Computer Networking
Networking is a decisive factor for the successful working of today’s entire information systems. There are lots of networking examples around you, such as TV or Cable networks, Telephone networks, Railway networks, Cellular phone’s networks, Post & Telegraph networks, etc. But most important networking example is Computer Networks, because it plays vital roles in some forms in other networking examples.
Mental Health Awareness - a toolkit for supporting young minds
Computer Networking
1. Computer Networking
1.1 INTRODUCTION
-1-
Networking is a decisive factor for the successful working of today’s entire information
systems. There are lots of networking examples around you, such as TV or Cable networks,
Telephone networks, Railway networks, Cellular phone’s networks, Post & Telegraph networks,
etc. But most important networking example is Computer Networks, because it plays vital roles
in some forms in other networking examples.
Computer networking is one of the mile stone in Information and Communication
Technology (ICT) or in the electronic evolution since the invention of the desktop computers.
The most basic form of computer network is made up of two computers, connected by some
form of cable in order to exchange information more quickly and efficiently. But in broad view a
computer network is a group of number of connected computers that allow the sharing of
information and peripherals beyond the limits of geographical area.
Through this chapter objective is to present aspects of computer networks, from a brief
overview to all the major technologies exist related to it from communication channels,
topologies, protocols, network devices, terms related to networks etc. All the content presented
in this chapter is systematic, to the point related to the topic and presented complete scenarios.
1.2 COMPUTER N ETWORK
A computer network is a collection of computers (at least two computers) and
peripheral devices (the network components such as: printers, large disks etc.) connected by
communication links (includes communication media such as copper wire, fiber optics,
microwave, radio waves etc. as well as satellite, routers, gateways, repeaters, hubs etc.) that
allow the network components to work together.
The communication among network components are governed by a set of rules called
protocols. The network components may be located at many remote locations or within the
same office. In any case, data communication is the glue that holds the network together.
1.3 NEEDS OF A COMPUTER NETWORK
A computer network serves five important purposes:
1. Sharing Hardware Resources
Computers that are not networked cannot effectively share resources. A computer
network allows anyone connected to the network to use the hardware resources (such
2. as printer, fax, scanners, hard-disk space etc.), not just the individual sitting at the
computer to which the hardware resource is attached.
2. Sharing Information
A lot of information (text or graphic images) is moved within any organization.
Computer network allows information to be shared via electronic transfer. The
information must be kept consistent and secure as well as timely access must be given
to those who need the information.
3. Preserving Information
A computer network also allows for information to be backed up to a central or various
decentralized locations. Important information can be lost by mistake or by accident,
when a stand-alone computer has no backup.
4. Protecting Information
Computer networks also provide a more secure environment for important information.
Computer networks provide various additional security layers for protecting sensitive
data and information such as:
¾ Identification and Authentication (Layer-1)
¾ Access Control System (Layer-2)
¾ Audit Control (Layer-3)
Other security measures include:
¾ Antivirus Software
¾ Gateway/ Firewall System
¾ Intrusion – Detection System
5. Electronic Mail
Rather than exchanging memos and directives on paper, engaging printing costs and
delays, computer network user can instantly send messages to others and even check to
see whether their messages has been received via electronic mail implementation.
1.4 USES OF COMPUTER NETWORK
Use of computer networks can be categorized as:
¾ Computer Networks for Individuals
There is lot of examples in which people uses computer networks in some
forms, such as:
Accessing remote information (web surfing, search for some data
with the help of search engines like Google etc.) over internet.
Person to person communication (chatting, email exchange, video
calling etc.) over internet.
Various types of electronic reservations (railway, airline ticket
reservations/cancellations etc.).
Electronic cash withdraw/transfer (use of Debit/Credit cards, bank’s
NEFT/RTGS schemes, core banking facilities etc.).
3. Use of interactive entertainments (online games, on demand video
on web etc.).
¾ Computer Networks for Organizations
Computer networks affects the organization’s entire working culture,
provides these benefits:
Resource sharing: expensive peripherals, software, host, data etc
over it.
Provide flexibility of equipment locations.
Integration of data processing and office automation.
Improved response/ performance.
Multiple interconnected systems disperse functions and provide
backup capability and as a result improved reliability/ availability/
survivability.
Better and rapid communication among widely separated or
remotely located employees.
Save money in various forms such as use of less paper etc.
Provide a broad customer/ vendor support.
1.5 CATEGORIES OF COMPUTER NETWORK
Based on transmission technologies computer networks can be categorized as:
¾ Broadcast Networks
¾ Point-to-Point Networks
1. Broadcast Networks
Broadcast networks have a single communication channel that is shared by all the
computers or machines on the network. Short messages called packets are sent by any
computer or machine and are received by all others computers or machines. An address field
within the packet specifies for whom it is intended. Upon receiving a packet, a computer or
machine checks the address field. If the packet is intended for itself, it processes the packet; if
the packet is intended for some other computer or machine, it is just ignored. A good example of
broadcast network is an Ethernet; a bus topology based local area network.
Broadcast networks generally also allow the possibility of addressing a packet to all
destinations by using a special code in the address field. When a packet with this code is
transmitted, it is received and processed by every computer or machine on the network. This
mode of operation is called broadcasting.
Some broadcast networks also support transmission to a subset of the machines,
something known as multicasting.
Examples of some other semi computerized broadcast networks are:
¾ High Definition or Direct to Home (DTH) television networks.
¾ Cellular Networks
4. 2. Point-to-Point Networks
Point-to-point networks consist of many connections between individual pairs of
computers or machines. To go from the source to destination, a packet on this type of network
may have to first visit one or more intermediate computers or machines. When a packet is sent
from one computer or machine to another intermediate computer or machine, the entire packet
is stored at each intermediate computer or machine, stored till the output line is free and then
forwarded to the next level. Routing programs play an important role in this type of networks.
Examples of point-to-point networks are: LAN (Local Area Network), MAN
(Metropolitan Area Network), WAN (Wide Area Network), Internet.
Broadcast and point-to-point network can be combined or individually forms some
special networks.
1.6 TYPES OF COMPUTER NETWORK
Based on the area covered by a network, computer networks can be categorized as:
¾ Local Area Network (LAN)
¾ Metropolitan Area Network (MAN)
¾ Wide Area Network (WAN)
1. Local Area Network (LAN)
LAN is a most popular form of computer network, in which computers within a limited
distance, perhaps within the same building or within the same office are interconnected with a
common communication medium. LANs are restricted to a limited geographical area, generally
less than 10 miles or 16 kilometers. LANs are basically implemented to allow sharing of data as
well expensive software or hardware resources like printers etc. with a high transmission rate
around several Mbps.
If a LAN covers all computing devices from different sections or departments spread
over a campus, e.g., University campuses then these LANs are known as Campus Area Networks
(CAN).
Usually LANs are wholly owned by any individual or by an organization such as a
department or company. Example of LAN includes all small networks from cyber cafe, computer
centre, educational institutes etc.
Ethernet, Token Ring is some connectivity technologies popular in LAN
implementations. Restricted geographical area, fast inter computer communication, low error
rate, complete departmental ownership are the hallmarks of a LAN.
Fig: Local Area Network (LAN)
5. 2. Metropolitan Area Network (MAN)
If a network spanning a physical area larger than a LAN but smaller than a WAN, such as
a city then this is called Metropolitan Area Network (MAN). It is an extended face of LAN, in
which computing devices spread over a city are interconnected with communication mediums
to form a network. Geographical area for MAN lies between 16 km to 50 km generally covers
towns and cities. In this type of networks data is transmitted over one or two cables.
A MAN is typically owned and operated by a single entity such as a government body or
large corporation, means it may be private or public. Normally MAN connects offices in a city.
Cable TV network in cities are a good example of MAN.
3. Wide Area Network (WAN)
Some networks may connect computers separated by hundreds or thousands of miles,
from one end of a country to another end, generally covers very large distances (states,
countries, continents). A WAN is a geographically-dispersed collection of LANs.
Fig: Wide Area Network (WAN)
Internet, Indian Railway reservation system, Bank networks that supported core
banking, etc. are some good examples of WAN. The Internet is the largest WAN, spanning the
Earth. Most WANs (like the Internet) are not owned by any one organization but rather exist
under collective or distributed ownership and management.
ATM, Frame Relay, and X.25 are some connectivity technologies used in WANs over the
longer distances.
Private Network
If any network designed specifically for and used completely by an individual
organization is known as private network.
6. Internet
The Internet or simply Net is a collection of interconnected computer networks which is
publicly accessible worldwide. It is made up of thousands of commercial, academic, domestic,
and government networks. It provides appearance of widespread connectivity. It carries various
information and services, such as interlinked web pages, e-mail, online chat, electronic
commerce and other documents of the World Wide Web.
In October 29, 1969 at UCLA the “eve” network of today’s Internet come into existence,
known as ARPANET, which gained a public face in 1990s. By 1996 the word “Internet” was
common and over the course of the decade, Internet successfully accommodated the majority of
previously existing public computer networks.
Personal Area Network
A personal area network (PAN) a type of LAN, is a computer network used for
communication among computer devices (including telephones and personal digital assistants)
close to one person. The devices may or may not belong to the person in question. The reach of
a PAN is typically a few meters. PANs can be used for communication among the personal
devices themselves (intrapersonal communication), or for connecting to a higher level network
and the Internet (an uplink).
Personal area networks may be wired with computer buses such as USB and FireWire. A
wireless personal area network (WPAN) can also be made possible with network technologies
such as IrDA, Bluetooth, UWB, and ZigBee.
A Bluetooth based PAN is also called a piconet, and is composed of up to 8 active devices
in a master-slave relationship (a very large number of devices can be connected in "parked"
mode). The first Bluetooth device in the piconet is the master, and all other devices are slaves
that communicate with the master. A piconet typically has a range of 10 meters, although ranges
of up to 100 meters can be reached under ideal circumstances.
