A Short brief about Advanced Persistence Threat

Advanced Persistence Threat, these groups are not an individual identity. They are mostly organizations or countries (based on agenda/political reasons) with expertise teams. Not a normal expert, they are trained professionals and they have the potential to break in any systems and move laterally in a LAN without being caught for years.

Even your antivirus cannot detect this movement, because they do not create malwares, they just abuse genuine applications (like PowerShell) and move laterally like a genuine process.

Key components of an APT is, moving laterally, being persistence, create CnC channel, getting payload with just a DNS request and more. Every APT attacks so far recorded, they do have uniqueways of propagating a network and they rely highly on open ports, unprotected network zones, vulnearables applications, network shares,etc. Once they break in, they do whatever they intend to do.

Read More

Types of SOC

 Categorize SOCs that are internal to the constituency into five organizational models of how the team is comprised,

1. Security team.

No standing incident detection or response capability exists. In the event of a computer security incident, resources are gathered (usually from within the constituency) to deal with the problem, reconstitute systems, and then 16 stands down.

Results can vary widely as there is no central watch or consistent pool of expertise, and processes for incident handling are usually poorly defined. Constituencies composed of fewer than 1,000 users or IPs usually fall into this category.

2. Internal distributed SOC.

A standing SOC exists but is primarily composed of individuals whose organizational position is outside the SOC and whose primary job is IT or security related but not necessarily CND related.

One person or a small group is responsible for coordinating security operations, but the heavy lifting is carried out by individuals who are matrixed in from other organizations. SOCs supporting a small- to medium-sized constituency, perhaps 500 to 5,000 users or IPs, often fall into this category.

3. Internal centralized SOC.

A dedicated team of IT and cybersecurity professionals comprise a standing CND capability, providing ongoing services.

The resources and the authorities necessary to sustain the day-to-day network defense mission exist in a formally recognized entity, usually with its own budget. This team reports to a SOC manager who is responsible for overseeing the CND program for the constituency. Most SOCs fall into this category, typically serving constituencies ranging from 5,000 to 100,000 users or IP addresses.

4. Internal combined distributed and centralized SOC.

The Security Operations Center is composed of both a central team (as with internal centralized SOCs) and resources from elsewhere in the constituency (as with internal distributed SOCs). Individuals supporting CND operations outside of the main SOC are not recognized as a separate and distinct SOC entity.

For larger constituencies, this model strikes a balance between having a coherent, synchronized team and maintaining an understanding of edge IT assets and enclaves. SOCs with constituencies in the 25,000–500,000 user/IP range may pursue this approach, especially if their constituency is geographically distributed or they serve a highly heterogeneous computing environment.

5. Coordinating SOC.

The SOC mediates and facilitates CND activities between multiple subordinate distinct SOCs, typically for a large constituency, perhaps measured in the millions of users or IP addresses.

A coordinating SOC usually provides consulting services to a constituency that can be quite diverse.

It typically does not have active or comprehensive visibility down to the end host and most often has limited authority over its constituency.

Coordinating SOCs often serve as distribution hubs for cyber intel, best practices, and training. They also can offer analysis and forensics services, when requested by subordinate SOCs.

Read More

A short brief about Security Operations Center

 

What Is a Security Operations Center (SOC) ?

A SOC is a team primarily composed of security analysts organized to detect, analyze, respond to, report on, and prevent cybersecurity incidents.

The practice of defense against unauthorized activity within computer networks, including monitoring, detection, analysis (such as trend and pattern analysis), and response and restoration activities.

There are many terms that have been used to reference a team of cybersecurity experts assembled to perform CND.

They include: ‚

• Computer Security Incident Response Team (CSIRT) ‚
• Computer Incident Response Team (CIRT) ‚
• Computer Incident Response Center (or Capability) (CIRC) ‚
• Computer Security Incident Response Center (or Capability) (CSIRC) ‚
• Security Operations Center (SOC) ‚
• Cybersecurity Operations Center (CSOC)
• ‚ Computer Emergency Response Team(CERT)

In order for an organization to be considered a SOC, it must:

• 1. Provide a means for constituents to report suspected cybersecurity incidents
• 2. Provide incident handling assistance to constituents
• 3. Disseminate incident-related information to constituents and external parties.

