Security and Privacy in a Networked World/Networking

From Wikiversity

NOTE: This topic makes use of Wikipedia articles to provide the basic understanding of the matters. These articles deal with technology and are not much disputed, having reached the common knowledge stage. They also provide some good links for further study under the reference sections.


Basics[edit]

The Internet as we know it today is actually not a single network but rather a mosaic of various networks that "speak the same language" in the TCP/IP protocol. It connects very different computers with very different purposes and services, yet the common principle is packet switching - the information sent over the network is divided into units called packets which are sent towards the destination independently. In case of a "roadblock" (e.g. a part of network has failed) the packets are re-sent over different routes until they successfully reach the destination.

Of networking hardware, the following are more important to the users:

  • Network interface (NIC) - commonly known as the "network card", the device that allows a computer to connect to networks (there are different interfaces for different types of networks). Most today's computers have at least one NIC for Internet connection, mobile devices (Laptops, tablets, smartphones) typically have a wireless network interface. NICs are identified by MAC addresses.
  • Hub - in simple terms, it is a connection box for multiple network cables, forming what is called a network segment. Hubs typically also act as repeaters - devices that clean the signal from noise and amplify it.
  • Switch can be (with some simplification) thought as a hub with "traffic cop skills" - it can filter and direct traffic between different NICs based on their MAC addressses.
  • Bridge - a device to connect different networks or their segments.
  • Router - a device that forwards packets between networks. Today, many home networks use routers between the local network at home and the larger network of the service provider.



Typical network settings in workstations/laptops[edit]

Today, most ordinary users connect to Internet via either broadband DSL or cable networks, or via various wireless networks. Earlier technologies having fallen out of use include dial-up and ISDN connections.

Most connections are made using the DHCP protocol which obtains the connection data automatically from a server - thus the computer user does not need to set up anything in order to connect. However, in some places, static connections are used that need the following data to be entered:

  • IP address - the "Internet address" of the computer (more exactly, its NIC; a computer can have two or more NICs, with one IP address for outer network and another for the local network behind the computer). Note that in case of DHCP, the address can be constant, change infrequently or with every session, depending on the configuration of the DHCP server.
  • netmask - typically similar in appearance to the IP address (four numbers separated by dots), this identifier defines the subnetwork that the data is routed to. The most typical case is 255.255.255.0 - in a simplified explanation, this denotes a network where only the last part of the IP address varies (e.g. 192.168.1.1 to 192.168.1.24).
  • gateway - the IP address of the device (computer, router etc) that connects the local network to a larger network.
  • name server - the IP address of a server that matches the "machine-style" IP addresses to their "human-readable" names (e.g. 193.40.254.28 is the main web server of Tallinn University of Technology, with www.ttu.ee as its human-readable address). Typically, several name servers are used for robustness. In case of all name servers failing, the "human-readable" addresses will not work - however, the actual servers can be still reached using their IP addresses (provided that the problem was just with the name servers and not other network services).


Addressing[edit]

Note: while a newer version of Internet Protocol, version 6, has been around for some time, currently most production systems still use the older version 4. To keep things simpler, we will stick to the older standard.

IPv4 addresses consist of four blocks (called octets) of decimal numbers from 0 to 255. Originally, the first octet contained the address of a network, the remainder was the host address. As Internet quickly grew, it was soon found lacking. In 1981, a new system called classful networking was introduced that divided networks into five classes.


Table: classes of networks in Internet, 1981-1993

Class Address Range Reserved Private Addresses Use
A 1.0.0.0–127.255.255.255 10.0.0.0–10.255.255.255 Generic networks
B 128.0.0.0–191.255.255.255 172.16.0.0–172.31.255.255 Generic networks
C 192.0.0.0–223.255.255.255 192.168.0.0–192.168.255.255 Generic networks
D 224.0.0.0–239.255.255.255 none multicast
E 240.0.0.0–255.255.255.255 none reserved

In 1993, the system was replaced by the Classless Inter-Domain Routing (CIDR). One of the main problems was that the difference between the address blocks of Class B and Class C networks was too large - the blocks of 256 in Class C were too small for many bigger enterprises, while the 65536 of Class B was too large.

CIDR allows for a more dynamic allocation of addresses. The main notation consists of the base IP and an added prefix (technically, the correct term would be "suffix" - as it follows the main body - but the original one has been kept). While the notation appears decimal (e.g. 192.168.0.0/22), the prefix actually indicates the number of bits in the binary form of the address that are allocated to the network.

Perhaps the easiest way to calculate the address space for every CIDR address is

232 - prefix (note: for the newer IPv6 standard, use 128 instead of 32)

e.g. 192.168.100.0/22 has 232-22 = 210 = 1024 addresses, running from 192.168.100.0 to 192.168.103.255.


Another method to alleviate the shortage of IPv4 addresses has been the use of private (inner) networks using the Network Address Translation (NAT). This has made possible using similar inner address blocks behind a single outside IP address, typically given to a router. Probably the most common such address block is the 192.168.0.0/16 or from 192.168.0.0 to 192.168.255.255.

Finally, the special address 127.0.0.1 is usually used for loopback, essentially meaning "the computer itself" regardless of its actual address.


Additional reading and links[edit]

Study and Blog[edit]

NBǃ Instead of blogging, e-mail a short report (exact details are not needed) about the tasks to the supervisorǃ


Back to the main course page