OVERVIEW
Wikipedia: Internet (WAN)
https://en.wikipedia.org/wiki/Internet
The Internet (or just internet) is the global system of
interconnected computer networks that uses the Internet
protocol suite (TCP/IP) to communicate between networks and
devices. It is a network of networks that consists of
private, public, academic, business, and government networks
of local to global scope, linked by a broad array of
electronic, wireless, and optical networking technologies.
The Internet carries a vast range of information resources
and services, such as the inter-linked hypertext documents
and applications of the World Wide Web (WWW), electronic
mail, telephony, and file sharing.
Wikipedia: Default Gateway (Router)
https://en.wikipedia.org/wiki/Default_gateway
A default gateway is the node in a computer network using
the internet protocol suite that serves as the forwarding
host (router) to other networks when no other route
specification matches the destination IP address of a
packet.
A gateway is a network node that serves as an access point
to another network, often involving not only a change of
addressing, but also a different networking technology. More
narrowly defined, a router merely forwards packets between
networks with different network prefixes. The networking
software stack of each computer contains a routing table
that specifies which interface is used for transmission and
which router on the network is responsible for forwarding to
a specific set of addresses. If none of these forwarding
rules is appropriate for a given destination address, the
default gateway is chosen as the router of last resort. The
default gateway can be specified by the route command to
configure the node's routing table and default route.
In a home or small office environment, the default gateway
is a device, such as a DSL router or cable router, that
connects the local network to the Internet. It serves as the
default gateway for all network devices.
Wikipedia: Local Area Network (LAN)
https://en.wikipedia.org/wiki/Local_area_network
A Local Area Network (LAN) is a computer network that
interconnects phones, tablets, computers, (and other
devices that people connect to the internet) within a
limited area such as a residence, school, laboratory,
university campus or office building. Ethernet and Wi-Fi are
the two most common technologies in use for local area
networks.
EXAMPLE OF A LOCAL AREA NETWORK (LAN)
Diagram of your Instructor's Local Area Network.
My ISP supplied Cable Modem (not shown on the diagram) would
be located at the word "Internet" on this diagram and
connects directly to airport3b (Router).
Each AirPort Extreme is a Wi-Fi Access Point and can also
be configured as a Router.
Each solid line represents a cat5/6 ethernet cable. Ethernet
cables connect Modem to airport3b (Router), which in turn
connect to airport1b (Wi-Fi Access Point) and airport2b
(Wi-Fi Access Point).
The three Wi-Fi Access Points located at opposite ends of
the house provide good coverage in any room. Mesh routers
achieve similar coverage without cables.
open -a "AirPort Utility.app" to demo devices connected
via Wi-Fi
INTERNET SERVICE PROVIDER (ISP)
Wikipedia: Internet Service Provider (ISP)
https://en.wikipedia.org/wiki/Internet_service_provider
An Internet service provider (ISP) is an organisation that
provides services for accessing, using, or participating in
the Internet. Internet service providers can be organized in
various forms, such as commercial, community-owned,
non-profit, or otherwise privately owned.
Internet services typically provided by ISPs can include
Internet access, Internet transit, domain name registration,
web hosting, Usenet service, and colocation.
An ISP typically serves as a connection or gateway that
provides a user, access to everything available on the
Internet.
Wikipedia: Carrier-grade NAT
https://en.wikipedia.org/wiki/Carrier-grade_NAT#Disadvantages
Many cell phone carriers (AT&T, Verizon, T-Mobile, etc.) and
Some Fiber Optic ISPs use Carrier-grade NAT as there are not
enough IPv4 addresses for all of their customers.
From the command line:
traceroute -aI `curl --connect-timeout 1 -s ipinfo.io/ip`
If more than one hop, your IP address is behind a NAT.
open -a "AirPort Utility.app" to demo router's
WAN IP address
LAN IP address
If your WAN IP address, as shown on your Router, is:
10.0.0.0 - 10.255.255.255 (10.0.0.0/8) 16,777,216
172.16.0.0 - 172.31.255.255 (172.16.0.0/12) 1,048,576
192.168.0.0 - 192.168.255.255 (192.168.0.0/16) 65,536
then you are NAT'd. These are private IP addresses, as
defined in RFC 1918.
https://www.ripe.net/participate/member-support/lir-basics/ipv6_reference_card.pdf
BeeNetTools (App for iOS, iPadOS) Ping, Traceroute, & MTR
https://apps.apple.com/us/app/beenettools/id1160138136
FIND INTERNET SERVICE PROVIDERs (ISPs) IN YOUR AREA
AllConnect: Internet Providers by Address
https://www.allconnect.com/internet
FCC: Internet Service Providers by Address (July 2019)
https://broadbandmap.fcc.gov
Who is My Current Internet Service Provider?
https://bgp.he.net
https://www.test-ipv6.com
What is My Current Internet Service Provider Bandwidth/Speed?
https://speedtest.tds.net
http://speedtest.mediacomtoday.com
http://speedtest.centurylink.com
https://fast.com
MODEM
A modem, usually provided by your Internet Service Provider
(ISP) translates signals from your ISP via fiber, cable,
phone line, or Antenna into digital signals using the
internet protocol (IP). A modem will have a unique IPv4
address on the Internet.