Read More

Types of logs in windows ?

 In specific with windows logs are three type system, security, and application

Application log

Each application will have their logs, which will be triggered when it contains errors or warning will be sent to SOC for review.

Security log

Suspicious User activities for account success and failure logins will be logged and process creation, termination for each and every file accessed by user account logged will be logged into this category.

System log

Logs which footprinting the process of kernel boot, driver updates or failure, windows update and more interesting things will be logged into system log category.

Since security is our concern, we will discuss security logs, look below the figure for better understanding, In this screenshot analyst is analyzing a log for windows event sources.

As I told earlier Siem is built for visibility so, whatever security issues happening with end users should be triggered to Security operation center.

In the above picture, an analyst has clear visibility of end user activities.In this, we can see the event id is 4720.

When a new user account is created for domain accounts or local SAM accounts.Event logs will be established with event id 4720 with respect to new user account creation.

Read More

SIEM Better Visibility for SOC Analyst

 We are in the complex world where attacks are increasing day by day, so today the cyber intelligence depends on SIEM as a part of infosec (security incident and event management).

Most companies depend on logs and packets to have a better view.. above 90 % of them are working with logs rather than packets. People, process, and technology will be a triangle for security operations.

      

                                   Security Triangle  

  

  From this post, you will be knowing that what are logs and how they are parsed through SIEM for better visibility for an analyst to handle an incident.

Logs are an essential part of each device. logs are meaningful elements which can show relevant information about end-user activities to security analyst under SOC(Security Operation Center) and it is also part of the review for audit and compliance.

Let’s take the scenario that the Windows operating system may be your event source and Analyst at another end. What are the activities you are performing from power on to power off will be logged and logs will be sent to Security Operation Center. Users unusual activities will be recorded as an incident in Security operation center.

Logs are three types which will be triggered according to your activities performed in your system

Read More

Top 10 Use Cases for SIEM

 With the growing use of SIEM solutions, business houses are keen on solving a number security and business use cases seen during their day-to-day operations. In this post, we will go through the top 10 use cases with an overview of how you can use  to detect any such behavior in your infrastructure

The following are the top 10 use cases:

1. Authentication Activities

Abnormal authentication attempts, off hour authentication attempts etc, using data from Windows, Unix and any other authentication application.

2. Shared Accounts

Multiple sources(internal/external) making session requests for a particular user account during a given time frame, using login data from sources like Windows, Unix etc.

3. Session Activities

Session duration, inactive sessions etc, using login session related data specifically from Windows server.

4. Connections Details

Connections can be genuine or bogus. Suspicious behavior may include connection attempts on closed ports, blocked internal connections, connection made to bad destinations etc, using data from firewalls, network devices or flow data. External sources can further be enriched to discover the domain name, country and geographical details.

5. Abnormal Administrative Behavior

Monitoring inactive accounts, accounts with unchanged passwords, abnormal account management activities etc, using data from AD account management related activities.

6. Information Theft

Data exfiltration attempts, information leakage through emails etc, using data from mail servers, file sharing applications etc.

7. Vulnerability Scanning and Correlation

Identification and correlation of security vulnerabilities detected by applications like Qualys against other suspicious events.

8. Statistical Analysis

Statistical analysis can be done to study the nature of data. Functions like average, median, quantile, quartile etc can be used for the purpose. Numerical data from all kind of sources can be used to monitor relations like ratio of inbound to outbound bandwidth usage, data usage per application, response time comparison etc.

9. Intrusion Detection and Infections

This can be done by using data from IDS/IPS, antivirus, anti-malware applications etc.

10. System Change Activities

This can be done by using data for changes in configurations, audit configuration changes, policy changes, policy violations, etc.

Readers, you can share your own use cases which you have experienced in the comment section below.

Read More

Critical Controls and SIEM

 Critical Control 1: Inventory of Authorized and Unauthorized Devices

SIEM can correlate user activity with user rights and roles to detect violations of least
privilege enforcement, which is required by this control.

