Cuyamaca College Cybersecurity Threats Questions

CybersecurityNetwork and Host Protection
Chapter 9
9.1 Security Layers
Security layers
●
●
2
Host security
•
Host-based firewall
•
Host intrusion detection system
Internal network security
•
Cyber Threat Intelligence (CTI)
•
Security Information and Event Management (SIEM)
•
Honeypot and Honey net
•
DNS infrastructure protection
•
Software defined networking (SDN)
•
Virtualization
•
Cloud computing network
Security Layers continued
●
3
Perimeter security
•
Access control list (ACL)
•
Perimeter (or border) firewall
•
Intrusion Detection System
•
Demilitarized zone (DMZ)
•
Proxy server
Access Control Lists
TABLE 9.2
An illustration of ACL on Cisco router
4
Interface ethernet0/0
# configure router port ethernet0/0
ip access-group 102 in
# define a filtering group of inbound traffic
Access-list 102 permit tcp any any eq 80
# allow HTTP web traffic
Access-list 102 permit tcp any any eq 443
# allow HTTPS web traffic
Access-list 102 permit tcp any any eq 25
# allow SMTP email traffic
Firewalls
a.
Perimeter security: A border firewall filters out unwanted packets at the entry point to a corporate
network. Egress data are monitored and filtered as well.
b.
Internal network security: Each segmented internal network can install its own firewall with an
access control tailored to the segment functions and requirements.
c.
Host security: Each enterprise server and workstation needs to install its own firewall to further
fortify host security (thus, host-based firewall). Defining defense rules customized for a particular host
provides another protection layer, even when the firewalls deployed to safeguard the entire network and
its segments are compromised.
5
Firewall functions
●
Inspection of the IP, TCP, UDP, and ICMP protocol data units (PDUs) in their header to apply
predefined filtering rules for intrusion prevention.
●
Inspection of the application layer PDU in its header and payload to apply various filtering rules
related to email and web contents, URL links, domain names, and malware signatures (i.e., unique
fingerprints of malware).
●
Network address translation (NAT) to hide internal IP addresses
●
VPN (virtual private network) gateway to protect remote connections over the Internet
6
Firewalls and Border Routers
7
Stateless Packet Filtering
Stateless filtering is the packet screening method in which the firewall
examines each packet as an isolated case.
( this also makes it prone to spoofing as each packet is treated
individually and not part of a packet flow.)
8
• If source IP = 172.16.*.* to 172.31.*.* or 192.168.*.*
#Private IP ranges
• If TCP destination port = 21
#FTP connection attempt
• If TCP destination port = 23
#Telnet connection attempt
Stateful Packet Filtering
With stateful filtering, the firewall inspects each packet in the context of previous engagements
(e.g., a session, packet exchange history), making the packet screening context-dependent and thus
more effective than stateless filtering.
9
●
If a packet’s source and destination sockets are in the state table, then allow it to pass.
●
If a packet’s source and destination sockets are not in the state table or the packet is not a
connection-opening attempt (i.e., no handshaking request), then deny.
Intrusion Detection System (IDS)
The IDS is a network/host security system often used along with the firewall.
the IDS monitors communications and unusual activities and attempts to detect and
alert any suspicious intrusion that has already taken place (e.g., malware already
gained a foothold).
there is a fundamental difference in their orientation between the firewall and
the IDS as the former’s task is to filter and stop disqualified packets and the
latter’s task is to detect and alert to suspicious activities.
10
Demilitarized Zone (DMZ)
11
Proxy Server
●
●
●
●
12
Keep internal computers anonymous by hiding their IP addresses through IP spoofing
Block access to restricted or blacklisted Internet sites
Scan inbound and outbound traffic to detect any malicious activities
Cache external websites frequently visited by employees to accelerate their downloading
Cyber Threat Intelligence (CTI)
13
Security Information and Event Management (SIEM)
Organizations use a software platform generally called SIEM to undertake the analytical task of CTI
14
SIEM’s Analytical Capabilities
●
●
●
●
15
Aggregation that combines data from multiple internal and external sources to enable their slicing
and dicing for data analysis from different angles
Correlation of data from different sources in order to search for suspicious activities. Some of the
correlation analysis is to finding similar alerts over time, revealing the order of similar events, and
searching for events detected by multiple network nodes.
Automated alerting of threats or similar network activities to CTI analysts or system administrators
for immediate remedial actions.
Analysis of log data from network nodes (e.g., IDS, firewall, proxy server) to determine the
company’s compliance with regulations and laws.
DNS
DNS (Domain Name System)
Domain and Name Resolution
▪ Domain: A boundary within which an organization controls its
network resources.
▪ Name resolution: Domain name 🡪🡪 IP address
Domain Hierarchy
▪ Top level domains (TLD): generic TLD, country code TLDs
▪ Second-level domain: sub-domain
▪ URL = protocol + domain name
16
DNS (Domain Name System)
DNS
Architecture
17
DNS Poisoning / DNS Spoofing
DNS poisoning is an act of substituting DNS entries in an attempt to redirect traffic to the system
owned or arranged by the attacker.
Threat actors can target a registrar system that handles domain registration to alter DNS records.
On compromising the registration system, the attacker can change the authoritative server of the
target domain to his/her own server.
18
DNS Poisoning
19
DNS Protection Measures
• The DNS server login needs to be protected with a strong password.
• Adequate access control to the DNS server needs to be in place. For example, only qualified
local clients can be allowed to query the local DNS server, and any external requests to the
local DNS server can be outright rejected.
• Deploy the DNSSEC (Domain Name System Security Extensions) standard to authenticate all
communications between DNS servers (e.g., zone transfer ). DNSSEC adds a layer of security
to the DNS infrastructure by implementing a suite of security protocols.
20
Software Defined Networking (SDN)
21
SDN Controller benefits
• Network ‘topology’ service that provides data plane devices with information on how they are
interconnected with each other.
• Inventory service that tracks the details of all SDN-enabled data forwarding devices.
• Host tracking service that furnishes IP and MAC addresses of hosts to data plane devices.
• Traffic engineering and load balancing that optimize network performance by regulating the
details of data transmissions.
• Decisions of packet routing and frame switching.
• Security monitoring and regulation/policy compliance.
• Management of virtual LANs (VLANs) and Spanning Tree Protocol (STP).
Server Virtualization
Traditional Computing Model
Traditional approach in deploying server hosts
23
Server Virtualization
Virtualization Concept
24
Server virtualization
Server Virtualization
Virtualization Approaches
Hosted virtualization
25
Hosted server virtualization
Server Virtualization
Virtualization Approaches
Hypervisor-based virtualization
26
Hypervisor-based server virtualization
Server Virtualization
Container based virtualization
27
Server Virtualization
Shared Infrastructure
28
Virtualization with shared infrastructure
Network Function Virtualization
End
Chapter 9
30
Cybersecurity: Threats
Chapter 8
Malicious Codes: Malware
Many different types of malware
2
Malicious Codes: Malware
Virus:
Program virus: Executable program with many different types of damage if infected
○ Spread by attaching to a benign program
○ Data Virus: infected document with macros like Excel or Powerpoint.
