbacks: they are slow and they can have considerable connection wait time (because the modem has to dial and establish a connection before data can be sent across the network). Despite those limitations, dial-ups are popular because they provide enough bandwidth to get the job done at a very low cost, and because the telephone infrastructure is already in place and is universally available.

 

Voice over IP (VoIP)

Voice over IP (VoIP) is a voice over Data implementation in which voice signals are transmitted over IP networks. The phone instrument is the addressed device. It can be an IP telephone unit or a VoIP interface at a private Branch Exchange (PBX), which enables the phone system to access the IP network at a single point. A dial-plan map translates between PBX dial numbers and IP addresses; if a dialed phone number is found in the map, VoIP route the call to an IP host.

Advantages and Limitations of VoIP

VoIP is being rapidly adopted because it relies on the existing, robust router infrastructure of IP networks and the near-universal implementation of the IP protocol. It also eliminates per-call costs because it uses the existing internet connectivity channel. It does have some drawbacks. The major problem is that IPv4 does not provide for time-sensitive data. On a busy network, voice data is packet switched with other network data and delivery can slow down or become unreliable.

VoIP Protocols

A VoIP session may use one or more protocols, depending on the session parameters.

·         Secure Initiation Protocol (SIP): A signaling protocol for multimedia communication sessions. Used to initiate, modify, and terminate a session. SIP must work with other protocols because it is only responsible for the signaling portion of a communication session.

·         Session Description Protocol (SDP): The format for describing the content of a multimedia communication session.

·         Real-time Transport Protocol (RTP): Transmits audio or video content and defines the packet for delivery including the type of content, sequence numbering, time stamping, and delivery monitory. Has no specific UDP or TCP port number; rather a dynamic range of port numbers, which makes traversing firewalls difficult.

·         Real-time Transport Control Protocol (RTCP): Used primarily to monitor QoS in RTP transmissions. Acts as a partner to RTP to package and deliver data but does not transport data.

Secure Shell (SSH)

Secure Shell (SSH) is a program that enables a user or application to log on to another computer over a network, execute commands, and manage files. It provides strong authentication methods and secure communications over insecure channels. With the SSH slogin command, the entire login session, including the password, is encrypted and protected against attack.

SSH encrypts all traffic (including passwords) to effectively eliminate eavesdropping, connection hijacking, and other network-level attacks, such as IP spoofing, IP source routing, and DNS spoofing. When you implement SSH with encryption, any attacker who has managed to gain access to your network can only force SSH to disconnect. They cannot play back the traffic or hijack the connection.

Secure Shell works with many different operating systems, including Windows, UNIX, and Macintosh systems.

SSH1 and SSH2

There are two versions of Secure Shell available: SSH1 and SSH2.SSH1 and SSH2 are two different protocols and encrypt different parts of the data packet. SSH2 is more secure. To authenticate systems, SSH1 employs user keys, to identify users; host keys, to identify systems; session keys, to encrypt communication in a single session; and server keys, which are temporary keys that protect the session key. SSH2 does not use server keys. SSH2 includes a secure replacement for FTP called secure file transfer protocol (SFTP). Because of the different protocol implementations, SSH1 and SSH2 are not compatible with each other.

NOTE: that the SFTP acronym is used both for Secure File Transfer Protocol as well as for the obsolete Simple File Transfer Protocol.

How to configure RIPv1 and RIP v2

To configure RIP routing, just turn on the protocol with the router rip command and tell the RIP routing protocol which networks to advertise. The network command tells the routing protocol which classful network to advertise. RIP has an administrative distance of 120. static routes has an administrative distance of 1 by default. look at the example below:

router#
router#config t
router(config)#router rip
router(config-router)#network 10.0.0.0

       That's it for RIP version 1, however, keep in mind the extra router CPU process and bandwidth that you're consuming.
       Notice I didn't type in subnets, only the classful address network address (all subnet bits and host bits off). It is the job of the routing protocol to find the subnets and populate the routing tables. Remember that RIP uses the classful address when configuring the network address. Because of this, all subnet masks must be the same on all devices in the network (this is called classful routing). Let's say you're using a Class B network address of 172.16.0.0/24 with subnets 172.16.10.0, 172.16.20.0, and 172.16.0.0 and let RIP find the subnets and place them in the routing table.