Critical Control 2: Inventory of Authorized and Unauthorized Software

SIEM should be used as the inventory database of authorized software
products for correlation with network and application activity.

Critical Control 3: Secure Conjurations for Hardware and Software on Laptops, Workstations, and Servers

Known vulnerabilities are still a leading avenue for successful exploits. If an automated
device scanning tool discovers a mis configured network system during a Common
Configuration Enumeration (CCE) scan, that misconfiguration should be reported to the
SIEM as a central source for these alerts. This helps with troubleshooting incidents as
well as improving overall security posture.

Critical Control 4: Secure Configurations for Network Devices such as Firewalls, Routers,and Switches

Any misconfiguration on network devices should also be reported to the SIEM for consolidated analysis

Critical Control 5: Boundary Defense

Network rule violations, like CCE discoveries, should also be reported to one central
source (a SIEM) for correlation with authorized inventory data stored in the SIEM
solution

Critical Control 6: Maintenance, Monitoring, and Analysis of Audit Logs

Control 6 is basically a control about SIEMs, which are a leading means for collecting
and centralizing critical log data; in fact, there is even a subcontrol for analysis that
studies SIEM specifically. SIEMs are the core analysis engine that can analyze log events
as they occur.

Critical Control 7: Application Software Security

Like CCE scan results, vulnerabilities that are discovered in software applications should
also be reported to a central source where these vulnerabilities can be correlated with
other events concerning a particular system. SIEMs are a good place to store these scan
results and correlate the information with network data, captured through logs, to
determine whether vulnerabilities are being exploited in real time.

Critical Control 8: Controlled Use of Administrative Privileges

When the principles of this control are not met (such as an administrator running a
web browser or unnecessary use of administrator accounts), SIEM can correlate access
logs to detect the violation and generate an alert.

Critical Control 9: Controlled Access Based on Need to Know

SIEM can correlate user activity with user rights and roles to detect violations of least
privilege enforcement, which is required by this control.

Critical Control 10: Continuous Critical Control

SIEM can correlate vulnerability context with actual system activity to determine
whether vulnerabilities are being exploited.

Critical Control 11: Account Monitoring and Control

Abnormal account activity can only be detected when compared to a baseline of
known good activity. The baseline to meet this control should be recorded by the
SIEM; and, as future snapshots or baselines are recorded, they can be compared to the
approved baseline in the SIEM.

Critical Control 12: Malware Defenses

Malware that is discovered should be recorded according to this control. Centralized
anti-malware tools should report their findings to a SIEM, which correlates against
system and vulnerability data to determine which systems pose a greater risk due to the
malware discovered on that system

Critical Control 13: Limitation and Control of Network Ports, Protocols, and Services

if a system has a running port, protocol, or service that has not been authorized, it should also be reported to a central source where these vulnerabilities can be correlated with other events concerning a particular system. SIEMs can monitor log data to detect traffic over restricted ports, protocols, and services. Organizations can use these controls to decide which ports and services are useful for business, which are not, and which types of traffic and ports to limit

Critical Control 14: Wireless Device Control

Device misconfigurations and wireless intrusions should be reported to a central
database for incident handling purposes. A SIEM is a perfect candidate to consolidate
this information and use it for correlation or detection of threats to wireless
infrastructure

Critical Control 15: Data Loss Prevention

data loss rule violations, like CCE discoveries, should also be reported to one central source such as a SIEM, which can correlate data loss events with inventory or asset information as well as other system and user activity to detect complex breaches of sensitive data.

Critical Control 15: Data Loss Prevention

 

data loss rule violations, like CCE discoveries, should also be reported to one central source such as a SIEM, which can correlate data loss events with inventory or asset information as well as other system and user activity to detect complex breaches of sensitive data.

Read More

How Exactly Would the SIEM raise an alert ?

 Well, now you know that the logs from different devices are being forwarded into the SIEM. Take an example: A port scan is initiated against a specific machine. In such a case, the machine would generate a lot of unusual logs.

Analyzing the logs, it will be clear that a number of connection failures are occurring to different ports in regular intervals.