○
Worm:
A program to be able to self-replicate without human intervention
○ Not necessarily attached to another program for spreading
○ Spreading methods: social engineering, vulnerabilities of OS
○
Trojan:
Not designed for infecting files or cause damages
○ Not intended for self-replication
○ Mainly intended to create backdoors
○
3
Malicious Codes: Rootkit and Logic bomb
Rootkit:
○ The rootkit is a malware program used by an adversary to hide the presence of other malware
on a computer system and thus regular anti-virus software may not detect it. For this, it
secures the admin-level access privilege on a victim system and may alter or replace its
operating system files so that malicious activities are ignored or other malware is concealed.
Logic bomb:
○ The logic bomb is time bomb-style malware that lies dormant until a specific logical
event or condition is met to trigger its pre-programmed activities.
○ The logic bomb is mainly designed to inflict damages by corrupting or destroying
things (e.g., database, files, hard drive), a clear form of sabotage.
4
Malicious Codes: Ransomware
Ransomware:
○
Locker: limits access to a system or its data files by either denying input to
the graphical
user interface (GUI) or restricting computing resources (e.g., lock user files)
until a ransom is paid.
○
Crypto: encrypts data assets or paralyzes client/server computers,
holding an organization hostage for ransom in exchange for their
recovery.
5
Current threat statistics
• Ransomware is down, cryptomining is up
• By early 2018, 90 percent of all remote code execution
attacks were associated with cryptomining.
• Email is still the problem
• A recent IT survey found 56 percent said that targeted phishing
attacks were the top security threat they faced.
• Fileless attacks are on the rise
• average cost of a single attack at $5 million, with $1.25 million—a
quarter of the total—attributable to system downtime, and
another $1.5 million (30 percent) to IT and end user productivity
loss.
6
Source:https://www.csoonline.com/article/3153707/security/top-cybersecurity-facts-figures-and-statistics.html
Bot
●
Bot: a remotely controllable program
●
Botnet: A collection of such infected
computers
●
Conduct evil doing: spamming, stealing
personal information, DDOS attacks,
phishing, spreading new malware, …..
Bots and botnet creation
7
EXPLOIT WEAK OR MIS-CONFIGURATION
• Using default configurations that were set by the vendor
• Forgetting to change configurations meant for a temporary usage (e.g., testing)
• Leaving unused TCP/UDP ports open, exposing them to remote attacks
• Using loosely defined or incomplete firewall rules
• Failing to implement multi-factor authentication
Failure to Enforce Strong Passwords
The password can be stolen in many different ways including the trial and error, social
engineering, phishing, login spoofing, keystroke logging with malware, hacking of a password
database, and password cracking.
8
Password Cracking
● Brute Force Method
Available characters
Lowercase letters only
Lower & uppercase letters
combined
All ASCII characters that include
letters, numbers, and special
characters
6 characters
(48 bits)
10 minutes
10 hours
Password length
7 characters
(56 bits)
4 hours
23 days
9 characters
(72 bits)
4 months
178 years
18 days
4 years
44,530 years
Password cracking with brute force
● Dictionary Method
●
9

Password cracking speed

Spoofing (or Masquerading)
● Pretending (or faking) to be someone or something
● Among them are:
○ IP Address Spoofing
○
○
○
○
10
IP spoofing software
IP proxy server
MAC Address Spoofing
Email Address Spoofing
Web (or HTTP) Spoofing
MITM – DHCP Spoofing
Source: http://michellgroup.com/
Denial Of Service
● ICMP-based Pinging
● SYN requests
● DDOS (Distributed DOS)
● MAC Address Flooding
11
Packet Sniffing
Packet Sniffing with Wireshark
12
Port Scanning
Port Scanning with Zenmap
13
Copyright 2010-11
Social Engineering
14
Sample phishing emails
Man-in-the-middle (MITM)
Definition: An attacker intercepts packets and relay (or substitute)
them as a middle man.
DHCP Spoofing and MITM
15
Zero-Day Attack
● Software programs including OS have vulnerabilities
● Vendors are simply unaware of their existence.
● Some are found after years.
● It is an act of exploiting such software flaws.
Source: www.isaca.org
Zero Day vs. Less Than Zero
16
Cross site scripting SQL injection
Cross-site scripting (XSS) is a very common attack mechanism. It is designed to
execute a malicious script (e.g., javascript) in the browser of the victim computer.
Here, rather than sending the script directly to the victim computer, the attacker uses
an indirect approach. That is, the harmful script is injected into the website that accepts
and stores the submission without validating the content. A user who visits the website
could retrieve the evil script stored and download it, which will be automatically
executed by the browser
17
SQL injection
A bad actor can inject a malicious code (a SQL command) into a relational DB and
observe the site’s reaction. If the website accepts the malicious SQL command and
processes it (rather than filtering it), this reflects a flaw in the site’s program, posing a
serious security threat to the online business. A well-known example of the dangerous
SQL statement is: [SELECT * FROM customer_table WHERE first_name = ‘what-ever’
or ‘a’=‘a’]. If the statement is not filtered, then the SQL processing will retrieve all
records in the customer_table and send them to the attacker’s browser
18
WiFi Threats
● Wardriving (obsolete)
● Denial of service
● Rogue wireless access point
● Man-in-the-middle
19
End
Chapter 8
20
A Practical Introduction to Enterprise Network and
Security Management
A Practical Introduction to Enterprise
Network and Security Management
Bongsik Shin, Ph.D
CRC Press
Taylor & Francis Group
6000 Broken Sound Parkway NW, Suite 300
Boca Raton, FL 33487-2742
© 2017 by Taylor & Francis Group, LLC
CRC Press is an imprint of Taylor & Francis Group, an Informa business
No claim to original U.S. Government works
Printed on acid-free paper
International Standard Book Number-13: 978-1-4987-8797-0 (Hardback)
This book contains information obtained from authentic and highly regarded sources.
Reasonable efforts have been made to publish reliable data and information, but the
author and publisher cannot assume responsibility for the validity of all materials or
the consequences of their use. The authors and publishers have attempted to trace the
copyright holders of all material reproduced in this publication and apologize to
copyright holders if permission to publish in this form has not been obtained. If any
copyright material has not been acknowledged please write and let us know so we may
rectify in any future reprint.
Except as permitted under U.S. Copyright Law, no part of this book may be reprinted,
reproduced, transmitted, or utilized in any form by any electronic, mechanical, or other
means, now known or hereafter invented, including photocopying, microfilming, and
recording, or in any information storage or retrieval system, without written
permission from the publishers.
For permission to photocopy or use material electronically from this work, please
access www.copyright.com (http://www.copyright.com/) or contact the Copyright
Clearance Center, Inc. (CCC), 222 Rosewood Drive, Danvers, MA 01923, 978-7508400. CCC is a not-for-profit organization that provides licenses and registration for a
variety of users. For organizations that have been granted a photocopy license by the
CCC, a separate system of payment has been arranged.