The current status of the modem lights helps the end user to
know whether a connection is established, if the connection
is active, or if the connection has dropped for some reason.
One should download the Manual (PDF) for your Modem.
Cable modems often use an internal IP Address 192.168.100.1
Using your browser type: http://192.168.100.1
ROUTER
A NAT router (sometimes referred to as a gateway) creates a
local area network (LAN) of private IP addresses and
interconnects that LAN to the wide area network (WAN) known
as the Internet. The "Network Address Translation" (NAT)
performed by the router allows multiple computers, smart
phones, tablets, and other devices connected to the LAN
behind the router to communicate with the external Internet.
One should download the Manual (PDF) for your Modem, Router,
and/or Modem-Router combination.
Modem Router
THE CHECKLIST PODCAST 89: ROUTER RUNDOWN (22+ min)
https://www.securemac.com/checklist/checklist-89-router-rundown
Routers -- Most everybody has one at home. But most of us
don't know anything about our routers. If the router gets
hacked the bad guys can get everything!
WARNING ABOUT ROUTERS
Most gateway routers used by home customers are profoundly
not secure. Some routers are so vulnerable to attack that
they should be thrown out, a security expert said at the
HOPE X hacker conference in New York.
"If a router is sold at [a well-known retail electronics
chain], you don't want to buy it," independent computer
consultant Michael Horowitz said in a presentation.
"If your router is given to you by your Internet Service
Provider (ISP), you don't want to use it either, because
they give away millions of them, and that makes them a prime
target both for spy agencies and bad guys."
ROUTER BUGS, FLAWS, HACKS, AND VULNERABILITIES
https://routersecurity.org/bugs.php
If you care about the security of your router, and you
should, it is best to avoid consumer grade routers. On the
whole, the software in these routers is buggy as heck.
SUGGESTED SECURE ROUTERS
http://edu-observatory.org.olli/Networks/Suggested_Secure_Routers.html
ACCESSING YOUR ROUTER FOR ADMINISTRATION (Extremely Important)
Internet Service Provider (ISP) supplied Routers (not
recommended), the administration thereof, many not be
readily accessable to you with the ISP holding the login
username and password. Your ISP should provide you with the
access at the time of installation or upon request.
Apple AirPort Utility
https://apps.apple.com/us/app/airport-utility/id427276530
https://support.apple.com/guide/aputility/welcome/mac
open -a "AirPort Utility.app" to demo router setup,
and maintenance.
Find Your Router's Internal IP Address (Windows)
Type from command line: ipconfig
Find Your Router's Internal IP Address (Mac)
System Preferences > Network > Advanced > TCP/IP
or type from command line: route get default
Once you know your Router's Internal IP address, using your
browser, type: http://Your Router's External IP Address
ROUTER SECURITY SETTINGS (Extremely Important)
Apple: Recommended Settings For Wi-Fi Routers And Access Points
https://support.apple.com/en-us/HT202068
FTC: Securing Your Wireless Network
https://www.consumer.ftc.gov/articles/0013-securing-your-wireless-network
Secure Router Configuration
https://routersecurity.org/index.php#StartHere
https://routersecurity.org/index.php#FullList
Router Security Checklist
https://routersecurity.org/checklist.php
TESTING YOUR ROUTER FROM THE OUTSIDE
ShieldsUP!! -- Internet Connection Security for Windows Users
by Steve Gibson, Gibson Research Corporation
https://www.grc.com/x/ne.dll?bh0bkyd2
Your use of the Internet security vulnerability profiling
services on this site constitutes your FORMAL PERMISSION for
us to conduct these tests and requests our transmission of
Internet packets to your computer. ShieldsUP!! benignly
probes the target computer at your location. Since these
probings must travel from our server to your computer, you
should be certain to have administrative right-of-way to
conduct probative protocol tests through any and all
equipment located between your computer and the Internet.
DNS Nameserver Spoofability Test
https://www.grc.com/dns/dns.htm
Understanding ICMP and why you shouldn't just block it outright
https://neilalexander.dev/2017/04/16/understanding-icmp.html
You need your External IPv4 address for Nmap Online (below)
https://bgp.he.net
https://www.test-ipv6.com
Nmap Online
https://nmap.online
Test Your Router
https://www.routersecurity.org/testrouter.php
TESTING DEVICES WITHIN YOUR LOCAL AREA NETWORK (LAN)
Download the Free Nmap Security Scanner for Linux/Mac/Windows
https://nmap.org/download.html
Nmap ("Network Mapper") is an open source tool for network
exploration and security auditing. It was designed to
rapidly scan large networks, although it works fine against
single hosts. Nmap uses raw IP packets in novel ways to
determine what hosts are available on the network, what
services (application name and version) those hosts are
offering, what operating systems (and OS versions) they are
running, what type of packet filters/firewalls are in use,
and dozens of other characteristics. While Nmap is commonly
used for security audits, many systems and network
administrators find it useful for routine tasks such as
network inventory, managing service upgrade schedules, and
monitoring host or service uptime.