Seeing packet information if possible, we can detect the SYN requests being sent from the same IP to the same IP but to different ports in regular intervals. That concludes that somebody initiated an SYN scan against our asset.

The SIEM automates this process and raises alerts. Different solutions do this in different ways but produce same results.

The path to SIEM success looks something like this:

• Collect logs from standard security sources.
• Enrich logs with supplemental data.
• Global Threat Intelligence (Black Lists).
• Human Resource / Internet Download Management.
• Correlate — finding the proverbial needles in the log haystacks.
• Investigate — follow up and fix.
• The document — Standard Operating Procedures, Service Level Agreements, Trouble Tickets.
• Incorporate — Build white lists, new content.

Read More

Security Information/Events Logs

• Log Collection is the heart and soul of a SIEM – the more log sources that

send logs to the SIEM, the more that can be accomplished with the SIEM.

 

• Logs on their own rarely contain the information needed to understand their

contents within the context of your business.

 

• Security Analysts have limited bandwidth to be familiar with every last system

that your IT operation depends on.

 

• With only the logs, all an analyst sees is “Connection from Host A to Host B”

 

• Yet, to the administrator of that system, this becomes “Daily Activity Transfer

from Point of Sales to Accounts Receivable”.

 

• The Analyst needs this information to make a reasoned assessment of any

security alert involving this connection.

 

• The true value of logs is in correlation to getting actionable information.

 

Log Records Cover:

• • Normal activity
  • Error conditions
  • Configuration changes
  • Policy changes
  • User access to assets
  • Incident alerts
  • Unauthorized use of resources
  • Non-privileged access to files
  • User behavior patterns
  • Clearing of sensitive data
  • Access to audit trails

Logs provide feedback on the status of IT resources and all activity going through them.

How logs reach the SIEM?

Logs are fetched to the SIEM in two different ways. Agent-based & Non-Agent based. In the agent-based approach, a log pushing agent is installed in the client machine from which the logs are collected.

Then this agent is configured to forward logs into the solution. In the latter type, the client system sends logs on its own using a service like Syslog or Windows Event Collector service, etc.

There are also specific applications & devices which can be integrated through a series of vendor-specific procedures.

Read More

How does SIEM Works?

 One-stop answer is a co-relation. You may have noticed the word “Co-Relation” Yes, for the question How the SIEM works, But not that alone of course.

Basically, a SIEM tool collects logs from devices present in the Organization’s infrastructure. Some solutions also collect NetFlow and even raw packets. With the collected data(mainly logs, packets), the tool provides an insight into the happenings of the network.

It provides data for each event occurring in the network and thus acts as a complete centralized security monitoring system.

In addition to this, the SIEM tool can be configured to detect a specific incident. For example, a user is trying to log in to an AD server. For the first 3 times the authentication failed and the 4th time it succeeded. Now, this is an incident to look upon.

There are many possibilities. Maybe a person is trying to guess the password of another user and got it right, which is a breach. Or maybe if the user forgot his password but got it right at the end and so on. This is where co-relation comes in.

For such a case, a co-relation rule can be made in such a way that, If an authentication failure event is happening 3 times consecutively followed by success in a specific time period, then alert pops up.

This can be further investigated further by analyzing the logs from the respective machines. So my definition of co-relation is: “ It is the rule which aggregates events into an incident which is defined by specific application or scenario.”

Read More

Security Information and Event Management (SIEM)

 SIEM software products and services combine security information management (SIM) and security event management (SEM). They provide real-time analysis of security alerts generated by network hardware and applications.

Vendors sell SIEM as software, as appliances or as managed services; these products are also used to log security data and generate reports for compliance purposes.

Although the industry has settled on the term ‘SIEM’ as the catch-all term for

this type of security software, it evolved from several different (but complementary)

technologies that came before it.

Few other terms to know;

• LMS“Log Management System” – a system that collects and stores log files (from Operating Systems, Applications, etc) from multiple hosts and systems into a single location, allowing centralized access to logs instead of accessing them from each system individually.