Trademark Notice: Product or corporate names may be trademarks or registered
trademarks, and are used only for identification and explanation without intent to
infringe.
Visit the Taylor & Francis Web site at
http://www.taylorandfrancis.com
and the CRC Press Web site at
http://www.crcpress.com
Contents
Preface
Author
Chapter 1: Fundamental Concepts
1.1 Introduction
1.2 Network Elements
1.2.1 Host
1.2.1.1 Client–Server Mode
1.2.1.2 P2P Mode
1.2.1.3 Network Interface Card
1.2.2 Intermediary Device
1.2.3 Network Link
1.2.4 Application
1.2.5 Data/Message
1.2.6 Protocol
1.3 Modes of Communication
1.3.1 Methods of Data Distribution
1.3.1.1 Unicasting
1.3.1.2 Broadcasting
1.3.1.3 Multicasting
1.3.2 Directionality in Data Exchange
1.3.2.1 Simplex
1.3.2.2 Duplex
1.4 Network Topology
1.4.1 Point-to-Point Topology
1.4.2 Bus Topology
1.4.3 Ring Topology
1.4.4 Star (Hub-and-Spoke) Topology
1.4.5 Mesh Topology
1.4.6 Tree (or Hierarchical) Topology
1.5 Classification of Networks
1.5.1 Personal Area Network
1.5.2 Local Area Network
1.5.3 Metropolitan Area Network
1.5.4 Wide Area Network
1.5.5 Rise of Internet of Things
1.6 Subnetwork versus Inter-network
1.7 Measures of Network Performance
1.7.1 Capacity
1.7.1.1 Data Types and Data Rate
1.7.2 Delay
1.7.3 Reliability
1.7.4 Quality of Service
1.8 Numbering Systems
1.8.1 Binary versus Decimal
1.8.2 Binary versus Hexadecimal
1.9 Network Addressing
1.9.1 Characterizing Network Addressing
1.9.2 MAC Address
1.9.3 IP Address
1.9.4 Pairing of MAC and IP Addresses
Chapter Summary
Key Terms
Chapter Review Questions
Chapter 2: Architectures and Standards
2.1 Introduction
2.2 TCP/IP versus OSI
2.2.1 Standard Architecture
2.2.2 Standard and Protocol
2.2.3 Protocol Data Unit
2.3 Layer Functions: An Analogy
2.4 Layer Processing
2.5 Application Layer (Layer 5)
2.5.1 HTTP Demonstration
2.5.2 Select Application Layer Protocols
2.6 Transport Layer (Layer 4)
2.6.1 Provision of Data Integrity
2.6.1.1 Error Control
2.6.1.2 Flow Control
2.6.1.3 TCP and Data Integrity
2.6.1.4 UDP and Data Integrity
2.6.2 Session Management
2.6.2.1 Session versus No Session
2.6.2.2 Session Management by TCP
2.6.2.3 TCP Session in Real Setting
2.6.2.4 Additional Notes
2.6.3 Port Management
2.6.3.1 Port Types and Ranges
2.6.3.2 Source versus Destination Port
2.6.3.3 Socket
2.7 Internet Layer (Layer 3)
2.7.1 Packet Creation and Routing Decision
2.7.1.1 Packet Creation
2.7.1.2 Packet Routing Decision
2.7.2 Performing Supervisory Functions
2.8 Data Link Layer (Layer 2)
2.8.1 LAN Data Link
2.8.1.1 Frame and Switching
2.8.1.2 Link Types
2.8.1.3 Technology Standard(s)
2.8.1.4 Single Active Delivery Path
2.8.1.5 Frame’s MAC Addresses
2.8.2 WAN Data Link
2.9 Physical Layer (Layer 1)
2.10 Layer Implementation
2.10.1 Application Layer
2.10.2 Transport and Internet Layers
2.10.3 Data Link and Physical Layers
Chapter Summary
Key Terms
Chapter Review Questions
Chapter 3: Intermediary Devices
3.1 Introduction
3.2 Intermediary Devices
3.2.1 Operational Layers
3.2.2 Operating System
3.2.2.1 General Attributes
3.2.2.2 Access to Operating System
3.3 Hub (Multiport Repeater)
3.4 Bridge and Wireless Access Point
3.5 Switch
3.5.1 General Features
3.5.2 Switch Port
3.5.3 Switch Table
3.5.3.1 Switch Table Entries
3.5.3.2 Switch Learning
3.5.3.3 Aging of Entries
3.5.4 Switch Types
3.5.4.1 Nonmanaged versus Managed Switches
3.5.4.2 Store-and-Forward versus Cut-Through Switches
3.5.4.3 Symmetric versus Asymmetric Switches
3.5.4.4 Layer 2 versus Layer 3 Switches
3.5.4.5 Fixed, Stackable, and Modular Switches
3.5.4.6 Power over Ethernet
3.5.5 Security Issues
3.5.5.1 Safeguarding Switch Ports
3.5.5.2 Port Mirroring
3.6 Routers
3.6.1 Two Primary Functions
3.6.1.1 Routing Table Development and Its Update
3.6.1.2 Packet Forwarding
3.6.2 Router Components
3.6.3 Router Ports and Naming
3.6.4 Router Configuration
3.6.4.1 Basic Features
3.6.4.2 Advanced Features
3.7 Switching versus Routing
3.7.1 Data Link Layer versus Internet Layer
3.7.2 Connection-Oriented versus Connectionless
3.7.3 Single Delivery versus Multiple Delivery Paths
3.8 Address Resolution Protocol
3.8.1 Background
3.8.2 ARP Usage Scenarios
3.9 Choice of Intermediary Devices
3.10 Collision versus Broadcast Domains
3.10.1 Collision Domain
3.10.1.1 Collision Domain Types
3.10.1.2 Collision Domain and Network Design
3.10.1.3 CSMA/CD
3.10.2 Broadcast Domain
Chapter Summary
Key Terms
Chapter Review Questions