Recent innovations in Bluetooth antennas have allowed these devices to greatly exceed
the range for which they were originally designed.
Intranet
An intranet is a network within an organization that uses Internet technologies to
enable users to find, use, and share documents and Web pages, that is using Internet inside
corporate network is referred to as intranet. Today business houses uses intranet to
communicate with their employees. By the some large companies, intranets are used as the
primary way for employees to obtain and share work-related documents, share knowledge,
collaborate on designs, access e-learning and learn about company news.
Like Internet, Intranet also uses traditional TCP/IP based internet protocols to transfer
data. Intranets usually reside behind firewalls, for security regions, and are not limited by
physical location - anyone around the world can be on the same intranet. Intranets also link
users to the outside Internet, and with the proper security in place may use public networks to
transfer data.
Intranets have been around for awhile and their importance and functionality has
grown steadily over the years as the Internet and the technologies it uses become a more
integral part of business.
7. Extranet
Extranet is a network that connects any company with their customers and partners. A
company has to work with the other organizations on the network, so that it’s available to
specific people or groups outside of an organization. Extranets requires more security and
technical consideration because they have to send private information securely over public
networks.
1.7 ELEMENTS OF A COMPUTER NETWORK
Each and every computer networks is made up of by using these basic elements:
1. Workstations
Workstation means any computer(s) attached to a computer network. Based on their
roles workstations can be categorized as:
A. Servers
Servers are special workstations in a network which perform or provide services to
other machines or workstations on the network. In contrast, resources attached to a server are
shared by all users of the network. Broadly, any workstation that can supply services to other
workstations can perform server functions. More than one server may be attached to a network,
with each server providing a different function or one server fulfilling several roles. Special type
of operating systems is used on servers, called Network Operating System (N.O.S.). Based on
which type of services provided by this special class of workstations, servers can be categorized
as:
¾ File Servers
¾ Print Servers
¾ Database Servers
¾ Web Servers
¾ Mail Servers
¾ Communication Servers, etc.
Type of Servers
¾ Dedicated Servers
These types of computers are fully devoted to perform network or server functions
and are not available as user workstations. Dedicated servers generally provide
better performance and system integrity than non-dedicated servers. Large
networks usually require dedicated servers.
¾ Non-dedicated Servers
These types of servers can act as an individual workstation even while it performs
network or server functions. Under light load, performance of non-dedicated servers
may be slightly less than that of a workstation; under heavy processing demand the
individual user of the server may find work impossible.
Some servers are capable of operating in both dedicated and non-dedicated mode,
depending on the user selection.
B. Client or User Workstations
8. All other workstations except servers are called client or user workstations.
Using these computers an end user can request for a service to the servers or perform
its own local task on those computers.
2. Communication Links
Without using communication links no any computer network can be exist. To connect
computers and/or peripheral devices (like printers, large disks etc.) we need some type of
communication media or channel (either wired or wireless) as well as from Network Interface
Cards to other special communication devices such as repeaters, hubs, routers, bridges,
gateways, etc. required for large setups of networks. These communication channels and
devices are presented in details in the other parts of this chapter.
3. Protocols
The communication among network components are governed by a set of rules called
protocols. The protocols in human communication are separate rules about appearance,
speaking, listening and understanding. All these rules are also called protocols of conversation,
represent different layers of communication. They work together to help people to successfully
communicate.
The need for protocols also applies to network devices as well. Even more layers are
used in computer networks. The number of layers depends on which system of network
protocols you choose to use. The system of network protocols is sometimes referred to as the
network model.
Network engineers have written rules for communication that must be strictly followed
for successful host-to-host communication. In term of networking, protocol is a convention or
standard that controls or enables the connection, communication and data transfer between
two computing devices. In its simplest form, a protocol can be defined as the rules governing the
syntax, semantics and synchronization of communication. Protocols may be implemented by
hardware, software or a combination of these two.
Most protocols specify one or more of the following properties:
¾ Detection of the underlying physical connection (wired or wireless), or the
existence of the other endpoint or node.
¾ Handshaking.
¾ Negotiation of various connection characteristics.
¾ How to start and end a message.
¾ How to format a message.
¾ What to do with corrupted or improperly formatted messages (error
detection and correction policy).
¾ How to detect unexpected loss of the connection, and what to do next.
¾ Termination of the session or connection.
1.8 COMMUNICATION MEDIA OR CHANNELS
9. Communication media/ medium/ channel or transmission media/ channel are the
backbone of a network, without using this it is not possible to connect computing resources and
existence of network is never possible. Signals are transported through communication
channels from one place to another place. It broadly falls in two basic categories:
1. Wire-based Transmission Channels
¾ Twisted Pair wire (Shielded or unshielded)
¾ Baseband Co-axial cable
¾ Broadband Co-axial cable
¾ Fibre Optic
2. Wireless Transmission Channels
¾ Microwave Transmission
¾ Infrared Transmission
¾ Laser Transmission
¾ Radio Wave Transmission
Except above mentioned basic categories, we can also classify transmission channels
into two categories:
¾ Guided Transmission Channels
Above mentioned wire-based transmission channels fall under this category.
¾ Unguided Transmission Channels
Above mentioned wireless transmission channels fall under this category.
Twisted Pair Wire
It is a form of copper cable that consists of one to four pairs of colour coded insulated
copper wires that are twisted together in pairs and enclosed in a protective outer insulated
cover (PVC jacket).
Gauge (thickness) of the base wire varies as does the number of twists per foot (1 foot =
12 inches). The twist in the cable standardizes the electrical properties throughout the length of
the cable and minimizes the interference created by adjacent wires in multi-pair cable.
Fig: Twisted Pair Wire
Twisted pair cables come as either Unshielded Twisted Pair (UTP) (generally used in
Ethernet or Fast Ethernet environments) or the less popular Shielded Twisted Pair (STP)
(generally employed for Token Ring networks and sometimes for Gigabit Ethernet
installations).
Highlights of Twisted Pair Wires:
10. ¾ It can be used in bus, star, and ring topologies.
¾ Its reliability is excellent.
¾ It is least expensive transmission channel.
¾ It is very simple, easy to install, easy to tap, very flexible, light weighted.
¾ Narrow bandwidth, suitable for low speed, low demand devices.
¾ Support data transfer rate of up to 4 Mbps.
¾ Require repeaters to carry data over long distances.
Co-axial Cable
Co-axial cables are of two types. Although they are similar in construction, but their
installation and applications are differ.
A. Baseband Co-axial Cable
In baseband co-axial cable, a central carrier wire is surrounded by a fine woven mesh of
copper which forms an outer shell. The space between the central carrier wire and outer shell is
insulated to separate the two conductors and to maintain the electrical properties. The entire
cable is covered by protective insulation to minimize electrical emissions. The cable is usually
3/8 inch in diameter.
Fig: Baseband Co-axial Cable
Highlights of Baseband Co-axial Cables:
¾ Frequently used for bus topology.
¾ Its reliability is good to excellent.
¾ Its installation cost is comparable to twisted pair.
¾ It may be interchanged with twisted pair for many, but not all, purpose.
¾ Carries a single digital signal at a very high data rate; up to 10 to 12 Mbps
¾ Only carry baseband signal due to low transmission frequency. Bits are put
directly on the cable without modulation.
B. Broadband Co-axial Cable
Broadband co-axial cable comes in various different diameters with varying amount of
insulation. The cable may have the same construction as baseband co-axial expect that in this
type of cable an aluminium sleeve is used in place copper mesh. The central carrier is
surrounded by an aluminium sleeve, which forms an outer shell. The space between the core
11. wire and the outer shell is filled with insulation and the whole is enclosed with a protective coat
of an insulated material.
Fig: Broadband Co-axial Cable
Highlights of Broadband Co-axial Cables:
¾ It can carry 50 to 100 television channels, thousands of voice and low speed data
channels together at rates of 9.2 to 50 Kbps.
¾ It is suitable for high frequency, wide bandwidth, and high-speed applications.
¾ The cost factor makes broadband co-axial impractical for small networks.
¾ It reliability is highly dependable on reliability of individual parts (amplifiers).
¾ Star or tree topologies are suggested with this.
¾ The cable itself is not very expensive, but system costs are high due to initial
equipment and maintenance costs.
Fibre Optic Cable
It is relatively a new transmission medium for networking. Light signals are transmitted
through a cable or waveguide composed of a bunch of glass or transparent plastic fibres. Each
individual strand (strip of fibre) has a center core of transparent plastic or glass with a high
refractive index, surrounded by a cladding layer (overcoat) with a slightly lower index. The
cladding layer isolates the fibres and prevents interference between adjacent strands, as well as
providing some physical protection for the core. The whole usually is enclosed by additional
protective outer layers which play no role in the actual transmission.
Fig: Fibre Optic Cable
Three basic types of fibre optic cables are available:
¾ Single Mode Fibres
¾ Step-Index Multimode Fibres
¾ Graded-Index Multimode Fibres
Table: Comparison Chart of three types of Fibre Optics
12. Single Mode Step-Index Multimode Graded-Index Multimode
Used Light Source Laser LED or Laser LED or Laser
Bandwidth
Extremely wide
(3 to 50 GHz/km)
Wide
(up to 200 MHz/km)
Very wide
(200 MHz/km to 3 GHz/km)
Typical Application
Telecommunication
long lines
Computer data links
Moderate length telephone
lines
Cost Most expensive Least expensive More expensive
Core’s Diameter (in μm) 2 to 8 50 to 125 50 to 125
Cladding’s Diameter (in μm) 15 to 60 125 to 440 125 to 440
Highlights of Fibre Optic Cables:
¾ It is not suitable for small installations, where cost is a major factor.
¾ Particularly suited for applications which require very-high speed data and
video transmissions.
¾ It is used for long distance transmissions, other cables are not appropriate.
¾ It is best suited for star and ring topologies.
¾ It provides an extremely high data transfer rate over 1 Gigabit per second,
potentially unlimited bandwidth, extremely high reliability and high quality
output.