 

• SLM /SEM “Security Log/Event Management” – an LMS, but marketed towards security analysts instead of system administrators. SEM is about highlighting log entries as more significant to security than others.

 

• SIM “Security Information Management” – an Asset Management system, but with features to join security information too. Hosts may have vulnerability reports listed in their summaries, Intrusion Detection and AntiVirus alerts may be shown mapped to the systems involved.

 

• SEC “Security Event Correlation” – To a particular piece of software, three failed login attempts to the same user account from three different clients, are just three lines in their logfile. To an analyst, that is a particular sequence of events worthy of investigation, and Log Correlation (looking for patterns in log files) is a way to raise alerts when these things happen.

 

• SIEM “Security Information and Event Management” – SIEM is the “All of the Above” option, and as the above technologies become merged into single products, it became the generalized term for managing information generated from security controls and infrastructure. We’ll use the term SIEM for the rest of this presentation.

• Data aggregation: Log management aggregates data from many sources, including network, security, servers, databases, applications, providing the ability to consolidate monitored data to help avoid missing crucial events.
• Correlation: looks for common attributes and links events together into meaningful bundles. This technology provides the ability to do a variety of correlation techniques to integrate different sources, to turn data into useful information. Correlation is typically a function of the Security Event Management part of a full SIEM solution
• Alerting: the automated analysis of correlated events and production of alerts, to tell recipients of immediate issues. Alerting can be to a dashboard or sent via third-party channels such as email.
• Dashboards: Tools can take event data and turn it into informational charts to aid in seeing patterns, or identifying activity that is not forming a standard pattern.
• Compliance: Applications can be employed to automate the gathering of compliance data, producing reports that adapt to existing security, governance, and auditing processes.
• Retention: employing long-term storage of historical data to facilitate the correlation of data over time, and to provide the retention necessary for compliance requirements. Long-term log data retention is critical in forensic investigations as it is unlikely that the discovery of a network breach will be at the time of the breach occurring.

• Forensic analysis: The ability to search across logs on different nodes and time periods based on specific criteria. This mitigates having to aggregate log information in your head or having to search through thousands and thousands of logs.

Read More

Comparison of Infrared, Radio waves, Microwaves

 

	Infrared	Radio Waves	Microwaves
1	Infrared is used for short-range communication like TV remotes, mobile phones, personal computers, etc. In science, the Infrared is part of a spectrum that is not visible to the human eye	Radio waves are the  type of wireless communication that can travel large distances as well as can penetrate any wall	Microwaves are a line of sight transmission, meaning both the antennas sending and receiving should be properly aligned.
2	The frequency range of infrared rays 300GHz – 400THz	The frequency range of radio    waves:3KHz – 1GHz.	Microwaves have a frequency Range between 1GHz – 300GHz.
3	The limitation of infrared rays is that they cannot penetrate any obstacles and can only use for short-range. Also, Infrared is used in night vision cameras as it has thermal properties. The frequency range of infrared rays 300GHz – 400THz	It can travel large distances as well as can penetrate any wall ( Omni-directional,	They are unidirectional, as they can move in only one direction, and therefore it is used in point-to-point communication or unicast communication such as radar and satellite.
4	Infrared is one of the secure wireless communication mediums as it is used for short-range. Also, unlike other wireless mediums, infrared is quite inexpensive, and this is some reason it is used in many electronic devices.	Radio waves can travel to long distances so it is used for long distance communication and there is no need of digging and spreading wires.	Advantages of microwaves then we say that it is a very fast way of communication, that can carry 25000 voice channels at the same time. Also, it is a wireless communication medium so there is no need of digging and spreading wires.
5	Infrared waves are used in TV remotes, mobile phones, personal computers	Radio waves are used in AM and FM radios, and cordless phones.	Microwaves are used in mobile phones communication and television distribution.

Questions for readers :

(Give your answers in the comments section below)

Question 1: Write a short note on Microwaves ?

Question 2: What do you mean by wireless communication. Give examples ?

Question 3: What is the frequency range of Infrared rays Radio waves, Microwave waves ?

Question 4: Write some advantages and disadvantages of Radio waves ?