Chapter 4: Elements of Data Transmissions
4.1 Introduction
4.2 Data Transmission Elements
4.2.1 Digital Signaling
4.2.1.1 On/Off Signaling
4.2.1.2 Voltage Signaling
4.2.2 Analog Signaling
4.2.2.1 Properties of Analog Signal
4.2.2.2 Modulation
4.2.3 Signaling Devices
4.2.3.1 Modem and Analog Signaling
4.2.3.2 CSU/DSU and Digital Signaling
4.2.4 Bandwidth and Related Concepts
4.2.4.1 Bandwidth
4.2.4.2 Baseband and Broadband
4.2.5 Synchronous versus Asynchronous Transmissions
4.2.5.1 Asynchronous Transmission
4.2.5.2 Synchronous Transmission
4.2.6 Multiplexing
4.2.6.1 Frequency Division Multiplexing
4.2.6.2 FDM Example: ADSL
4.2.6.3 Time Division Multiplexing
4.2.6.4 TDM Example: T-1 Line
4.2.6.5 Spread Spectrum
4.2.7 Digital Speed Hierarchies
4.2.7.1 Digital Signal
4.2.7.2 Optical Carrier/Synchronous Transport Module
4.3 Networking Media
4.3.1 Propagation Effects
4.3.1.1 Attenuation
4.3.1.2 Distortion
4.3.2 Twisted Pairs
4.3.2.1 UTP versus STP
4.3.2.2 Cable Structure and Categories
4.3.2.3 Twisted-Pair Patch Cable
4.3.3 Optical Fibers
4.3.3.1 Advantages
4.3.3.2 Physical Structure
4.3.3.3 Single Mode versus Multimode
4.3.3.4 Fiber Patch Cable
4.3.4 LAN Cabling Standards
4.4 Structured Cabling
4.4.1 Background
4.4.2 Structured Cabling System
Chapter Summary
Key Terms
Chapter Review Questions
Chapter 5: IP Address Planning and Management
5.1 Introduction
5.2 Governance of IP Address Space
5.3 Structure of the IP Address
5.3.1 Binary versus Decimal Value Conversion
5.3.2 Structure of the IP Address
5.4 Classful IP: Legacy
5.4.1 Class A Network
5.4.2 Class B Network
5.4.3 Class C Network
5.5 Classless IP: Today
5.6 Special IP Address Ranges
5.6.1 Loopback
5.6.1.1 Internal Testing of TCP/IP Stack
5.6.1.2 Off-Line Testing of an Application
5.6.2 Broadcasting
5.6.2.1 Limited Broadcasting
5.6.2.2 Directed Broadcasting
5.6.2.3 Security Risk of Directed Broadcasting
5.6.3 Multicasting
5.6.4 Private IP and NAT
5.6.4.1 NAT: One-to-One IP Mapping
5.6.4.2 NAT: Many-to-One IP Mapping
5.6.4.3 Pros and Cons of NAT
5.7 Subnetting
5.7.1 Defining Subnet Boundary (Review)
5.7.2 Subnetwork Addressing
5.8 Subnet Mask
5.8.1 Subnet Mask
5.8.2 Subnetting Address Space
5.8.3 Broadcasting within a Subnet
5.9 Supernetting
5.10 Managing IP Address SPACE
5.10.1 Determining Number of Nodes
5.10.2 Determining Subnets
5.10.2.1 Managing Security with DMZ Subnet
5.10.2.2 Developing IP Assignment Policy
Chapter Summary
Key Terms
Chapter Review Questions
Hands-On Exercise: Enterprise IP Management at Atlas Co.
Chapter 6: Fundamentals of Packet Routing
6.1 Introduction
6.2 Routing Mechanism
6.3 Routing Table
6.3.1 Background
6.3.2 Routing Table Elements
6.4 Packet Forwarding Decision
6.5 Entry Types of Routing Table
6.5.1 Directly Connected Routes
6.5.2 Static Routes
6.5.2.1 Static Routes of a Router
6.5.2.2 Static Routes of a Host
6.5.3 Dynamic Routes
6.6 Dynamic Routing Protocols
6.6.1 Protocol Categories
6.6.1.1 Interior Gateway Protocols
6.6.1.2 Exterior Gateway Protocols
6.6.2 Delivery of Advertisement
6.6.3 Determination of Dynamic Routes
6.6.4 Security Management
6.6.5 Static versus Dynamic Routing
6.7 Inter-domain Routing
6.8 Perspectives on Packet Routing
Chapter Summary
Key Terms
Chapter Review Questions
Chapter 7: Ethernet LAN
7.1 Introduction
7.2 Standard Layers
7.3 Ethernet Frame
7.3.1 Frame Structure
7.3.2 Addressing Modes
7.4 Ethernet LAN Design
7.4.1 Flat versus Hierarchical Design
7.4.2 Access Layer
7.4.3 Distribution and Core Layers
7.4.4 Benefits of Hierarchical Design
7.5 Spanning Tree Protocol
7.5.1 Link Redundancy
7.5.2 Protocols and Mechanism
7.6 Link Aggregation
Review Questions
7.7 Virtual LANs (VLANs)
7.7.1 Background: Without VLANs
7.7.2 VLAN Concept
7.8 VLAN Scenarios
7.8.1 Without VLANs
7.8.2 With VLANs
7.8.2.1 Define VLANs on Switches
7.8.2.2 Plan the Range of Trunk and Access Ports
7.8.2.3 Assign Access Ports to VLANs
7.8.3 How VLANs Work
7.8.4 VLAN ID versus Subnet Addressing
7.9 VLAN Tagging/Trunking (IEEE802.1Q)
7.9.1 Background
7.9.2 VLAN Tagging
7.9.3 VLAN Tagging/Untagging Process
7.10 VLAN Types
7.10.1 Default VLAN
7.10.2 Data VLAN
7.10.2.1 Data VLAN and Security
7.10.3 Voice VLAN
7.11 Inter-VLAN Routing
7.11.1 A Router Interface per VLAN
7.11.1.1 Scenario 1
7.11.1.2 Scenario 2
7.11.2 Sub-Interfaces/Ports (Advanced)
7.12 VLANS and Network Management
Chapter Summary
Key Terms
Chapter Review Questions
Chapter 8: Wireless LAN (WiFi)
