Security and Privacy in a Networked World/Networking

NOTE: This topic makes use of Wikipedia articles to provide the basic understanding of the matters. These articles deal with technology and are not much disputed, having reached the common knowledge stage. They also provide some good links for further study under the reference sections.

Basics

The Internet as we know it today is actually not a single network but rather a mosaic of various networks that "speak the same language" in the TCP/IP protocol. It connects very different computers with very different purposes and services, yet the common principle is packet switching - the information sent over the network is divided into units called packets which are sent towards the destination independently. In case of a "roadblock" (e.g. a part of network has failed) the packets are re-sent over different routes until they successfully reach the destination.

Of networking hardware, the following are more important to the users:

Network interface (NIC) - commonly known as the "network card", the device that allows a computer to connect to networks (there are different interfaces for different types of networks). Most today's computers have at least one NIC for Internet connection, mobile devices (Laptops, tablets, smartphones) typically have a wireless network interface. NICs are identified by MAC addresses.
Hub - in simple terms, it is a connection box for multiple network cables, forming what is called a network segment. Hubs typically also act as repeaters - devices that clean the signal from noise and amplify it.
Switch can be (with some simplification) thought as a hub with "traffic cop skills" - it can filter and direct traffic between different NICs based on their MAC addressses.
Bridge - a device to connect different networks or their segments.
Router - a device that forwards packets between networks. Today, many home networks use routers between the local network at home and the larger network of the service provider.

READ MORE: https://en.wikipedia.org/wiki/Computer_network

Typical network settings in workstations/laptops

Today, most ordinary users connect to Internet via either broadband DSL or cable networks, or via various wireless networks. Earlier technologies having fallen out of use include dial-up and ISDN connections.

READ MORE: https://en.wikipedia.org/wiki/Internet_access

Most connections are made using the DHCP protocol which obtains the connection data automatically from a server - thus the computer user does not need to set up anything in order to connect. However, in some places, static connections are used that need the following data to be entered:

IP address - the "Internet address" of the computer (more exactly, its NIC; a computer can have two or more NICs, with one IP address for outer network and another for the local network behind the computer). Note that in case of DHCP, the address can be constant, change infrequently or with every session, depending on the configuration of the DHCP server.
netmask - typically similar in appearance to the IP address (four numbers separated by dots), this identifier defines the subnetwork that the data is routed to. The most typical case is 255.255.255.0 - in a simplified explanation, this denotes a network where only the last part of the IP address varies (e.g. 192.168.1.1 to 192.168.1.24).
gateway - the IP address of the device (computer, router etc) that connects the local network to a larger network.
name server - the IP address of a server that matches the "machine-style" IP addresses to their "human-readable" names (e.g. 193.40.254.28 is the main web server of Tallinn University of Technology, with www.ttu.ee as its human-readable address). Typically, several name servers are used for robustness. In case of all name servers failing, the "human-readable" addresses will not work - however, the actual servers can be still reached using their IP addresses (provided that the problem was just with the name servers and not other network services).

Addressing

Note: while a newer version of Internet Protocol, version 6, has been around for some time, currently most production systems still use the older version 4. To keep things simpler, we will stick to the older standard.

IPv4 addresses consist of four blocks (called octets) of decimal numbers from 0 to 255. Originally, the first octet contained the address of a network, the remainder was the host address. As Internet quickly grew, it was soon found lacking. In 1981, a new system called classful networking was introduced that divided networks into five classes.

Table: classes of networks in Internet, 1981-1993

Class	Address Range	Reserved Private Addresses	Use
A	1.0.0.0–127.255.255.255	10.0.0.0–10.255.255.255	Generic networks
B	128.0.0.0–191.255.255.255	172.16.0.0–172.31.255.255	Generic networks
C	192.0.0.0–223.255.255.255	192.168.0.0–192.168.255.255	Generic networks
D	224.0.0.0–239.255.255.255	none	multicast
E	240.0.0.0–255.255.255.255	none	reserved

In 1993, the system was replaced by the Classless Inter-Domain Routing (CIDR). One of the main problems was that the difference between the address blocks of Class B and Class C networks was too large - the blocks of 256 in Class C were too small for many bigger enterprises, while the 65536 of Class B was too large.

CIDR allows for a more dynamic allocation of addresses. The main notation consists of the base IP and an added prefix (technically, the correct term would be "suffix" - as it follows the main body - but the original one has been kept). While the notation appears decimal (e.g. 192.168.0.0/22), the prefix actually indicates the number of bits in the binary form of the address that are allocated to the network.

Perhaps the easiest way to calculate the address space for every CIDR address is

2^{32 - prefix} (note: for the newer IPv6 standard, use 128 instead of 32)

e.g. 192.168.100.0/22 has 2^32-22 = 2¹⁰ = 1024 addresses, running from 192.168.100.0 to 192.168.103.255.

Another method to alleviate the shortage of IPv4 addresses has been the use of private (inner) networks using the Network Address Translation (NAT). This has made possible using similar inner address blocks behind a single outside IP address, typically given to a router. Probably the most common such address block is the 192.168.0.0/16 or from 192.168.0.0 to 192.168.255.255.

Finally, the special address 127.0.0.1 is usually used for loopback, essentially meaning "the computer itself" regardless of its actual address.

READ MORE: https://en.wikipedia.org/wiki/IPv4

Additional reading and links

LAN 101: Networking Basics. http://www.tomshardware.com/print/local-area-network-wi-fi-wireless,reviews-3020.html
KEHOE, B. Zen and the Art of Internet. http://www.cs.indiana.edu/docproject/zen/zen-1.0_toc.html (a classic document, but partially out of date for now)
KOZIEROK, C. M. The TCP/IP Guide. http://www.tcpipguide.com/
CERT Tech Tips for Home Network Security. http://www.cert.org/historical/tech_tips/home_networks.cfm
TCP/IP FAQ. http://www.itprc.com/tcpipfaq/

Study and Blog

NBǃ Instead of blogging, e-mail a short report (exact details are not needed) about the tasks to the supervisorǃ

Send an e-mail message to another address of yours (if you have only one, you can get a temporary one at http://www.mailinator.com/). Turn on the display of mail headers in your e-mail client software ("Show headers", "Source" or something similar) and find out as much as possible about the route of the message.
Install a plugin for your web browser that shows the HTTP headers (e.g. https://addons.mozilla.org/en-us/firefox/addon/live-http-headers/ for Mozilla Firefox, https://chrome.google.com/webstore/detail/live-http-headers/iaiioopjkcekapmldfgbebdclcnpgnlo for Google Chrome). Use the plugin on a web page (e.g. the course page at Wikiversity) to find out the information that is moved between the web server and the client (browser).
For those who tried Kali Linux in the previous topicː use the Wireshark utility to study cookies stored in the client by various web pages.

Back to the main course page