Question 5: Write some features of wireless communication ?

There is no correct or wrong answers for these questions. So you can give your answers in the comment session below and we will give ours in the next post.

Read More

Types of Wireless Communication Media

 We are living in a world, where we can connect with friends within seconds no matter how far they are. But this was not possible in earlier days. We all have heard and read that earlier communication is very tough as sending a letter will require many days and sometimes months. Today is not a case we have different types of medium which can transmit our message very quickly. In this article, we will learn about transmission medium and after wireless communication. Now, what is a transmission medium? Basically, it transmits signals or messages from one computer to another computer. The transmission medium is further divided into two types: Wired or Guided transmission media ( e.g.: Twisted pair cable, Ethernet cable, Coaxial cable, and Optical fiber) and other is wireless or unguided transmission medium (e.g.: Infrared, Radio link, Microwave link, Satellite link, Bluetooth, WIFI ).

In this article, we are more concerned about wireless communication. So, let’s begin understanding wireless communication.

Wireless Communication

Wireless communication is also referred to as Unguided Media or Unbounded transmission media. In this mode, no physical medium is required for the transmission of electromagnetic signals. In wireless communication, we can transfer our message through the air, water or vacuum i.e. Infrared, Radio wave, Microwave wave. So, we don’t worry about the cables or any material to transfer messages, as we can send out a message without and medium.

Wireless communication has advantages and also have disadvantages like it is less secure if we talk about security.

Features

• No physical medium is required for transmission.
• It can carry signals through air, water, or vacuum.
• It can travel large distances but it is also less secure.

Let’s discuss some of its types:-

Infrared

Infrared is used for short-range communication like TV remotes, mobile phones, personal computers etc. In science, the Infrared is part of a spectrum that is not visible to the human eye. The limitation of infrared rays is that they cannot penetrate any obstacles and can only use for short-range. Also, Infrared is used in night vision cameras as it has thermal properties. The frequency range of infrared rays 300GHz – 400THz

Uses:

As we have already have discussed they are used in TV remotes, Pc devices like mice, and keyboards.

Advantage and Disadvantage:

If we talk about the merit part of infrared then we can say Infrared is one of the secure wireless communication mediums as it is used for short-range. Also, unlike other wireless mediums, infrared is quite inexpensive, and this is some reason it is used in many electronic devices.

Now, let’s talk about the disadvantaged part of Infrared waves so they can only be used in short-range communication. Also, they cannot penetrate any obstacles like walls or any building.

Radio Waves

So we have seen the limitation of infrared waves, so here’s another wireless communication that does not have limitations like infrared. Here we are discussing radio waves. that can travel large distances as well as can penetrate any wall ( Omni-directional, these waves can move in all directions). These are easy to generate and can penetrate through buildings. The requirement of radio waves is antennas, sending antennas where one can transmit its message and the other is receiving antennas. The frequency range of radio waves:3KHz – 1GHz. Also, radio waves of frequency 300KHz-30MHz can travel long distances. Moreover, they are   Susceptible to interference meaning they can penetrate any walls.

Uses:

Radio waves are used in AM and FM radios, and cordless phones. Also, some private and government organization reserves certain radio frequencies for direct communication.

Advantage and Disadvantage:

Radio waves have some advantages like they can travel long distances in all directions and can pass through any obstacles, and since they are wireless communication mediums so there is no need of digging and spreading wires. But, yes radio waves have some disadvantages too like radio waves are not effective in bad weather conditions, and they are less secure as they can travel large distances.

Microwaves

Microwaves are a line of sight transmission, meaning both the antennas sending and receiving should be properly aligned. Also, the distance covered by the signal is directly proportional to the height of the antenna. Microwaves have a frequency Range between 1GHz – 300GHz. Basically, we used Microwaves in mobile phones communication and television distribution.

Unlike radio waves, they are unidirectional, as they can move in only one direction, and therefore it is used in point-to-point communication or unicast communication such as radar and satellite.

Uses:

Microwaves are used in mobile phones communication and television distribution.