8.1 Introduction
8.2 Standard Layers and Wireless Cards
8.3 WiFi Setup Modes
8.3.1 Ad Hoc Mode
8.3.2 Infrastructure Mode
8.4 Wireless Access Points
8.4.1 AP in Infrastructure Mode
8.4.2 AP in Non-infrastructure Modes
8.4.2.1 Repeater Mode
8.4.2.2 Bridge Mode
8.5 SSID, BSS, and ESS
8.5.1 Service Set Identifier
8.5.2 BSS versus ESS
8.5.2.1 Basic Service Set
8.5.2.2 Extended Service Set
8.6 Media Access Control
8.6.1 CSMA/CA
8.6.2 RTS/CTS
8.7 WiFi Frames
8.7.1 Data Frame
8.7.2 Management Frame
8.7.3 Control Frame
8.8 WiFi and Radio Frequency
8.8.1 Radio Spectrum
8.8.1.1 Low versus High Radio Frequency
8.8.1.2 Governance
8.8.1.3 Licensed versus Unlicensed Radio
8.8.2 WiFi Channels
8.8.3 Planning Basic Service Sets
8.9 Authentication and Association
8.9.1 Three-Stage Process
8.9.2 Authentication Methods of a Station
8.9.2.1 Open Authentication
8.9.2.2 Pre-shared Key Authentication
8.9.2.3 Authentication Server
8.9.2.4 Additional Notes on Security
8.10 WiFi Standards
8.10.1 IEEE802.11n
8.10.1.1 Throughput Modes
8.10.1.2 2.4/5.0 GHz Bands
8.10.1.3 Single-User MIMO
8.10.1.4 QoS Support
8.10.2 IEEE802.11ac
8.10.2.1 5.0 GHz Band
8.10.2.2 Throughput Modes
8.10.2.3 Multi-user MIMO
8.11 WiFi Mesh Network (IEEE802.11s)
8.12 WiFi Home/SOHO Network
8.12.1 DSL/Cable Modem
8.12.2 Wireless Access Router
8.12.3 IP Configuration
8.12.4 Case: Wireless Access Router Configuration
Chapter Summary
Key Terms
Chapter Review Questions
Chapter 9: Wide Area Network
9.1 Introduction
9.2 WAN and Enterprise Networks
9.2.1 WAN Connection Scenarios
9.2.2 Service-Level Agreement
9.2.3 CPE versus SPF
9.2.3.1 Demarcation Point
9.2.4 WAN Design Considerations
9.3 Layers of WAN Standards
9.3.1 Physical Layer
9.3.2 Data Link Layer
9.3.2.1 Circuit Switching
9.3.2.2 Packet Switching
9.3.3 Comparison: WAN versus LAN
9.4 IP Addressing for WAN Links
9.4.1 Leased Lines
9.4.2 Packet Switched Data Network
9.4.2.1 One Subnet between Two Locations
9.4.2.2 One Subnet for All Locations
9.5 Physical Layer Options: Leased Lines
9.5.1 T-Carrier/E-Carrier
9.5.1.1 T1 and T3 Circuits
9.5.2 SONET/SDH
9.6 Data Link Standard: Leased Lines
9.6.1 PPP Frame Structure
9.6.2 Router Authentication
9.6.2.1 PAP versus CHAP
9.7 Data Link Standards: PSDN
9.7.1 General Attributes
9.7.2 Virtual Circuits
9.7.2.1 WAN Switch Table
9.7.2.2 PVC versus SVC
9.7.2.3 Access Link Speeds
9.8 Frame Relay
9.8.1 General Characteristics
9.8.2 Frame Structure
9.8.3 Data Link Connection Identifier
9.8.3.1 How DLCI Works
9.8.3.2 FR Switch Table
9.8.3.3 Multiple VCs and DLCIs
9.8.4 Mapping IP Addresses
9.9 Asynchronous Transfer Mode
9.9.1 Background
9.9.2 Cell Switching
9.9.3 Quality of Service
9.10 Carrier Ethernet
9.10.1 Background
9.10.2 Strengths
9.10.3 Service Transport
9.11 Multi-Protocol Label Switching
9.11.1 Labels and Label Information Base
9.11.2 Benefits of MPLS
9.12 Wireless WAN: Cellular Network
9.12.1 General Architecture
9.12.1.1 Cell
9.12.1.2 Base Station
9.12.1.3 Mobile Terminal Switching Office
9.12.1.4 Call Channels
9.12.2 Multiple Access Technologies
9.12.2.1 Frequency Division Multiple Access
9.12.2.2 Time Division Multiple Access
9.12.2.3 Code Division Multiple Access
9.12.2.4 Orthogonal Frequency Division Multiple Access
9.12.3 Generations of Cellular Standards
9.12.4 LTE and Future
9.12.4.1 Long-Term Evolution
9.12.4.2 What Does the Future Hold?
Chapter Summary
Key Terms
Chapter Review Questions
Chapter 10: The Internet and Client–Server Systems
10.1 Introduction
10.2 Internet Architecture
10.2.1 Internet Service Provider
10.2.1.1 National ISPs
10.2.1.2 Regional/Local ISPs
10.2.1.3 ISP Network Architecture
10.2.2 Internet Exchange Point
10.2.3 Autonomous System
10.2.4 World Wide Web and Search Engine
10.2.4.1 World Wide Web
10.2.4.2 Deep Web
10.3 VPN for Secure Communications
10.3.1 Technology
10.3.1.1 Background
10.3.1.2 VPN Technology
10.3.2 Benefits of VPN
10.3.2.1 Cost-Effectiveness
10.3.2.2 Accessibility and Scalability
10.3.2.3 Flexibility
10.3.3 Risks of VPN
10.3.3.1 Reliability
10.3.3.2 Security
10.3.4 Types of VPN
10.3.4.1 Remote-Access VPN
10.3.4.2 Site-to-Site VPN
10.3.5 VPN Standards
10.3.6 IP Security
10.3.6.1 Tunnel Mode
10.3.6.2 Transport Mode
10.3.7 Secure Socket Layer
10.3.7.1 Broad Acceptance
10.3.7.2 VPN Implementation
10.3.7.3 SSL and Internet Commerce
10.3.8 IPSec versus SSL
10.4 IPv6 (IP Next Generation)
10.4.1 Background
10.4.2 IP Packet Structure
10.4.3 IP Addressing
10.4.3.1 Subnet Address Bits
10.4.3.2 Host Address Bits
10.4.4 Address Abbreviation
10.4.5 IPv6 versus IPv4 Standards
10.4.6 Transition Approaches
10.4.6.1 Dual IP Stacks within a Node
10.4.6.2 Direct Address Conversion
10.4.6.3 Packet Tunneling
10.5 Client–Server Applications
10.5.1 Domain Name System
10.5.1.1 Domain and Name Resolution
10.5.1.2 Domain Hierarchy
10.5.1.3 DNS Architecture
10.5.1.4 Host DNS File
10.5.2 Dynamic Host Configuration Protocol
10.5.2.1 The Process View
10.6 Server Virtualization
10.6.1 Traditional Computing Model
10.6.2 Virtualization Concept
10.6.3 Virtualization Approaches
10.6.3.1 Hosted Virtualization
10.6.3.2 Hypervisor-Based Virtualization
10.6.4 Shared Infrastructure
10.6.5 Summary: Benefits Realized
Chapter Summary
Key Terms
Chapter Review Questions
Chapter 11: Cybersecurity: Threats
11.1 Introduction
11.2 Malicious Codes: Malware
11.2.1 Virus
11.2.2 Worm
11.2.3 Trojan
11.2.4 Bot
11.2.5 Other Malware Types
11.2.6 Malware Issues
11.3 Password Cracking
11.3.1 Brute Force Method
11.3.2 Dictionary Method
11.4 Spoofing
11.4.1 Source Address Spoofing
11.4.1.1 IP Spoofing
11.4.1.2 MAC Spoofing
11.4.2 Email Spoofing
11.4.3 Web (or HTTP) Spoofing
11.5 Denial of Service
11.5.1 Pinging and SYN Requests
11.5.1.1 Pinging
11.5.1.2 SYN Requests
11.5.2 Distributed DOS
11.5.3 MAC Address Flooding
11.6 Packet Sniffing
11.6.1 Packet Sniffing with Wireshark
11.7 Port Scanning
11.7.1 Port Scanning with Zenmap
11.8 Social Engineering
11.9 Man-in-the-Middle
11.9.1 MITM with Bogus DHCP Server
11.10 Spam
11.11 Poisoning
11.11.1 ARP Poisoning (ARP Spoofing)
11.11.2 DNS Poisoning (DNS Spoofing)
11.12 Zero-Day Attack
11.13 WiFi Threats
11.13.1 Wardriving
11.13.2 Denial of Service
11.13.3 Rogue AP
11.13.4 MITM
Chapter Summary
Key Terms
Chapter Review Questions
Chapter 12: Cybersecurity: Defenses
12.1 Introduction
12.2 Security Requirements and Solutions
12.2.1 Security Requirements
12.2.1.1 Confidentiality (Privacy)
12.2.1.2 Data Integrity
12.2.1.3 Authentication
12.2.1.4 Access Control/Authorization
12.2.1.5 Availability
12.2.2 Technology Solutions
12.3 Principles in Architecting Defense
12.3.1 Layering
12.3.2 Limiting
12.3.3 Simplicity
12.4 Firewall
12.4.1 Firewall and DMZ
12.4.1.1 Separating Firewall and Border Router
12.4.2 Firewall Functions and Management
12.4.2.1 Firewall Functions
12.4.2.2 Managing Firewall
12.4.3 Stateless versus Stateful Filtering
12.4.3.1 Stateless Filtering
12.4.3.2 Stateful Filtering
12.5 Access Control List