¾ It is thin, light weighted, very flexible and extremely resistant to ordinary
transmission hazards.
¾ It has a long life.
¾ Currently its implementation cost is very expensive.
¾ It is a best choice for applications where security is mandatory.
Wireless Transmission Channels
Networks using electromagnetic or light waves to connect PCs and network components
are known as wireless networks. They are gaining world-wide popularity due to high labour
charges involved with ordinary wire-based network installations, maintenance and moves,
additions and changes.
The benefits of wireless network will include flexibility, portability, modest cost,
movable installation and multiple system interconnectivity.
Applications may involve Point-to-Point Communication, Point-to-Multipoint
Communication, Broadcasting, Cellular Networks and other next generation wireless networks,
such as MANET (Mobile Ad hoc Network), WSN (Wireless Sensor Network), etc.
13. Fig: Electro Magnetic Spectrum layout
The electromagnetic radiation spectrum starts with the longest waves (including those
in the audible range) and extends through radio waves and the visible light, which is effectively
a very small part of the spectrum, all the way to the extremely short wavelengths such as
radioactive radiation.
Wireless communication spans the spectrum from 9 kHz to 300 GHz. There are basically
four types of technologies used in wireless networks. These are:
1. Radio Waves
Radio waves are electromagnetic waves occurring on the radio frequency portion of the
electromagnetic spectrum. A common use is to transport information through the atmosphere
or outer space without wires. Radio waves are distinguished from other kinds of
electromagnetic waves by their wavelength.
Radio waves are divided up into bands by frequency (and corresponding wavelength).
Radio waves provide a wide bandwidth from 3 Hz to 300 GHz (wavelength 1 mm to 100,000
Km). This table presented some familiar radio bands (used by us during TV channel tuning):
Table: Some familiar Radio wave bands
Band Name Frequency and Wavelength in Air Application Area
Very Low Frequency
(VLF)
3 to 30 kHz
100 km to 10 km
Submarine communication, avalanche
beacons, wireless heart rate monitors,
geophysics
Very High Frequency
(VHF)
30 to 300 MHz
10 m to 1 m
FM, television broadcasts and line-of-sight
ground-to-aircraft and aircraft-to-aircraft
communications
Ultra High Frequency
(UHF)
300 to 3000 MHz
1 m to 100 mm
Television broadcasts, microwave ovens,
mobile phones, wireless LAN, Bluetooth,
GPS and Two-Way Radios such as FRS and
GMRS Radios
14. For establishment of secure communications, increasing resistance to natural
interference and jamming, and to prevent detection, Spread-spectrum is a commonly used
technique in which a signal is transmitted on a bandwidth considerably larger than the
frequency content of the original information. This technology operates at 2 Mbps.
2. Infrared Light Waves
Infrared (IR) radiation is electromagnetic radiation whose wavelength is longer than
that of visible light. The name means "below red" (from the Latin infra, "below"), red being the
color of visible light with the longest wavelength. A longer wavelength means it has a lower
frequency than red, hence below. Infrared radiation has wavelengths between about 750 nm
and 1 mm.
Infrared light waves are used to provide the light for optical fiber communication
systems. IR data transmission is also employed in short-range communication among computer
peripherals and personal digital assistants. These devices usually conform to standards
published by IrDA, the Infrared Data Association. Remote controls and IrDA devices use infrared
light-emitting diodes (LEDs) to emit infrared radiation which is focused by a plastic lens into a
narrow beam.
It offers greater security and immunity from interference. It operates at 16 Mbps.
Infrared communications are useful for indoor use in areas of high population density. Free
space optical communication using infrared light waves can be a relatively inexpensive way to
install a communications link in an urban area operating at up to 4 gigabit/s, compared to the
cost of burying fiber optic cable. IR does not penetrate walls and so does not interfere with
other devices in adjoining rooms.
The biggest disadvantage is that its signals are easily blocked.
3. Microwaves
Microwaves are electromagnetic waves with wavelengths ranging from 1 mm to 1 m, or
frequencies between 300 MHz and 300 GHz. It promises high bandwidth, security and immunity
from interference. It has the capability to operate at 15 Mbps. However, the connectivity boxes
for computer networks are not yet compact enough.
Uses of Microwave in Communication:
¾ Before the advent of fiber optic transmission, most long distance telephone calls
were carried via microwave point-to-point links.
¾ Wireless LAN protocols, such as Bluetooth specifications, use microwaves in the
2.4 GHz ISM band.
¾ Metropolitan Area Networks protocols, such as WiMAX (Worldwide
Interoperability for Microwave Access) operate between 2 to 11 GHz.
¾ Wide Area Mobile Broadband Wireless Access (MBWA) protocols operate
between 1.6 and 2.3 GHz to give mobility and in-building penetration
characteristics similar to mobile phones.
¾ Cable TV and Internet access on coaxial cable as well as broadcast television use
some of the lower microwave frequencies.
¾ Some mobile phone networks, like GSM, also use the lower microwave
frequencies.
15. ¾ Microwave radio is used in broadcasting and telecommunication transmissions
because, due to their short wavelength, highly directive antennas are smaller
and therefore more practical than they would be at longer wavelengths (lower
frequencies).
¾ Typically, microwaves are used in television news to transmit a signal from a
remote location to a television station from a specially equipped van.
4. Laser Transmission
Communication laser are generally very low powered and narrowly focused beams of
light, invisible to the naked eye that rely on sensitive receiving equipment. The equipment is
marketed in both narrowband and broadband versions. Laser communication provides a high
degree of inherent security.
Table: Comparison of Various Communication Mediums.
Communication Medium Speed Cost
Twisted Pair Wire 300bps – 10Mbps Low
Microwave 256Kbps – 100Mbps
Co-axial Cable 56Kbps – 200Mbps
Optical Fibre 500Kbps – 10Gbps High
Bluetooth
Bluetooth is a standard and wireless communications protocol primarily designed for
low power consumption, with a short range (power-class-dependent: 1 meter, 10 meters, 100
meters) based on low-cost transceiver microchips in each device. Bluetooth enables these
devices to communicate with each other when they are in range.
Bluetooth technology facilitating data transmission over short distances from fixed
and/or mobile devices and capable to create wireless personal area networks (PANs). The
intent behind the development of Bluetooth was the creation of a single digital wireless
protocol, capable of connecting multiple devices and overcoming issues arising from
synchronization of these devices. Bluetooth provides a way to connect and exchange
information between devices such as mobile phones, telephones, laptops, personal computers,
printers, GPS receivers, digital cameras, and video game consoles.
Bluetooth device class indicates the type of device and the supported services of which
the information is transmitted during the discovery process.
Class Maximum Permitted Power (mW/dBm) Range(approximate)
Class 1 100 mW (20 dBm) 100 meters
Class 2 2.5 mW (4 dBm) 10 meters
Class 3 1 mW (0 dBm) 1 meter
Highlights of Bluetooth
¾ Bluetooth is a personal area network (PAN) standard.
¾ Originally specified to serve applications such as data transfer from personal
computers to peripheral devices such as cell phones or personal digital assistants.
16. ¾ Bluetooth uses a star network topology that supports up to seven remote nodes
communicating with a single base station.
¾ It uses a secure, globally unlicensed Industrial, Scientific, and Medical (ISM) 2.4 GHz
short-range frequency band.
¾ Bluetooth enable devices uses a radio communications system, so that they do not
have to be in line of sight of each other, and can even be in other rooms, as long as
the received transmission is powerful enough.
Prevalent applications of Bluetooth include
¾ Wireless control of and communication between a mobile phone and a hands-free
headset. This was one of the earliest applications to become popular.
¾ Wireless networking between PCs in a confined space and where little bandwidth is
required.
¾ Wireless communications with PC input and output devices, the most common being
the mouse, keyboard and printer.
¾ Transfer of files between devices.
¾ Replacement of traditional wired serial communications in test equipment, GPS
receivers, medical equipment, bar code scanners, and traffic control devices.
¾ For controls where infrared was traditionally used.
¾ Sending small advertisements from Bluetooth enabled advertising hoardings to
other, discoverable, Bluetooth devices.
¾ Seventh-generation game consoles, e.g., Nintendo's Wii and Sony's PlayStation 3 use
Bluetooth for their respective wireless controllers.
¾ Dial-up internet access on personal computer or PDA using a data-capable mobile
phone as a modem.
Satellite Link
A satellite is an object that orbits or revolves around another object. For example, the
Moon is a satellite of Earth, and Earth is a satellite of the Sun. Here we will discuss about human-made
satellites or artificial satellites that orbit or revolves around Earth. They are highly
specialized wireless receiver/transmitters that are launched by a rocket and placed in orbit
around the Earth.
The Space Age started with the launch of the world’s first artificial satellite Sputnik-I, on
4th Oct., 1957 by the Soviet Union, opened up a new era of practical use of the outer space. The
use of artificial satellites in earth orbits is now a well established and integrated part of the
world’s communication networks.
Two Stations on Earth want to communicate through wireless communication channel
but they are too far away to use conventional means. The two stations can use a satellite as a
relay station for their communication. Satellite link or communication is one particular example
of wireless communication systems. Systems of this type rely on a network of ground-based
transmitters and receivers. They are commonly referred to as 'terrestrial' systems as opposed
to satellite systems.
Satellite communications systems differ from terrestrial systems in one obvious and
important aspect - the transmitter is not based on the ground but in the sky: the transmitter
here consists of a ground-based part called the uplink, and the satellite-based part that 'reflects'
17. the signals towards the receivers. This part is called the transponder. Because it's positioned in
the space, it is able to serve a very large geographical area. This has several advantages.
A satellite system comprises the satellite itself, the earth or ground stations used to
operate and control them, and the links between them.
¾ Earth or ground station is the common name for every installation or the
collection of equipments, located on the Earth's surface and intended for
communication (transmission and/or reception) via one or more satellites: the
antenna (often a dish) and the associated equipment (receiver/decoder,
transmitter).