Advantage and Disadvantage:

If we talk about the advantages of microwaves then we say that it is a very fast way of communication, that can carry 25000 voice channels at the same time. Also, it is a wireless communication medium so there is no need of digging and spreading wires.

Now demerits of microwaves are the first expense, their installation and maintenance are very expensive. that turns this into a very expensive mode of communication. Moreover, Microwaves are also not very effective in bad weather conditions.

Read More

Types of Cables used in Wired Communication Media

Twisted pair cable

As the name suggests these are two twisted pairs of cables or wires made up of insulated copper. These are twisted together in such a way that they run parallelly one wire is used for the transmission of data and the other wire is used for ground. Usually, these wires or cables are 1mm in diameter. The twisted-pair cable is made up of 2 copper wires (insulated) arranged in a spiral pattern. Noise interference is more often the problem in these cables but it can be handled by increasing the number of turns per foot of twisted pair cable. 

Working of twisted-pair cables: The twisted pair cable has an outer jacket that keeps the wires together, shield for protection of cable, and color-coded plastic insulation to uniquely identify each conductor, and twisting of wires to cancel the electromagnetic waves that create noise interferences during the transmission of data. When current flows through the cable then a small circular magnetic field is created around the wire. For the connection between two devices connectors are needed at both ends like RJ45 for computer connection.

Types of Twisted pair cables are:-

• Unshielded Twisted pair (UTP)
• Shielded Twisted pair (STP)

Unshielded Twisted pair (UTP)

UTP cables are the most common twisted pair cables that are used in computer networks as well as in telecommunication. These cables are made up of 4 color-coded copper wires twisted together to cancel the disturbances from outer sources and the electromagnetic interference. There are different categories of UTP cables used for telecommunication and other purposes. For example, some are used for telephone line services with good speed and some offer 4mbps to 16mbps speed some provide 20mbps speed and it is enough for communication for longer distances.

Connectors: The most common UTP connector is RJ45 (Here, RJ stands for registered jack), (There are two types RJ45 male and RJ45 female cable). RJ45 is a keyed connector, which means that the connector can be connected in only one way. Its cables are mostly used on an ethernet connection. For example, Computers, Modems, Printers, and various network storage devices.

Merits

• These cables are cheaper.
• The maintenance cost is low.
• It doesn’t require any ground wire.

Demerits

• The transmission rate of data is slow.
• Noise is high in these cables.

Shielded Twisted pair cables (STP)

In comparison with UTP’s Shielded twisted pair cables are costlier and consist of metal foil sometimes made up of insulated conductors. Metal foils help to improve the quality of the wire which otherwise will be affected by noise. These cables are used to reduce crosstalk and the interference caused due to electromagnetic waves. The company that first introduced these STP cables was IBM. These cables are used for both Analog and digital transmissions.

Merits

• The transmission rate of data is fast.
• Noise is slow in these cables.

Demerits

• These cables are costlier.
• The maintenance cost is higher.
• It requires ground wire.

Applications 

Some applications of Twisted pair cables:

1. Telephone systems: To provide voice and data channels.
2. LANs use twisted-pair cables.
3. The DSL lines used by the telephone companies also use the unshielded twisted pair cables to provide extremely high data rate connections.

Co-axial cable

The most common type of transmission media that is used in various applications like tv wires and ethernet connection setup also. This is a form of transmission media that consists of two conductors kept in parallel to each other. It has a central core conductor of a solid copper wire enclosed in an insulating sheet and the middle core conductor is made up of copper mesh and lastly an outer metallic wrap that helps in noise cancellation. The whole cable is covered and protected by a plastic cover.

It is considered better than twisted-pair cables because of the higher frequency range. Coaxial cables are best suited for shorter distances as there are higher chances of data loss in more distances for that fibre optic cables are best as fibers are capable of higher data transfer and with greater speed as compared to coaxial cables. Cost and maintenance are also less, unlike fiber optic cables. And durability these cables are more. 