12.5.1 How Many ACLs?
12.5.2 ACL Filtering versus Packet Routing
12.6 Cryptography
12.6.1 Cryptography System
12.6.1.1 Basic Components
12.6.1.2 How It Works
12.6.2 Symmetric-Key Cryptography
12.6.3 Asymmetric-Key Cryptography
12.6.3.1 How It Works
12.6.3.2 Pros and Cons
12.6.4 Hybrid Approach
12.6.5 Hashing Cryptography
12.7 Digital Signature
12.8 Digital Certificate
12.8.1 Digital Certificate
12.8.2 Certificate Authority
12.9 Security Protocol
12.9.1 WiFi Security Standards
12.9.1.1 Wired Equivalent Privacy
12.9.1.2 WiFi Protected Access (WPA and WPA2)
12.9.1.3 Enterprise Mode versus Personal Mode
Chapter Summary
Key Terms
Chapter Review Questions
Glossary
Acronyms
Index
Preface
This book is written for those who study or practice information technology,
management information systems (MIS), accounting information systems (AIS), or
computer science (CS). It is assumed that readers are exposed to computer networking
and security subjects for the first time. Computer networking and cybersecurity are
challenging subjects, partly because of the constant rise and fall of related technologies
and IT paradigms. As the title implies, much focus of this book is on providing the
audience with practical, as well as, theoretical knowledge necessary to build a solid
ground for a successful professional career.
If used for a class, the book of 12 chapters contains just about right amount of
coverage for a semester or quarter. It balances introductory and fairly advanced
subjects on computer networking and cybersecurity to effectively deliver technical and
managerial knowledge. Although the writing is moderately dense, utmost attempts
have been made on explaining sometimes challenging concepts in a manner that
readers can follow through, with careful reading.
The book is designed to offer impactful, hands-on learning experience without
relying on a computer lab. First, each chapter comes with practical exercise questions.
In the class setting, they are good as individual or group assignments. Many of them
are based on simulated or real cases, and take advantage of actual industry products
and systems for a reader to better relate theories to practice. Second, there are a
number of information-rich screen shots, figures, and tables in each chapter carefully
constructed to solidify concepts and thus enhance visual learning.
In addition to the thorough technical details, managerial issues including, enterprise
network planning, design, and management are embedded throughout the book from
the practitioner’s perspective to assist balanced learning. Besides, bearing in mind of
the critical importance of security in today’s enterprise networks, implications of
network design and management on enterprise security are discussed whenever
appropriate. Lastly, to further reinforce knowledge in security management, two
chapters are dedicated to introduce fundamentals of cybersecurity in terms of threat
types and defense techniques.
Author
Bongsik Shin is a professor of management information systems at San Diego State
University. He earned a Ph.D. from the University of Arizona and was an assistant
professor at the University of Nebraska at Omaha before joining San Diego State
University. He has taught computer network & cybersecurity management, business
intelligence (data warehousing & data mining, statistics), decision support systems,
electronic commerce, and IT management & strategy. Especially, he has been teaching
computer networking and cybersecurity continuously over 20 years.
His academic activities in pursuit of teaching and research excellence have been
funded by more than 25 internal and external grants. His recent research efforts have
been all about cybersecurity on subjects related to cyber threat intelligence,
ransomware, authentication & access control and countermeasures of phishing.
Recently, his team, he as the principal investigator, has been awarded a grant by the
US Department of Defense to conduct research on “Actionable Intelligence-Oriented
Cyber Threat Modeling.”
He has published more than 30 articles in such high impact journals as MIS
Quarterly; IEEE Transactions on Engineering Management; IEEE Transactions on
Systems, Man, and Cybernetics; Communications of the ACM; Journal of Association
for Information Systems; European Journal of Information Systems; Journal of
Management Information Systems; Information Systems Journal; Information &
Management; and Decision Support Systems. In 2016, he served as a conference cochair of the Americas Conference on Information Systems, one of the three largest
MIS conferences with attendees from 40+ countries.
1 Fundamental Concepts
1.1 Introduction
By definition, the computer network represents a collection of wired and wireless
communication links through which computers and other hardware devices exchange
data (or messages). A network can be either as small as the one installed in a house or
as big as the Internet that literally covers the entire planet. The size of a particular
network, thus, reflects the size of the place (e.g., building, campus) where it is
installed. In recent days, the wireless and wired network links have become the arteries
of organizations (e.g., companies, universities) and the society, revolutionizing every
facet of our life by facilitating resource (e.g., storage) sharing and exchange of data
(e.g., texts, videos, music) in an unprecedented manner. Throughout this book, the two
terms “data” and “message” are used synonymously.
Because of the rapid advancement of information and communication technologies
(ICTs), more electronic and mobile devices are being attached to the computer
network. Among them are digital smart phones, high-definition Internet protocol
televisions (IPTVs), music and video game players, tablets such as iPads, electronic
appliances, and control and monitoring systems (e.g., security cameras, closed-circuit
televisions (CCTVs), traffic signals). The rapid increase of various digital devices is
transforming the network into a more dynamic, diversified, and, at the same time,
more vulnerable platform.
Besides the digital computer network, there are also other traditional network
platforms that existed long before the digital revolution. They include radio/TV
broadcasting networks and public switched telephone networks. The traditional
networks are, however, not the focus of this book.
Although traditional networks and digital computer networks started off on separate
platforms, their convergence has been taking place. For instance, nowadays, more
voice calls are digitized and transported over the Internet. Think of the popularity of
Internet call services such as Skype, Vonage, and Google Voice. The convergence is
accelerating as the computer network has become stable in handling both non-realtime (e.g., email, web browsing) and real-time (e.g., voice, live video) traffic.