¾ One type of ground station is the control station, which monitors the health and
status of the satellite, sends it commands of various kinds, and receives data sent
by the satellite. Satellites are monitored and controlled from their ground
stations. All satellites require a link to and from the ground to perform
“telemetry, tracking, and command” (TT&C) functions. Handheld devices for
mobile satellite telephony, briefcase satellite phones, satellite TV reception are
other forms of earth or ground stations.
¾ Communications form the link between the satellite and its ground stations or
other satellites. This system generally consists of a receiver, transmitter, and one
or more radio antenna. The term link refers to a path used to communicate with
the satellite (and is sometimes used to refer to the communication itself):
Uplinks transmit signals from a ground station to the satellite.
Downlinks transmit signals from the satellite to a ground station.
Crosslinks transmit signals from satellite to satellite.
Telemetry, tracking, and command (TT&C) link is the part of the uplink
and downlink used to control a satellite’s function and monitor its health.
Within broad range of electromagnetic spectrum, the International
Telecommunications Union (the United Nations institution that regulates
worldwide use of airwaves) has allocated parts of the spectrum that are suitable
for and dedicated to transmission via satellite. Some of these bands are
exclusively dedicated to satellite transmission; others are shared with terrestrial
transmission services. The satellite transmits and receives on radio frequencies
mainly in the microwave band, that is, 3 to 30 GHz.
Satellites are used for many purposes such as:
¾ Communications satellites act as relay stations in space. They are used to bounce
messages from one part of the world to another. The messages can be telephone
calls, TV pictures or Internet connections.
The most familiar use of satellites is television broadcasting. TV satellites
deliver hundreds of television channels every day throughout the world.
DTH (Direct-to-Home) or DBS (Direct Broadcast via Satellite) is gaining
popularity in India. In which the TV programs are aimed at the consumer
and transmitted in such a way that residential customers can buy and
install the equipment to receive the programs at the lowest possible
expense.
18. Telecom operators have been using satellite communications for many
years to carry long-distance telephone communications, especially
intercontinental, to complement or to bypass submarine cables.
¾ Remote-sensing satellites study the surface of the Earth.
¾ Weather satellites record weather patterns around the world.
¾ Many satellites in orbit conduct scientific experiments and observations.
¾ GPS satellites are used for navigation almost everywhere on Earth, means used
to determine the exact latitude, longitude and altitude of an object in the world.
The advantages of satellite communication over terrestrial communication are:
The coverage area of a satellite greatly exceeds that of a terrestrial system.
Transmission cost of a satellite is independent of the distance from the center of
the coverage area.
Satellite to Satellite communication is very precise.
Higher Bandwidths are available for use.
The disadvantages of satellite communication:
Launching satellites into earth’s orbit is very costly.
Satellite bandwidth is gradually becoming used up.
There is a larger propagation delay in satellite communication than in terrestrial
communication.
1.9 NETWORK INTERFACE CARD (NIC)
Network Interface Card (NIC) is the means by which the workstations are connected
functionally and physically to the network. It is microprocessor based device containing
hardware and software which supply the intelligence to control access to and communication
across the network and to perform all communication processing.
The NIC provides transmission and data control, formats the data into manageable units,
translates the data rate and protocols of the attached workstation to that of the network
communication medium and vice versa as well as supplies address recognition capabilities.
Details of network operation are hidden from users of the attached workstations. Technically,
two parts of the NIC can be identified:
¾ Communication Interface is the unit which logically interfaces to the network
and performs all transmission related or network oriented functions.
¾ Host Interface, containing computer specific functions. It supplies the connection
between a specific workstation’s internal circuitry and the communication
interface.
19. Fig.: Network Interface Card (NIC) Fig: Position of NIC in a computer network
Depending on the vendors and use, it may also be called as network card, network
adapter, network interface unit (NIU), LAN cards. Ethernet card is an example of a NIC.
Note: For most LANs, the NIC for all workstations are identical.
1.10 OSI REFERENCE MODEL
In, 1978, the ISO (International Standard Organization) introduced a model for Open
System Interconnection (OSI). The idea of OSI is that any two open systems (computers who
want to involve in data exchange over network) should be able to exchange data with the
minimum of difficulty.
The OSI model is not by itself a standard nor is it literal description of computer
communication. While it defines where to perform tasks, it does not detail how to perform
them. This is a reason, it is sometime known as OSI reference model.
The OSI model has basically seven tiers, stacked one upon the other, which reflects a
certain function at each layer.
Fig: Seven Layers of OSI model with Layer numbering
Each layer in the structure provides a defined set of services for the layer above and
requests specific services from the layer below. Layers are defined by function: protocols are
20. defined to control the processes managed by each layer. Relationships between layers and the
information that must be passed between layers are identified.
User data comes into the top layer (application layer) and travels through the various
layers of protocols until it finally goes over the physical transmission medium. It then travels to
the destination node and begins its travel up the layers of the protocols on the remote system
until it reaches the destination program on the remote system. This same order happens on all
communicating systems for the duration of communication between nodes.
Fig: Data Flow in OSI Model
As the data passes downward from application layer, each layer adds its header with
data. Data with headers is then passed down to the physical layer, where it is actually
transmitted to receiving computer. On the receiving computer, the various headers are stripped
off one by one on respective layers and finally data reaches to the receiving process.
The entire model is divided into three sub sections:
¾ The upper three layers (application, presentation, and session) are concerned
with the needs of the application.
¾ The lower three layers (network, data link, and physical) making the connection.
¾ The transport layer exists to overcome possible mismatch between the service
requested by the upper layers and the service provided by the lower layers.
Application Layer
This uppermost layer of OSI model provides services to the user programs such as file
transfer, directory services, resource sharing and device redirection, network management,
inter-process communication support, remote procedure call support, electronic messaging
including e-mail support etc.
Presentation Layer
The presentation layer serves as the data translator for the network. It performs
generally useful transformations on data to provide a standardized application interface and to
provide common communication services; such as data encryption or decryption, character-code
translation (such as ASCII to EBCDIC or vice versa), data conversion (such as bit order),
data compression or decompression, formatting or reformatting, colour conversion (multi
colour to grey scale or vice versa) etc.
21. Session Layer
It provides the control structure for communication between applications; establishes,
manages and terminates connections (sessions) between cooperating applications; simplex, half
duplex, full-duplex. It also performs other support functions that allow process to communicate
over the network, such as user authentication and resource-access security.
Transport Layer
The transport layer makes sure that messages are delivered in the order in which they
were sent and that there is no loss or duplication. That is, this layer provides reliable,
transparent transfer of data between end points; provides end-to-end error recovery and flow
control. It removes the concern from the higher layer protocols about data transfer.
Network Layer
Provide upper layers with independence from the data transmission and switching
technologies used to connect end systems. It is responsible for routing and congestion control. It
determines which physical path the data takes, based on the network conditions, the priority of
service and other factors. Also resolves the logical computer address with the physical NIC
address, if necessary.
Data Link Layer
It provides error-free transfer of data frames from one computer to another over the
physical layer. The layers above this layer can assume virtually error-free transmission over the
network. Major functions provided by this layer include: establishing and terminating a logical
link, controlling frame flow, sequentially transmitting and receiving frames, providing and
expecting frame acknowledgment, managing media access to determine when the computer is
permitted to use the physical medium.
Data Link Layer can be subdivided into two sub-layers:
A. Logical Link Control (LLC) sub-layer
This upper sub-layer hides the differences between the various kinds if
networks by providing a single format and interface to the network layer.
B. Medium Access Control (MAC) sub-layer
This sub-layer provides all the means how to access different physical
transmission channels for communication.
Physical Layer
It is concerned with transmission of unstructured, raw bit stream over physical
medium: involves such parameters as signal voltage swing (pattern of signal representing a
binary 1 or 0, i.e., encoding scheme) and bit duration; deals with the electrical, optical,
mechanical and procedural characteristics to establish, maintain and deactivate the physical
link.
1.11 TCP/IP PROTOCOL SUITE
The letter “TCP/IP” stands for two communication protocols, TCP for Transmission
Control Protocol and IP for Internet Protocol, but it is most often used as a shorthand term of
the whole communication architecture which is much bigger set of standards than just TCP and
IP. It is a widely used comprehensive set of communication protocols which is vendor
independent. Apart from OSI Reference model, it is a physical implementation that provides all
the facilities for two computer systems to exchange information over a network.
22. The TCP/IP family uses four layers while OSI uses seven layers. The TCP/IP and OSI
systems differ from each other significantly, although they are very similar on the network and
transport layers.
Fig: Comparison of TCP/IP and ISO OSI network models
The TCP/IP protocol suite is deliberately designed to be independent of the underlying
physical medium. Networks which uses TCP/IP protocol suite, is known as TCP/IP based
networks. It is also the native language of the Internet. This protocol suite is normally in-built
with most of the operating systems.
TCP/IP is a four layer communication architecture that provides all reasonable network
features.
Fig: TCP/IP Protocol Suite
ARP – Address Resolution Protocol, RARP – Reverse Address Resolution Protocol, ICMP –
Internet Control Message Protocol, IP – Internet Protocol, TCP – Transmission Control Protocol,
UDP – User Datagram Protocol, HTTP – Hyper Text Transmission Protocol, SMTP – Simple Mail
Transfer Protocol, FTP – File Transfer Protocol, Telnet – remote terminal login, BOOTP – Boot
Protocol, TFTP – Trivial File Transfer Protocol, NFS – Network File System.
23. In above figure of TCP/IP protocol suite, only few protocols are presented because it is
not possible to present whole at here.
Transmission Control Protocol (TCP)
TCP provides a highly reliable, connection oriented, end-to-end transport services
between processes in end systems. It works in full duplex mode. The connection persists even
when neither party is speaking. TCP provides the facility of error recovery, sequencing of
packets, and flow control by the windowing method, and the support of multiplexed
connections from the layer above. This transport protocol is responsible for carrying all web
pages, e-mails, various documents, etc.