The various types of coaxial cables:

1. Triaxial Coaxial Cable
2. RG-49Coaxial Cable
3. RG-11 Coaxial Cable
4. RG-6Coaxial Cable
5. Hardline cable
6. Rigid Coaxial Cable
7. Semi-Rigid Coaxial Cable
8. Formable Coaxial Cable
9. Flexible Coaxial Cable

Working of Coaxial Cables: Coaxial cables are made up of copper wires for carrying the higher frequency signals this wire is covered with an insulated foil cover whenever current flows it maintains a constant distance between the conductor and the next layer and then a shielded wire that prevents the interference of noise in between the transmission and at last the plastic cover that protects the whole cable from any outer disturbances. Hence, a coaxial cable carries a signal in a way that when the current enters the centre copper wire as well as the metal shield. The metal conductors at that point generate a magnetic field. The insulators help the signals not to come in contact with each other, they also the signal from outside magnetic fields. In this way, the signal is carried over larger distances without much loss.

Coaxial Cable Standards: These cables are categorized by their radio government (RG) ratings and each RG number denotes a unique set of physical specifications. Example, 

RG-59        75 ohm           Cable TV

RG-58        50 ohm           Thin Ethernet

Application

Some applications of Coaxial cables:

1. Digital telephone networks
2. Analog telephone networks
3. Cable TV networks
4. Ethernet LANs

Merits

• The cost of coaxial cables is less as compared to fibre optic cables.
• It has a higher data transmission rate.
• It can be used in both analog and digital transmissions.
• Higher frequency applications can use coaxial cables for better performance.

Demerits

• For long distances, the cost of these cables will be higher.
• The size of these cables is usually bulky because of various layers of metal as well as copper and plastic.
• The data transmission in long distances is poor.

Fiber-optic cables

Also known as optic fiber cables are highly efficient and advanced data transmission cables that allow the transfer of data in a very large volume. Fiber optic cables allow data transmission with the help of electrical signals. These are thin pipes made up of glass or plastic known as optic fibers and data or information flows via light in these cables. With higher bandwidth and high-quality performance optic fiber cables are best suited for long-distance data transfer and communication.

Types of Fibre-Optic Cables;

• Single-mode Fibres: It is capable of one way transmission with a rate of almost 50 times more than multimode fibres. Used in small scale companies and in local area networks also.
• Multimode Fibres: It has higher bandwidth and cable of two-way transmission capable of higher data transmission. Used in local area networks, corporate sectors and private networks also.

Working of fiber-optic cable: Fiber optic cables carry information via light so at the transmitting side the light source is first encoded with data or information and then the data starts flowing in the core of the fiber optic cable in a complete bouncing manner with a complete internal reflection then there is cladding that helps the light to remain inside the cable after reaching the receiver side the data is then decoded like the original. So basically fiber optic is a form of transmission media for the transfer of data via light with higher bandwidth and a higher rate of transmission.

It consists of five major parts named as: core, Cladding, Coating, Strengthening, and Outer jacket.

Here, Core is a thin part of the glass of the optic fibre cable and cladding is the insulation around the core and coating is the protective layer for optical fibre and the strengthening part allows protection to the core and at last outer jacket for the whole optic fibre tube.

Application 

Some applications of Fibre-optic cables.

• One of the most popular and important uses of Fibre -optic cables is the INTERNET.
• Television broadcasting These cables are very much suitable for transmitting signals for high-definition televisions because of their greater bandwidth and speed.
• Surgical operations in medical these cables are used in various fields of medicine and research purposes as their cost is low as compared to other cables.
• It is used in industries and in defence services also these cables are of great use.

Merits

• Long durability: These have long durability of almost 100 years.
• Low cost: Due to the cheaper cost these cables are in high demand usually of more use.
• Greater bandwidth and speed: Higher speed and great bandwidth help in faster and even smoother data transmission.
• Light signals: In the same fiber cable light signals of one fiber and the other do not interfere with each other which is not in the case of other cables.

Demerits

• Delicacy: Fibre-optic cables are more delicate as compared with copper wires. If bent too much these cables can be damaged easily.
• Installation Cost: The installation process is cost-effective as it requires machines and specialists team for the setup of the fiber cables.
• Low power: Since data flows via light in these cables power supply is limited, and for high power emitters cost would be more.

Read More