The prevalence of computer networks, meanwhile, poses a great deal of
cybersecurity threats to individuals, organizations (e.g., businesses, universities), and
governments. The threats are getting stealthier and sophisticated, inflicting more grave
consequences on victims than ever before. Aggressors and organized crimes have
mounted various cybersecurity attacks, and numerous ill-prepared individuals and
public/private organizations have suffered dearly. Amid the constant news of
cybersecurity breaches, adequate preparations including threat monitoring and
prevention have become essential in the design and operation of computer networks.
This chapter covers the fundamental concepts of computer networking.
Main objectives of this chapter are to learn the following:
Key elements of a computer network
Methods used by network nodes to distribute data
Directionality in data propagation
Network topologies focusing on physical layouts
Classification of networks in terms of their scope
Subnetwork versus inter-network
Key measures of network performance
Binary, decimal, and hexadecimal numbering systems
Addressing methods: Internet protocol (IP) and media access control (MAC)
1.2 Network Elements
A computer network is made up of various hardware and software components
including hosts, intermediary devices, network links (or communication links),
applications, data, and protocols. Figure 1.1 demonstrates a simple network in which
two hosts (i.e., a personal computer (PC) and a server) exchange data produced by
applications (e.g., web browser, web server) in accordance with a protocol over the
two network links joined by an intermediary device. Each of the constituents is briefly
explained.
1.2.1 Host
In this book, the host is defined as a data-producing entity attached to a network, and it
has been primarily a computer. Oftentimes, hosts are also called end devices, end
systems, or end stations. They are capable of accepting user inputs (e.g., keyboarding,
video feeds from a camera), processing them, generating outputs in the form of 1s and
0s, and storing them. The outputs can be digitized texts, sounds, images, videos, or any
other multimedia contents that can be transported over the computer network.
Figure 1.1 Key elements of a computer network.
The host is generally a source or a destination of data in transit, and it has been
predominantly a general-purpose or high-performance computer (e.g., PC, laptop,
mainframe, supercomputer). Because of continuous addition of nontraditional
computing and communication devices to the network, host types are much more
diversified these days. They include smart phones, personal digital assistants (PDAs),
video game consoles, home electronics and appliances, and other peripheral devices,
such as, network-enabled printers, copiers, and fax machines. When hosts exchange
data over a network, their relationship is in one of two modes: client–server or peer-topeer (P2P) (see Figure 1.2).
Figure 1.2 Client–server versus P2P networking.
1.2.1.1 Client–Server Mode
In the client–server mode, a host acts as a dedicated client or server. The client host
takes advantage of resources (e.g., files, storage space, databases, web pages, central
processing unit (CPU) processing) offered by servers. The server host generally has
high-performance capacity to quickly respond to resource requests from client hosts.
In the early days, many programs (e.g., Microsoft Outlook for email) installed in the
client host were tailored to a particular server application (e.g., Microsoft Exchange).
However, the web browser (e.g., Firefox, Google Chrome) has changed it all. The
browser has become an application that allows a client host to communicate with many
different server applications (e.g., email, database, web servers) over the network. This
one client (web browser) to many server applications has benefitted individuals and
organizations tremendously. Above all, using the “thin” client in which a client host
only needs a web browser to take advantage of resources available from various
servers, organizations can control IT spending and save efforts necessary to maintain
programs on client hosts.
1.2.1.2 P2P Mode
In P2P networking, each participating host on a network behaves as both a client and a
server in sharing resources with other hosts. As an example, by joining P2P filesharing sites such as BitTorrent.com, anyone can download multimedia files available
from other participating computers (client mode) and, at the same time, allow others to
copy files available in his/her hard drive (server mode) over the Internet. As another
example of the P2P technology, today’s operating systems such as Windows support
P2P networking among nearby computers, especially through the WiFi technology
called WiFi Direct.
Exercise 1.1
1. It is generally agreed that the client–server approach has several advantages
over P2P computing. Explain why in terms of the following aspects. Search the
Internet if necessary.
a. Easier to protect server resources such as data
b. Better accessibility to server resources
c. Easier to back up server resources
d. More cost-effective in maintaining and upgrading server programs (or
applications)
e. Easier to add server resources to meet growing demands
2. Create a simple private P2P network and conduct file swapping. For this, form
a team of two students each with his/her own computer. Then, create a P2P
network by connecting the two computers on WiFi. P2P requires additional
configuration (e.g., creation of a workgroup on Windows). Once the
configuration is complete, exchange files over the P2P network. If necessary,
conduct Internet search to learn the setup procedure.
1.2.1.3 Network Interface Card
To access a network, the host should be equipped with at least one network interface
card (NIC), which is an electronic circuit board. Also called an adaptor or a local area
network (LAN) card, the NIC is generally built into a computer these days, and it
converts host-generated binary data (e.g., emails) into signals (e.g., electronic currents,
lights, radio signals) and releases them to the network. The NIC also accepts signals
arriving over the network, restores original data, and forwards them to the host’s CPU
for processing.
Figure 1.3 NIC cards for (a) Ethernet and (b) WiFi. (From Amazon.com.)
Many user computers have two NICs these days: one for cabled Ethernet LAN and
the other for Wireless (or WiFi) LAN to enable both wired and wireless networking as
needed. Figure 1.3 illustrates NIC cards for Ethernet and WiFi. It can be observed that
an Ethernet NIC has one or more ports that allow physical connectivity of a computer
to the wired network, but the wireless NIC (WNIC) has one or more antennas for radio
communications. Wireless NICs in universal serial bus (USB) are also popular. Each
NIC comes with a unique address, called a physical or MAC address (to be explained).
1.2.2 Intermediary Device
Depending on the size, a network can have many different intermediary devices that
conduct functions necessary to relay data between the source and destination hosts.
Intermediary devices do not produce user data, but transport them in an effective,
reliable, and secure manner. Among the frequently used intermediary devices are
modems, firewalls, multiplexers, channel service unit (CSU)/data service unit (DSU),
hubs (or multiport repeaters), switches, routers, bridges, and wireless access points.
Their functional details are explained in other chapters, mainly in Chapter 3.
Hubs, bridges, wireless access points, and switches provide hosts (e.g., clients,
servers) with inter-connectivity “within” a network segment called a subnetwork (or
subnet). In contrast, the router is used to tie different network segments (or
subnetworks). The data-forwarding activity (e.g., email delivery between two nodes)
taking place within a subnetwork boundary is termed as intra-networking and that
across two or more subnetworks joined by routers is called inter-networking (see
Figure 1.4). In other words, hubs, bridges, wireless access points, and switches are
intra-networking devices, and routers are inter-networking devices. More on intra-
networking versus inter-networking is explained in Section 1.6.
Figure 1.4 Intra-networking and inter-networking devices.
Intermediary devices are distinct from each other in many different ways. For
example, some devices (e.g., hubs) transmit data in the half-duplex mode, whereas
others (e.g., switches, routers) transmit data in the full-duplex mode (for more details,
see Section 1.3.2). Some devices are hardware-driven in performing their primary
functions, while others rely more on their software capability. Software-enabled
devices generally use a higher level of intelligence to conduct networking functions
than their hardware-enabled counterparts. Intermediary devices are also different in
their processing speeds, in their capacity of data filtering and security provision, and in
the addressing mechanism used to move data.