User Datagram Protocol (UDP)
UDP provides a connectionless transport services to applications. UDP is a packet-oriented
service. It does not provide two-way connections, does not have any form of
congestion control, and does not guarantee that packets will be delivered in same order they
were sent. This transport protocol is responsible for carrying voice over internet or internet
telephony, live video streams over internet, online games, etc.
Internet Protocol (IP)
This protocol is the backbone of TCP/IP protocol suite. IP is a delivery protocol. IP
routes data packets from one machine to another. It is a very simple protocol, with no
mechanism for end-to-end data reliability, flow control or sequencing. It specifically allows for
the fragmentation and reassembly of the data-grams at the network. Various additional
protocols like ICMP, considered as an integral part of it and enhancing additional features.
1.12 IDENTIFYING COMPUTER AND USERS OVER A NETWORK
Through this section we explore how to identify a computer hardware, software or a
user over a network. From network point of view, hardware is managed within the link layer of
the TCP/IP architecture, whereas the higher-level protocols do not know or care about the
specific hardware being used.
As we know that data travels on a network in form of packets, burst of data with a
maximum length imposed by the link layer. Each packet consists of a header and a payload. The
header tells where the packet came from and where it is going. It can also include checksums,
protocol specific information, or other handling instructions.
The payload is the data to be transferred. The name of the primitive data unit depends
on the layer of the protocol. At the link layer it is called a frame, at the IP layer a packet, and at
the TCP layer a segment.
As a packet travels down the protocol stack in preparation for being sent, each protocol
adds its own header information. Each protocol’s finished packet becomes the payload part of
the packet generated by the next protocol. This nesting is known as packet encapsulation. On
the receiving machine, the packet encapsulation is reversed as the packet travels back up the
protocol stack.
Table: Addressing methods adopted at various layers of TCP/IP model
Layer name Addressing Method
Application Layer Host name /domain name
Host-to-Network Layer Hardware (MAC Address)
Internet IP Address
24. Transport Layer Port Number
Application Layer Addressing
¾ Host names function as addressing method in this layer.
¾ For Example: abc@gmail.com
¾ The host names are mapped to IP address by using Domain Name Server (DNS) or
the host name file.
¾ For large networks, a DNS can be used for performing the mapping between the host
name and IP address.
Host-to-Host Layer Addressing
¾ Port number is used as the addressing method in this layer.
¾ Port number can be considered as interface point to this layer.
¾ Some of the port numbers and the mapped application services are:
TCP Port Number Application Layer Service
23 Telnet
25 SMTP
80 HTTP
110 PoP3
Internet Layer Addressing
¾ Any device must have the following to communicate with other devices on an IP
network:
IP address
Subnet Mask
Broadcast address
Several addressing schemes are used in combination:
¾ MAC (Medium Access Control) addresses for Hardware
¾ IP addresses for Software
¾ Hostnames for User or People
Each NIC has a link layer MAC address that distinguishes it from other machines on the
physical network, an IP address that identifies it on global Internet, and a hostname that is used
by human beings.
MAC Address
The lowest level of addressing is dictated by network hardware. As we know that,
Network Interface Card (NIC) is the means by which the workstations are connected
functionally and physically to the network. NIC manufacturers assigns a unique physical
address to each NIC, this physical address is known as Medium Access Control (MAC) address.
25. For example, Ethernet and Token Ring NICs are assigned a unique 6-Byte hardware
address or MAC address at the time of manufacturer. A 6-Byte Ethernet address is divided into
two parts:
¾ The 1st three bytes identify the manufacturer of the hardware; this is assigned to
manufacturers by the IEEE Society.
¾ The last three bytes are a unique serial number that is assigned by the NIC
manufacturers.
Some Ethernet cards let us to specify the hardware address. In wireless NIC cards
hardware address should be permanently assigned.
You can find your computer’s MAC address on window based computer by just typing
ipconfig /all, and then press Enter at command prompt. If your computer has more than one
NIC, then the MAC address of each NIC is listed separately.
IP Address
IP (Internet Protocol) addresses are globally unique and hardware independent, it
identifies a computer that is connected to a network or the Internet. Two types of IP addresses
exist. The vast majority of today’s network uses version four of the IP protocol (i.e., IPv4), but
sixth version of IP (i.e., IPv6) is also gaining popularity. IPv4 address is 4-Bytes (32 bits) long,
whereas IPv6 address is 16-Bytes (128 bits) long. Here we discuss only IPv4.
IPv4 address is divided into a network part and a host part. The network part identifies
a logical network to which the address refers, and the host part identifies a machine on that
network.
Fig.: Format of the IP address
By convention, IP addresses are written as decimal numbers, one for each byte,
separated by periods (dots) such as 171.200.75.66, but internally computer converted it into
binary format.
IP addresses are divided into five address classes (A to E), depending on the 1st bits of
the leftmost byte. The class determined which bytes of the address resides in the network
portion (denoted by N) and which resides in the host portion (denoted by H).
Table: Different IP address Classes and their Descriptions
Class Class Bits
Number of
Network Bits
1st Byte Format Remark
A 0 7 1-126 N.H.H.H
Reserved for very early networks or for DOD.
Value 0 is special while 127 is reserved for
loopback address.
B 10 14 128-191 N.N.H.H Used for large sites.
C 110 21 192-223 N.N.N.H Easy to get, often obtained in sets.
D 1110 - 224-239 - Multicast address, not permanently assigned.
E 1111 - 240-255 - Experimental addresses.
26. Table: Maximum Number of Hosts supported by IP address Classes
Network Class Maximum Number of Supported Hosts
A 16,777,214
B 65,534
C 254
D and E -
Some IP addresses, such as 127.X.X.X (X.X.X is any set of numbers), network number of
all 0s, host number of all 1s, full address 0.0.0.0, and full address 255.255.255.255 are reserved
for special purposes.
In window based computers, if are connected with your ISP (Internet Service Providers,
like Reliance, Tata, BSNL, Airtel etc.) then at the command prompt just type ipconfig and then
press Enter to find your computer's IP address.
Note:
[1] It is not necessary that you have a permanent IP address on the Internet; some
computers are given a different IP address each time they connect to the Internet via
its ISP. Due to large number of computers connected day by day to the Internet, ISPs
uses few IP addresses to serve many customers means our computer's IP address is
always changing on the Internet.
[2] It is an ARP (Address Resolution Protocol) of TCP/IP protocol suite which translates IP
address to Hardware address whereas its reverse is done by RARP (Reverse Address
Resolution Protocol).
Ports
IP addresses are not specific enough to address a particular processes or services. TCP
and UDP extend IP addresses with a concept known as a “port”. A port is 16-bit number
that supplements an IP address to specify a particular communication channel.
Standard services such as email, FTP, and the web all associate themselves with “well
known” ports.
Table: Some popular web services and their port numbers
Services Port No.
WhoIS 43
FINGER 79
FTP 21, 22
SMTP 25
HTTP 80
Domain Name
All applications that provide communication between computers on the Internet use IP
addresses to identify communicating hosts. However, IP addresses are difficult for human users
to remember. That is why we use the domain name instead of an IP address. For each IP
address, there is the name of a domain name. This domain name can be used in all commands
where it is possible to use an IP address. (One exception where only an IP address can be used is
27. the specification of an actual name server.) A single IP address can have several domain names
affiliated with it.
DNS (Domain Name System)
The entire Internet is divided into domains, i.e., name groups that logically belong
together. In networking terminology, a domain is a set of computers on a network that share a
common database as well as a security policy. Each domain has a unique name and
administrated as a single unit with common rules and procedures. The domains specify whether
the names belong to a particular company, country, and so forth.
The domain name consists of strings separated by dots. The name is processed from left
to right. The highest competent authority is the root domain expressed by a dot (.) on the very
right (this dot is often left out). The last part of all URLs is called as top-level domain name
(TLD). Top Level Domains (TLDs) are defined in the root domain. We have two types of TLDs:
¾ Generic Top Level Domain (gTLD)
Table: Some well known gTLDs
Registered gTLDs Assigned for
.com Commercial community.
.org The noncommercial community.
.aero Members of the air transport industry.
.biz Businesses.
.gov Government bodies.
.edu Educational bodies.
¾ Country Code Top Level Domain (ccTLD)
It is normally have two letters, representing individual countries. However
ccTLD are used mostly outside the USA.
Table: Some known ccTLDs
Registered ccTLDs Assigned for
.uk United Kingdom.
.in India.
.cz Czech Republic.
.jp Japan.
.ca Canada.
.au Australia.
Domain Name Resolution (Process of finding IP Address from a Domain Name on
Internet)
The relationship between the name of a computer and its IP address is defined in
the Domain Name System (DNS) database. The DNS database is distributed worldwide.
Each website has both a user friendly logical address, known as URL (Uniform
resource Locator) as well as a physical IP address. People on Internet use URLs to find a
website, whereas a computer uses IP addresses to find websites. A DNS server translates
logical address (URL) into its physical address (IP address) and vice versa.
28. When we type a web address into address bar of our web browser and
press Enter key, it means we are sending a query to a DNS server. For example, if
you type http://www.jnu.ac.in in address bar of your web browser, then your computer
sends a request to a DNS server. Now it is the DNS server’s responsibility to translate the
URL into an IP address so that your computer can find the Jawaharlal Nehru University
web server.
Fig: Steps during finding of a website or a computer over the Internet.
On window based computer system you can find DNS name by just typing
nslookup domain name (for example, nslookup jnu.ac.in), and then press Enter, at
the command prompt.
Note:
[1] For obtaining domain name, your computer must be connected with Internet.
[2] It is possible that concept of TLDs will be outdated in near future due to mass
increase of websites.
[3] It is possible to create subgroups within a domain that are called sub-domains.