Nmap Tutorial to find Network Vulnerabilities
https://www.youtube.com/watch?v=4t4kBkMsDbQ
Since my Local Area Network (LAN) has the IP addresses
172.16.0.1/24 I will do the following nmap scan:
sudo nmap -F 172.16.0.1/24
Wireshark
https://sectools.org/tool/wireshark/
https://www.wireshark.org
Wireshark is the world's foremost and widely-used network
protocol analyzer. It lets you see what's happening on your
network at a microscopic level and is the de facto (and
often de jure) standard across many commercial and
non-profit enterprises, government agencies, and educational
institutions. Wireshark development thrives thanks to the
volunteer contributions of networking experts around the
globe and is the continuation of a project started by Gerald
Combs in 1998.
Wi-Fi SIGNAL BASICS
Just to clear up a popular misconception: Wi-Fi microwaves
are non-ionizing radiation. That means that they do not
cause cancer. That's right kids, microwaves will not make
you radioactive and glow in the dark!
Best Practices for Access Point Placement
https://www.control4.com/docs/product/access-points/best-practices/english/latest/access-points-best-practices-rev-a.pdf
Proper access point (AP) installation and placement is a
critical step in the wireless design process. Follow these
recommended best practices for the best placement of your
AP.
open -a "AirPort Utility.app" to demo connection
quality, signal strength, speed, and bandwith via Wi-Fi
Wikipedia: IEEE 802.11 (technical)
https://en.wikipedia.org/wiki/IEEE_802.11
IEEE 802.11 is part of the IEEE 802 set of local area
network (LAN) protocols, and specifies the set of media
access control (MAC) and physical layer (PHY) protocols for
implementing wireless local area network (WLAN) Wi-Fi
computer communication in various frequencies, including but
not limited to 2.4 GHz, 5 GHz, 6 GHz, and 60 GHz frequency
bands.
WHAT YOU CONNECT TO THE INTERNET MATTERS (Extremely Important)
Wikipedia: Internet of things
https://en.wikipedia.org/wiki/Internet_of_things
The Internet of Things (IoT) describes the network of
physical objects-"things"-that are embedded with sensors,
software, and other technologies for the purpose of
connecting and exchanging data with other devices and
systems over the internet.
The definition of the Internet of Things has evolved due to
the convergence of multiple technologies, real-time
analytics, machine learning, commodity sensors, and embedded
systems. Traditional fields of embedded systems, wireless
sensor networks, control systems, automation (including home
and building automation), and others all contribute to
enabling the Internet of things. In the consumer market, IoT
technology is most synonymous with products pertaining to
the concept of the "smart home", including devices and
appliances (such as lighting fixtures, thermostats, home
security systems and cameras, and other home appliances)
that support one or more common ecosystems, and can be
controlled via devices associated with that ecosystem, such
as smartphones and smart speakers.
There are a number of serious concerns about dangers in the
growth of IoT, especially in the areas of privacy and
security, and consequently industry and governmental moves
to address these concerns have begun including the
development of international standards.
Checklist 172: A Ring of Trouble (28+ min)
https://www.securemac.com/checklist/checklist-172-a-ring-of-trouble
Checklist 129: The Internet of Things and Other Things (35+ min)
https://www.securemac.com/checklist/internet-of-things-and-other-things
Checklist 126: Little Nests Have Big Ears (29+ min)
https://www.securemac.com/checklist/checklist-126-little-nests-have-big-ears
Privacy When Using the Internet
http://edu-observatory.org/olli/Privacy/index.html
Home Computer Security
http://edu-observatory.org/olli/HCS/index.html
Problems/Bugs continue to be found in hardware, operating
systems, applications software, networks, and technology.
There is an ongoing battle between the good guys finding and
fixing the problems and the bad guys1 finding and exploiting
the problems. Your role is important in this ongoing drama!
1Do bad guys include ISPs, Carriers, big tech and your own
government?
INTERNET CONNECTIVITY AND RELIABILITY
http://edu-observatory.org/olli/Connectivity/index.html
If you have ever gotten the message "Server Not Found", or
"You Are Not Connected to the Internet", might be due to an
internet Connectivity and Reliability issue. This resource
will help you troubleshoot the cause and lead you to a
reliable solution.
sam.wormley@gmail.com