Configuring RIPv2
       RIPv2, unlike RIPv1, is a classless routing protocol (even though it is configured as classful like RIPv1), which means that it sends subnet mask information along with the route updates. by sending the subnet mask information with the updates, RIPv2 can support Variable Length Subnet Masks (VLSMs) as well as the summarization of network boundaries. RIPv2 can support discontiguous networking, here is an example on RIPv2 configuration:

router#
router#config t
router(config)#router rip
router(config-router)#network 192.168.30.0
router(config-router)#network 192.168.40.0
router(config-router)#version 2

        That's it; just add the comman Version 2 under the (config-router)# prompt and you are now running RIPv2.       

      

RIP (Routing Information Protocol)

Routing Information Protocol (RIP) is a true distance-vector routing protocol. RIP sends the complete routing table out to all active interfaces every 30 seconds. RIP only uses hop count to determine the best way to a remote network, but it has a maximum allowable hop count of 15 by default, meaning that 16 is deemed unreachable. RIP works well in small networks, but it’s inefficient on large networks with slow WAN links or on networks with a large number of routers installed.

                RIP version 1 uses only classful routing, which means that all devices in the network must use the same subnet mask. This is because RIP version 1 doesn’t send updates with subnet mask information in tow. RIP version 2 provides something called prefix routing and does send subnet mask information with the route updates. This is called classless routing. RIP uses four kinds of timers to regulate its performances:

Route update timer:  Sets the interval (typically 30 seconds) between periodic routing updates in which the router sends a complete copy of its routing table out to all neighbors.

Route invalid timer:  Determines the length of time that must elapse (180 seconds) before a router determine that a route has become invalid. It will come to this conclusion if it hasn’t heard any update about a particular route for that period. When that happens, the router will send out updates to all its neighbors letting them know that the route is invalid.

Holddown timer: This sets the amount of time during which routing information is suppressed. Routes will enter into the Holddown state when an update packet is received that indicated the route is unreachable. This continues either until an update packet is received with a better metric or until the holddown timer expires. The default is 180 seconds.

Route flush timer:  Sets the time between a route becoming invalid and its removal from the routing table (120 seconds). Before it’s removed from the table, the router notifies its neighbors of that route’s impending demise. This gives the router enough time to tell its neighbors about the invalid route before the local routing table is updated. See how to configure RIP

How to configure EIGRP

EIGRP can be configured for IP, IPv6, IPX and AppleTalk. There are two modes from which EIGRP command are entered: router configuration mode and interface configuration mode. Router configuration mode enables the protocol, determines which networks will run EIGRP, and sets global characteristics. Interface configuration mode allows customization of summaries, metrics, timers and bandwidth.

To start an EIGRP session on a router, use the router eigrp command followed by the autonomous system number of your network. You then enter the network numbers connected to the router using the network command followed by the network number. Example below:

Router#config t

Router(config)#router eigrp 90

Router(config-router)#network 192.168.10.0

Router(config-router)#network 172.16.0.0.

NOTE: Understand that the AS number is irrelevant – that is, as long as all routers use the same number! You can use any number from 1 to 65,535.

EIGRP Enhance Interior Gateway Routing Protocol

Enhanced Interior Gateway Routing Protocol (EIGRP) is a cisco proprietary Cisco protocol that runs on Cisco routers. Understanding EIGRP is very important because it is probably one of the two most popular routing protocols in used today. EIGRP is a classless, enhanced-vector protocol that gives us a real edge over another Cisco proprietary protocol, Interior Gateway Routing Protocol (IGRP). That’s basically why it’s call Enhanced IGRP, like IGRP, EIGRP uses the concept of an autonomous system to describe the set of contiguous routers that run the same routing protocol and share routing information. But unlike IGRP, EIGRP includes the subnet mask in its route updates. The advertisement of subnet information allows us to use Variable Length Subnet Mask (VLSM) and summarization when designing our networks!

           EIGRP is sometimes referred to as a hybrid routing protocol because it has characteristics of both distance-vector and link-state protocols. For example, EIGRP doesn’t send link-state packets as OSPF does; instead, it sends traditional distance-vector updates containing information about networks plus the cost of reaching them from the perspective of the advertising router. And EIGRP has link-state characteristics as well – it synchronizes routing tables between neighbors at startup and then sends specific updates only when topology changes occur. This makes EIGRP suitable for very large networks. EIGRP has a maximum hop count of 255 (the default is set to 100).

There are a number of powerful features that make EIGRP a real standout from IGRP and other protocols. The main features are:

·         Support for IP and IPv6 (and some other useless routed protocols) via protocol dependent modules.

·         Considered classless (same as RIPv2 and OSPF).

·         Support for VLSM/CIDR.

·         Best path selection via Diffusion Update Algorithm (DUAL).

·         Support for summaries and discontiguous networks.

·         Efficient neighbor discovery.

·         Communication via Reliable Transport Protocol (RTP).