1.13 NETWORK TOPOLOGIES
Topology is the layout of the connections formed between computers. To some extent
the reliability and efficiency of a network is determined by its structure or topology.
We can define a network topology as “A fashion or a manner in which computer and
associated peripherals are connected via communication channels”.
There are four basic network topologies:
¾ Bus Topology
¾ Star Topology
¾ Ring topology
¾ Mesh Topology
29. These are also called as pure network topologies. By modifying or combining some of
the characteristics of pure network topologies, a more useful variant may be obtained. These
combinations are called hybrid topologies. Some popular hybrid topologies are:
¾ Star-Bus Topology
¾ Star-Ring Topology
¾ Tree or Rooted Tree Topology
Bus Topology
In a bus topology, all workstations are connected to a single shared communication link
through interface units. Messages are broadcast along the whole bus. In order to receive a
transmission, the workstations must be able to recognize their own address. Devices attached to
a bus therefore must possess a high degree of intelligence or have the required intelligence
provided by the bus interface.
Fig: The Bus Topology
Signal strength problems are commonly handled by limiting the length of the cable
segments and the number of attached workstations. On some networks, amplifiers or repeaters
may be used to maintain strength and clarity of the signal.
Only one computer at a time can send a message, therefore the number of computers
attached to a bus network can significantly affect the speed of the network. A computer must
wait until the bus is free before it can transmit (this concept is known as CSMA - Carrier Sense
Multiple Access).
It is a passive topology means that the data is transmitted in both directions of common
shared cable and the electric signal from transmitting computer is free to travel the entire
length of the cable in both directions. To stop the signal from ringing back and forth,
terminators at the both ends are required. The terminator absorbs the un-received messages
travels in electrical form.
Example: Ethernet LAN
Advantages of Bus Topology
¾ This topology has an inherent simplicity that makes it very consistent from
hardware point of view.
¾ Short cable length decreases the installation cost and also leads to a simple and
easy to maintain wiring layout.
30. ¾ Additional nodes can be connected to an existing bus network at any point along
its length as well as use of repeaters allows it to travel a longer distance, means
it is very easy to extend a bus network.
Disadvantages of Bus Topology
¾ In this topology fault diagnosis and its isolation is very difficult because control
of the network is not centralized.
¾ If the backbone cable of bus network is extended by using repeaters,
reconfiguration is necessary which involves tailoring cable lengths, adjusting
terminators etc.
¾ Large number of computers attached to a bus network can significantly affect
the speed of the network.
¾ Since messages are broadcast along the whole bus, in order to receive a
transmission, the workstations must be able to recognize their own address.
Devices attached to a bus therefore must possess a high degree of intelligence or
have the required intelligence provided by the bus interface.
ETHERNET
Ethernet was originally developed and patented in 1975, began as a research project to
link personal workstations at the Xerox Palo Research Centre. The most appealing features of
the Ethernet are its protocol simplicity, and relative low-cost and elegant implementation of LAN
system which meets the following desirable characteristics of a local networking facility :
High flexibility, i.e., easy adaptability when devices and system to be added or removed.
This is due to the bus topology and the cable tapping facility of Ethernet. The transmission
medium and access control is easily extensible with minimum service disruption.
High reliability which assures the continuation of the operation of the network in failure
of one or more active nodes like PC or terminal or workstation etc. This is due to the passive
feature of Ethernet cable. Moreover, there is no centralized control but distributed control in
Ethernet.
The traffic will be bursty in nature. In office and engineering environment, nature of
data is frequently bursty, and ironically Ethernet cable was specially made for office
automation, although not in general.
Some important points about Ethernet
¾ The Ethernet is a broadcast LAN. All nodes can listen each and every message
transmitted on the net.
¾ The Ethernet is itself a hardware system.
¾ Ethernet is a passive system. This means that the system is powered by connected nodes
only. Ethernet cable is also passive. This makes the system more reliable.
¾ The Ethernet is terminated at both ends with 50 ohms special terminators, and is made
grounded on one end only to earth. Terminators prevent the signals being reflected back
down the cable causing interference.
31. Table: Specification of Ethernet
Parameter Value
Topology Bus
Medium or Cabling Co-axial
Access Method CSMA/CD
Data Rate 10Mbps
Maximum end-to-end length
coverage using repeater/bridges
2.5 KM
Nodes per segment 100
Maximum segment length 500 M
Number of Maximum nodes 1024
Transmission mode Baseband
Data encoding scheme Manchester
Size of address field 6 byte
Error Control Mechanism No
Star Topology
In a star configuration, each workstation is connected to a central node or server
through a dedicated point-to-point channel. Messages are passed from a workstation to another
via central node or server.
Control of the network may be allowed in one of three ways:
¾ Control resides in the central server which performs all routing of messages
(Centralized Server Approach).
¾ Control may be exercised by an outlying workstation rather than the central
device. The central node operates as a switch, establishing connections between
workstations. (Use of Hub as central node).
¾ Control may be distributed equally to all workstations. The server is used to
route messages to their destinations and to resolve conflicting between
workstations.
In all three cases the central node or server is the critical point; if it fails the entire
network stops. The central node or server provides a logical location for directly attaching the
major shared resources.
32. Fig: The Star Topology
Advantages of Star Topology
¾ It has a number of concentration points which provides ease of service as well as
reconfiguration.
¾ Due to centralized control, fault detection and fault isolation is very easy.
¾ Failure of one node does not affect entire network functioning.
¾ The star topology eliminates the need for each workstation to make routing
decisions.
¾ Access protocols in star topology is very simple than all other forms.
Disadvantages of Star Topology
¾ Since all nodes are individually connected to central node or server thus long
cable length is required.
¾ Due to direct dependency on central node or server, expansion of network is
difficult.
¾ Size and capacity of the network is a direct function of the power of the central
node or server, which introduces heavy reliability and redundancy constraints
on central node or server.
¾ Central node or server failure causes entire network failure.
Ring Topology
In a ring topology an unbroken circle of point-to-point connections of adjacent
workstations exist. Messages travel from workstation to workstation in a round robin fashion.
Workstations are connected to the cable through an access unit which is connected to a
repeater, which in turn retransmits message addressed to other workstations.
33. Like bus topology, in order to receive messages, each workstation must have some form
of intelligence to recognize its own address. However, no routing capability is required at the
workstations as messages automatically travel to the next workstation on the network. After
passing each node, it returns to the originating node if not received by anyone in the network
and then it is that node’s responsibility to remove it. Originally, information flow on the ring
was strictly in one direction. Now, two channel rings transmit information in different
directions on each of the two channels.
Fig: The Ring Topology
Advantages of Ring Topology
¾ Short cable length is required similar to a bus of same number of nodes.
¾ Terminators are not required at the ends.
¾ Space for wiring closets are not required because only one common cable
connecting each node to its immediate adjacent.
¾ With fibre optics it supports very high speed transmission around 100 Mbps,
often used for network backbones in a LAN or MAN (FDDI).
Disadvantages of Ring Topology
¾ Since it is a node’s responsibility to forward traffic to the next adjacent thus
node failure causes network failure.
¾ Since a node failure causes network failure thus fault detection and isolation is
very difficult.
¾ In this form of topology, topology affects the access protocol because each node
has a responsibility to pass on data that it receives means the access protocol
must take this into account that the medium is available before any transmission
of same direction.
¾ Expansion of network or reconfiguration is difficult because it is not possible
shutdown a particular portion of ring while other portions are working.
34. TOKEN RING
A popular LAN technology, developed by IBM. In this topology the network continuously
circulates a special bit pattern known a s a token. Holding the token confirms the right to
communicate. Only the workstation holding the token can put a message onto the network.
Control of the network is decentralized. At the destination, the receiving workstation reads the
message, marks the token as copied and generates an empty token and continues passing it.
Each token contains network information, includes a header, a data field and a trailer.
Table: Specification of Token Ring
Parameter Value
Topology Ring
Medium or Cabling Shielded or Unshielded twisted pair
Access Method Token Passing
Data Rate 4 Mbps or 16 Mbps
Maximum end-to-end length
coverage using repeater/bridges
Not specified (a maximum of 250
repeaters are allowed)
Number of Maximum nodes 72 (Unshielded), 260 (Shielded)
Transmission mode Baseband
Data encoding scheme Differential Manchester
Size of address field 6 byte
Error Control Mechanism No
Mesh Topology
It is a basic topology nothing special required connect any node to any other one. The
mesh topology is distinguished by having redundant links between devices. A true mesh
configuration has a link between each device in the network. As we imagine, this gets
unmanageable beyond a very small number of devices. Most mesh topology networks are not
true mesh networks. Rather, they are hybrid mesh network, which contain some redundant
links, but not all.
Fig: The True Mesh Topology
35. Mesh topology networks become more difficult to install as the number of devices
increases because of the sheer quantity of connections that must be made.
A true mesh of only six devices would require 15 connections (5 + 4 + 3+ 2 + 1). A true
mesh of seven devices would require 21 connections (6 + 5 + 4 + 3+ 2 + 1) and so on.
Advantages of Mesh Topology
¾ Easy to troubleshoot and very fault-tolerant.
¾ Media failure has less impact than any other topologies.
¾ Guaranteed communication channel capacity.
Disadvantages of Mesh Topology
¾ Difficulty of installation and reconfiguration.
¾ Cost of maintaining redundant links is very high.
Star-Bus Topology
It is achieved by linking several star hubs together with bus trunks. If one computer
fails, the hub can detect the fault and isolate the computer. If a hub fails, computers connected to
it will not be able to communicate, and the bus network will be broken into segments that
cannot reach each other.
Fig: The Star-Bus Topology
Advantages of Star-Bus Topology
¾ Easy to extend, since it is divided into sub modules thus it is easier to add new
nodes or branches to it.
¾ Fault isolation is easy, since it is possible to disconnect a single node from a sub
module or entire module from the main structure.
Disadvantages of Star-Bus Topology
¾ Dependent on the hub, if hub fails then the entire sub module is inoperable.
Star-Ring Topology
36. This configuration consists of a number of concentration points connected together in a
ring. These concentration points would in practice, consist of wiring closets. From each closets,
nodes are connected in a star configuration using some or all of the connection points.
Electrically, the star-ring operates exactly the same way as a normal ring. The difference
is that the physical wiring is arranged as a series of interconnected stars.
Fig: The Star-Ring Topology
Advantages of Star-Ring Topology
¾ The presence of concentration points in the network greatly eases fault
diagnosis. Offending concentration point can be easily isolated, leaving the
network fully functional.
¾ Ease of expansion because each concentration can have extra unused lobes
which can be added upon later, if needed.
Disadvantages of Star-Ring Topology
¾ Intelligent concentration points required, this will be necessary if it assist in
network fault diagnosis, node isolation or conversion from one form of
transmission medium to another.
¾ Considerably large amount of cable required.
Tree Topology
Technically, a tree is a bus network comprised of a main cable which connects floors in a
building (or various buildings) and branches which connect individual workstations in a more
limited area. In effect, the network is divided into different segments.
This topology is sometimes called a rooted tree and used to refer to a network
employing broadband co-axial cable. An unrooted tree is a baseband network and corresponds
to the general definition of bus.
37. When a node transmits to a node that does not exist in its own branch, then “headend”
receives the signal and rebroadcasts it through the entire network.
Advantages of Tree Topology
¾ Because the tree is of its varying nature, it is easier to add new nodes or
branches to it.
¾ It is possible to disconnect an entire branch from the main structure.
¾ Easier to isolate a defective node from the tree.
Fig: The Tree Topology
Disadvantages of Tree Topology
¾ If the “headend” device fails to operate, the entire network is rendered
inoperable.
1.14 NETWORK DEVICES
Some devices play an important role in expansion of a network, connectivity with other
networks and smooth functioning of network; in this section we highlight some of them.
38. Repeaters
A networking component which is used to extend a network by boosting (amplifying)
and reshaping the signals, so that it can travel farther along the cables.
Signals travelling on transmission medium weaken with distance due to resistant. A
repeater is an amplifier that works at the physical layer of the OSI to regenerate (amplify) the
signal so that it can travel farther.
Repeater are usually used to extend LAN cable distances or connect different media
types, means repeaters can also be used to join dissimilar media such as unshielded twisted pair
(UTP) cabling and shielded twisted pair (STP) cablings, but they cannot be used to join
dissimilar network architectures such as Ethernet and Token Ring.
Fig: Repeaters connect at the Physical Layer
Other than increasing signal strength, repeaters do not filter network traffic in any way.
In particular, they do not block broadcasts, so if we connect two Ethernet segments using a
repeater, we increase the size of the collision domain, which degrades overall network
performance.
Fig: The use of repeaters allows cable lengths to be longer.
Modem
Digital transmission via an analog circuit requires the use of modems to resolve
incompatibility. Modem is used to convert data from digital to a form that can be transmitted or
read over a telephone line.
39. Each modem normally performs these four different functions:
1. Digital to Analog Conversion
When a computer wants to send the data, it is in the form of digital, so to transmit over a
telephone line it is required to convert it in analog form. The electronic circuit which converts
digital signal into analog one is known as Digital to Analog Convertor (DAC).
2. Modulation
A process of mixing useful transmitted signal with the unwanted high frequency signal,
which carries the useful signal over long distances is known as modulation. An electronic
circuit which performs modulation is known as modulator.
3. Analog to Digital Conversion
In this process demodulated analog signals is converted into digital form for computer’s
use.
4. Demodulation
When a modem reads signals over a telephone line, the signals are in modulated form.
Demodulation is the process by which the useful frequency (modulating signals) is extracted
from the carrier frequency (modulated signals).
Fig: Internal parts of a Modem
The designs and capabilities of modems are quite varied. Modems can be either external
or internal.
External modem is a box type device, separate from the computer and connected to the
computer’s NIC by a cable.
Internal modem is very neat and convenient and attached on the expansion slots of
computer’s motherboard. NIC functions are mostly inbuilt with this type of modems.
Both types of modems are equipped with microprocessors, memory chips and special
communication chips. Such modems are intelligent modems. They can be programmed to
automatically perform dialing, answering and disconnecting features.
Hub
The hub is the basic networking component used in traditional star topology networks
to connect network workstations to form a LAN. Hubs can be used for:
¾ Connect about a dozen computers to form a workgroup or departmental LAN.
¾ Connect other hubs in a cascaded star topology to form a larger LAN of up to
roughly a hundred computers.
40. Fig: A Hub
The hub receives signals from one station and sends to all other stations connected to
the hub. Hubs can be either active or passive.
In active hubs (which all of today’s hubs are), the signal received from one port, is
regenerated (amplified) and retransmitted to other ports on the hub. Thus these types of hub
perform the function of a repeater and are sometimes called multiport repeaters, which drive
distant nodes upto 1 km away. Maximum distance covered by an active hub is about 2000 foot.
Passive hub is a passive distribution point which does not use power or active devices in
a network to connect upto 4 nodes within a very short distance. Maximum distance covered by a
passive hub is about 300 foot.
Hubs generally have various LED indicator lights to indicate the status of each port, link
status, collisions and so on.
There are numerous types of hubs for various specialized uses. These include the
following: Minihubs, Workgroup hubs, Stackable hubs, Intelligent hubs, etc.
Switch
Switches are the devices that connect LANs at the data link layer of OSI model. Their
purpose is to join two different physical networks in a way that makes them seem like one big
physical network. Switches work in the same way as hubs, but they can identify the intended
destination of the information that they receive, so they send that information to only the
computers that are supposed to receive it. Switches do not require software, but rather receive,
regenerate, and retransmit packets in hardware.
Most of the switches use a dynamic learning algorithm. They notice which source
addresses come from one port and which come from another. Packets are forwarded between
ports only when necessary. At first all packets are forwarded, but in a few seconds the switch
has learned the location of most hosts and can be more selective. Day by day switches keep
getting smarter as more functionality is built into their firmware. Some can be used to monitor
security on the network. Switches can send and receive information at the same time, so they
can send information faster than hubs can. Switches are little bit costlier than hubs
41. Fig: Switches connect at the Data Link Layer
If your home network has four or more computers or you want to use your network for
activities that require passing a lot of information between computers (such as playing network
games or sharing music), you should probably use a switch instead of a hub.
Bridge
Bridges connect similar or identical LANs, that is two networks connected via a bridge
are physically separate networks, but logically a single network. As well as, like repeaters,
bridges can also be used to connect LANs using different media. Bridges connect LANs together
at the Data Link Layer of the OSI model.
Fig: Bridges connect at the Data Link Layer
Specifically bridges connect at the MAC sub layer of the Data Link Layer and are often
referred to as MAC-layer bridges.
The bridges act as an address filter, picking up packets from one LAN that is intended for
a destination on another LAN and passing those packets on. The bridge makes the decision to
relay a frame on the basis of destination’s MAC address. Bridges are transparent to the network
layer protocols being used on the network.
Router
42. A device used to connect two networks that may or may not be similar. Routers connect
LANs that use the same network layer protocol, such as IP-to-IP. Routers connect LANs at the
Network Layer of the OSI model. Because routers operate at the Network Layer, they can be
used to link dissimilar LANs, such as Ethernet and Token Ring.
The router employs an internet protocol, present in each router and each host of the
network.
Fig: Routers connect at the Network Layer
Highlights of Routers
¾ A route can support single or multiple network layer protocols.
¾ Like bridges, routers only forwarded traffic addressed to the other side. This
means that local traffic on one LAN will not affect performance on another.
¾ Routers maintain routing table and choose best path.
¾ Routing is more complex and slow than bridging, but provide better network
segmentation.
¾ Supporting LAN and WAN links.
Routers from Proteon, Cisco, Wellfleet and others can route a number of different
protocols.
Gateway
A device used to connect two sets of computers that use two different communication
architectures. The gateways maps from an application on one computer to an application that is
similar in function but differs in detail on another computer, gateways connect all layer of any
protocol architecture at the application layer.
Gateways can connect the two different networks. The gateway assists in transferring
bits from one network to the other. A LAN can also be connected to a Mainframe computer by a
gateway.
A gateway reformats information from one network so that it becomes compatible with
the other network.
43. Fig: Gateway operates at Application Layer of different protocol models
1.15 NETWORK SECURITY ISSUES
Data flow in a networking environment is not secure. Of course, the advent of wired or
wireless networking technology introduces a whole new set of problems. If we really must have
absolute, total, unreachable security, then we need a measurable air gap between our
computers and any other devices. Air gap in this context means “no networking whatsoever”.
There are some steps we can take to make our system or environment somewhat more
resistant to attack. The more secure our system, the more miserable we and our users will tend
to be.
Network security problems can be divided roughly into four intertwined areas:
¾ Secrecy
Secrecy has to do with keeping information out of the hands of
unauthorized users.
¾ Authentication
Authentication deals with determining whom we are talking before
revealing sensitive information or entering into a business deal.
¾ Non repudiation
Non repudiation deals with signatures: how do we prove that the
message we receive is original one. Digital certificate are used to create digital
signature confirms that the document originated from the signer, and the
signature confirms that it has not been altered.
¾ Integrity control
Finally, how can we sure that a message we received was really the one
sent and not something that a malicious adversary modified in transit or
concocted? That is, integrity.
The solution of these problems in a network, each and every layer of OSI has something
to contribute.
44. ¾ Security mechanism at Physical Layer
In the physical layer, wiretapping can be foiled by enclosing transmission
lines in sealed tubes containing argon gas at high pressure.
Wireless intrusion detection system can be used for wireless networks.
¾ Security mechanism at Data Link Layer
In the data link layer, packets on a point-to-point line can be encoded as
they leave one machine and decoded as they enter another.
¾ Security mechanism at Network Layer
In the network layer, firewalls can be installed to keep packets in
(information leaking in, i.e., viruses, worms, and other digital pests can breach
security, destroy valuable data) or keep packets out (information leaking out,
i.e., disclosure of confidential information to a competitor could have dire
consequences).
¾ Security Mechanism with IPv6
With IP version 6, TCP/IP offers several important security features. All
IP version 6 hosts are required to support authentication. In addition, IP has a
well-defined framework for exchanging confidential messages.
¾ Security mechanism at Transport Layer
In the transport layer, entire connections can be encrypted, end to end.
End to end (process to process) encryption at transport layer provide protection
to any number of communication links or intermediate networks. This provides
protection against unauthorized data access during data transmission. Although
these solutions help with secrecy issues none of them solve the authentication or
non repudiation problem in a sufficiently general way.
Most of the OSI layers provide some mechanism for network security, but it is the
application layer which tackles authentication and non repudiation very well via cryptography.
Major Forms of Attacks on Networks
In networking world, a failed attempt to enter the system (no violation committed) is
called an attack.
Generally, attacks can be categorized in two areas:
¾ Passive attacks
The aimed at these types of attacks is gaining access to penetrate the
system without compromising computing resources.
¾ Active attacks
Results in an unauthorized state change of computing resources.
In terms of the relation intruder-victim, attacks are categorized as:
¾ Internal attacks
Attacks coming from own enterprise’s employees or their business
partners or customers.
¾ External attacks
45. Attacks coming from outside world, frequently via the Internet.
Attacks are also identified by the source category, namely those performed from
internal systems (local network), the Internet or from remote dial-in sources).
¾ Intrusion Problems or Access Attacks
Intrusion problems or access attacks are incidents in which many causes, such as
malware (e.g., worms, spyware), attackers gaining unauthorized access to systems from
the Internet, and authorized users of systems who misuse their privileges or attempt to
gain additional privileges for which they are not authorized. These types of attacks or
problems are attacks against secrecy or confidentiality of information or system.
Intrusion detection is “a process of identifying and responding to malicious
activity targeted at computing and networking resources”. An Intrusion Detection
System (IDS) is a defense system, which detects and possibly prevents activities hostile
activities in a network or a hacking attempt in progress including inspection/data
collection phases that involve for example, port scans. Intrusion detection system can
scan a network for people that are on the network but who should not be there or are
doing things that they should not be doing (unusual activity), for example trying a lot of
passwords to gain access to the network. IDS issue alerts notifying administrators
and/or block a suspected connection on unusual activity, as well as IDS tools are capable
of distinguishing between insider and outsider attackers.
Some common intrusion problems or access attacks are as follows:
Snooping
In computer technology, snooping can refer to any program or utility
that performs a monitoring function whereas in security context, snooping is
unauthorized access to another person's or company's data. The practice is
similar to eavesdropping but is not necessarily limited to gaining access to data
during its transmission. Snooping can include casual observance of an e-mail
that appears on another's computer screen or watching what someone else is
typing. More sophisticated snooping uses software programs to remotely
monitor activity on a computer or network device.
Eavesdropping
Eavesdropping is the unauthorized real-time interception or an act of
secretly listening of a private communication of others without their consent.
Eavesdropping can be done over cables (wiretapping), email, instant messaging,
and other methods of communication considered private. For Example: Google’s
keep tracks what are you sending or receiving using its email service Gmail.
Network Eavesdropping or network sniffing is a network layer attack
consisting of capturing packets from the network transmitted by others'
computers and reading the data content in search of sensitive information like
passwords, session tokens, or any kind of confidential information. Network
Eavesdropping is a passive attack which is very difficult to discover.
¾ Denial of Service (DoS) Attacks
46. A "denial-of-service" attack is characterized by an explicit attempt by attackers
to prevent legitimate users of a service from using that service. Denial of Service attacks
is centered on the concept that by overloading a target’s resources, the system will
ultimately crash. Examples include:
Attempts to "flood" a network, thereby preventing legitimate network
traffic.
Attempts to disrupt connections between two machines, thereby
preventing access to a service.
Attempts to prevent a particular individual from accessing a service.
Attempts to disrupt service to a specific system or person.
There are two general forms of DoS attacks:
Those that crash services.
Those that flood services.
Denial-of-service attacks can essentially disable your computer or your network.
A denial-of-service threat attacks the following services: network bandwidth, server
memory, application exception handling mechanism, CPU usage, hard disk space,
database space, database connection pool, etc.
Modes of Attack
Denial-of-service attacks come in a variety of forms and aim at a variety of
services. There are three basic types of attack:
¾ Consumption of Scarce, Limited, or Non-renewable Resources
Computers and networks need certain things to operate: network
bandwidth, memory and disk space, CPU time, data structures, access to other
computers and networks, and certain environmental resources such as power,
etc.
Network Connectivity
Denial-of-service attacks are most frequently executed against
network connectivity. The goal is to prevent hosts or networks from
communicating on the network.
Using Your Own Resources Against You
An intruder can also use your own resources against you in
unexpected ways.
Bandwidth Consumption
An intruder may also be able to consume all the available bandwidth
on your network by generating a large number of packets directed to your
network.
Consumption of Other Resources
In addition to network bandwidth, intruders may be able to consume
other resources that your systems need in order to operate. For example, in
many systems, a limited number of data structures are available to hold
process information (process identifiers, process table entries, process slots,
etc.).
47. There are other things that may be vulnerable to denial of service
that you may wish to monitor. These include: printers, tape devices, network
connections, other limited resources important to the operation of your
organization.
¾ Destruction or Alteration of Configuration Information
An improperly configured computer may not perform well or may not
operate at all. An intruder may be able to alter or destroy configuration
information that prevents you from using your computer or network.
¾ Physical Destruction or Alteration of Network Components
The primary concern with this type of attack is physical security. You
should guard against unauthorized access to computers, routers, network wiring
closets, network backbone segments, power and cooling stations, and any other
critical components of your network.
Physical security is a prime component in guarding against many types
of attacks in addition to denial of service.
Network Security Measures
¾ Anti-Virus Software
Anti-virus software consists of computer programs that attempt to identify,
thwart and eliminate computer viruses and other malicious software (malware).
Most viruses enter a network system through PCs. There are viruses that
specifically attack computer networks, but they are very few and not widespread YET. If
your system contains PCs, your first line of defense is an anti-virus software or
hardware on each client PC. If the client PC does become infected or if a floppy disk on
the client is infected, most often the infection will stop there. In order for the virus to
infect the server, usually the client computer must be logged in as supervisor. In
network software like NetWare, an attempt by a virus to infect the server will usually
result in either the virus being disabled or NetWare being disabled but the server
remains uninfected.
Problems can arise when the server acts a file server and has no protection on
the executable programs residing on the file server. Programs that reside on the server
but are executed at the workstation may become infected. These infected programs can
then transmit the infection to all other workstations executing the infected program. In
these environments, the virus can spread within seconds to all the workstations. A
solution to this is to use an antivirus program like LanProtect that shields out attempts
by viruses to infect from a client to the server. In addition, LanProtect comes with a
scanner that can be programmed to run at a given time each day. There are beginning to
appear more equally good anti-virus software for network servers.
There are not many problems with computer viruses on UNIX based systems
although that may change in the future as the UNIX user-base increases. A related
problem with many computer networks is the other types of programs like Trojan
horses and worms that can infect computer network systems. There is no software to
protect against these kinds of infections, but the common rules of network security
outlined elsewhere in this section will help.
¾ Firewalls
48. Firewalls are systems which help protect computers and computer networks
from attack and subsequent intrusion by restricting the network traffic which can pass
through them, based on a set of system administrator defined rules.
Although the LAN can be considered secure, it may be linked to other networks.
These may be other LANs or WAN. In a simple network environment, all interaction
outside the trusted LAN might be considered as a single security level. In this
environment, a gateway system or firewall computer is needed. This would separate the
trusted system from the untrusted systems or networks outside. All communication
between networks would take place through the gateway computer that protects or
insolates the LAN and security can be concentrated on the gateway computer.
¾ Access Control
Access authorization restricts access to a computer to group of users through the
use of authentication systems.
Once the user has logged onto the computer network, a pre-determined set of
access rights are given to the user. ACS's selectively restrict access to files, directories,
floppy disk drives, and even external ports. These access rights are typically determined
by the systems administrator and are often maintained in a protected database that
should be encrypted. In many environments including UNIX, file and directory access
rights are kept in an inode (information node) which is maintained with the file. For
files and directories, the ability to read, write and execute files can be restricted. These
restrictions can be applied to the owner of the file, all other users or a pre-defined group
of users.
One additional concern is what happens to the protected device when the user is
finished. Can it be reused by another user? If so, it must be erased. For example, the
memory block area just used by one person needs to be overwritten to prevent the next
person from accessing the previous user's data.
In general, the rules for discretionary access control should be based on a "need-to-
know" for information and a "need-to-use" for hardware and software devices. Don't
allow the user access to more than what the user needs.
¾ Intrusion-Detection and Prevention Systems
An intrusion detection system (IDS) can be a device or software application that
automates the intrusion detection process, can scan a network for people that are on the
network but who should not be there or are doing things that they should not be doing,
for example trying a lot of passwords to gain access to the network. An intrusion
prevention system (IPS) is software that has all the capabilities of an intrusion detection
system and can also attempt to stop possible incidents. IPS technologies are
differentiated from IDS technologies by one characteristic: IPS technologies can respond
to a detected threat by attempting to prevent it from succeeding.
General Network Security Recommendations for Making Network More Secure
If you are planning to set up a home or small office network, here are some best
practices you can follow to enhance the security of your computer and as well as network.
The following are general security guidelines for all home and small office networks:
¾ Keep your computer up to date
To help keep the computers on your network safer, turn on automatic updating
of operating system on each computer. Updates provide significant benefits, such as
improved security and reliability.