As with the host, an intermediary device also has one or more internal network cards
with built-in ports (or interfaces) to tie wireless or wired network segments. Because
of the critical importance of intermediary devices in computer networking, Chapter 3
is dedicated to cover their structural and functional features in detail. The term
“network node” is used throughout the book as an inclusive concept that refers to an
intermediary device or a host.
Network nodes = Intermediary devices + Hosts (end devices).
1.2.3 Network Link
The network link is a wired (or guided) or wireless (or unguided) connection that
enables data exchange between network nodes. Various communication media have
been used to form a link. Copper wires (e.g., twisted pairs, coaxial cables) and optical
fibers made of extremely pure glass or plastic are the predominant wired transmission
media these days. The earth’s atmosphere becomes the medium of wireless
communications. Data are transported in the form of various signals through the
guided and unguided media: electronic signals through copper wires and coaxial
cables, light signals through optical fibers, and radio/microwave signals in the
atmosphere. Details on the media and communication signals are explained in Chapter
4.
The network link can be either an access link or a trunk link. While the access link
provides direct connectivity between a host (end station) and an intermediary device,
the trunk link interconnects intermediary devices (e.g., router–router, router–switch,
switch–switch), resulting in the extension of network span. The trunk link is a point-topoint connection, and it generally carries traffic that comes from multiple access links.
When two hosts exchange data through two or more intermediary devices, they take
one or more trunk links to complete the end-to-end data delivery (see Figure 1.5).
Although trunk links are not necessary to create a small-scale network such as the one
shown in Figure 1.1, most organizations rely on them to create an enterprise network.
Figure 1.5 Access links versus trunk links.
Exercise 1.2
The hypothetical enterprise network of an organization shown in Figure 1.6 covers
one main office and two remotely located branch offices. Each office has its own
LAN, and the three LANs are interconnected by routers (R1, R2, and R3) over the
three wide area network (WAN) links leased from a WAN service provider.
Figure 1.6 A hypothetical enterprise network.
1.
2.
3.
4.
5.
6.
7.
How many hosts does each LAN contain?
How many intermediary devices does each LAN contain?
How many access links and trunk links are there in each LAN?
What is the total number of access links and trunk links?
How many network nodes are there in the enterprise network?
What intermediary devices are used for intra-networking in each LAN?
What intermediary device is used for inter-networking?
1.2.4 Application
The application (e.g., MS Outlook, web browser) represents a software program
developed to support a specialized user task (e.g., email exchange, web surfing).
Numerous applications have been introduced to support various tasks over the
computer network. Many of them are designed to improve communications, which
include those of email (e.g., Outlook, Thunderbird), instant messaging (e.g., Yahoo
Messenger), and voice & video (e.g., Skype, Google Voice). Also, the web browser
has become an extremely popular application on which countless online services (e.g.,
social networking, online banking, e-commerce, cloud computing) are offered over the
Internet.
Applications can be characterized from different angles, and their individual and
organizational usage has important implications on the design of computer networks
because of the close relevance between application types and requirements of network
performance. For instance, the majority of user applications need to be supported by
the following:
Predictable or guaranteed network reliability (e.g., financial transactions)
Predictable or guaranteed network capacity/speed (e.g., videoconferencing)
Little or no network delay/latency (e.g., audio conferencing, video streaming)
Reasonable network responsiveness (though not real time) (e.g., web browsing,
instant messaging)
Figure 1.7 Transmission of discrete data units over a computer network.
1.2.5 Data/Message
Applications produce data (or messages) that need to be transported over the network.
The data may be real-time or interactive audios/videos, or such static contents as web
pages and emails. In computer networking, data produced are packaged in discrete
data units and are delivered to the destination one by one. As a simple demonstration,
imagine a network-enabled conversation between two persons and observe how their
dialog is packaged into discrete data units and gets delivered (see Figure 1.7).
The general name of each data unit is packet. Each packet contains source data and
additional overhead information necessary for its delivery, such as source and
destination addresses. To better visualize the relationship between source data and a
packet, think of a letter (as source data) contained in an envelope with mailing
addresses (as a packet).
1.2.6 Protocol
A host application (e.g., web browser, email program) produces and exchanges
data/messages according to a protocol, which contains a collection of detailed
communication rules. For this, an application has a particular protocol built into it
(e.g., Hypertext Transfer Protocol [HTTP] embedded in the browser). The application
produces outgoing data and interprets incoming data strictly based on the set of
communication rules defined by the built-in protocol. There are two types of
communication rules:
Syntactic rules: Rules regarding the format of a message in its construction
Semantic rules: Rules concerned with the meaning or interpretation of a message
For example, if a computer user enters http://www.facebook.com into a web browser’s
Uniform Resource Locator (URL), the browser produces a simple request message
according to the built-in HTTP. Here, the request message has syntax similar to
GET/HTTP/1.1
Host: www.facebook.com
so that the target host (www.facebook.com server) can understand/interpret its
meaning (or semantics). The semantics of the above statements is “Please send me the
main page of www.facebook.com using HTTP, version 1.1.” The request message thus
produced is then dispatched to the target server.
Certain protocols are standardized so that hardware and software vendors can
incorporate them into their own products. For example, HTTP is a standard protocol
adopted by all web browsers (e.g., Firefox, Internet Explorer, Chrome) and web
servers (e.g., Apache, Microsoft IIS). There are also numerous proprietary protocols
developed by vendors exclusively for their own commercial products (e.g., the
protocol embedded in Skype or Yahoo Messenger). Important standard protocols are
introduced throughout the book.
1.3 Modes of Communication
This section explains methods utilized by network nodes to distribute data and the
directionality of data exchanges.
1.3.1 Methods of Data Distribution
The methods of data distribution between network nodes are primarily unicasting,
broadcasting, and multicasting (see Figure 1.8).
1.3.1.1 Unicasting
In unicasting, data exchange takes place between a single source and a single
destination node identified by their unique addresses. The destination may be located
within the same network of the source or separated from the source across multiple
networks. It was explained that the co-location of the source and the destination within
a subnetwork takes intra-networking for data delivery. When the source and the
destination are in different subnetworks, data delivery requires inter-networking (for
more details, see Section 1.6). Normally, the majority of messages produced by a user
application are exchanged in this mode.
Figure 1.8 Multicasting, broadcasting, and unicasting.
1.3.1.2 Broadcasting
Broadcasting results in the flooding of data from one node to all the other nodes within
a network. In fact, we have been enjoying the broadcasting service daily by tuning into
radio or TV channels. From satellites or earth stations, radio and TV companies
broadcast signals that carry various contents (e.g., music, drama, reality shows). Such
broadcasting is also widely used by computer networks for various reasons. A
prevalent example is WiFi.
1.3.1.3 Multicasting
Multicasting from a data source results in its concurrent delivery to a selected group of
destinations. We have been using multicasting services extensively. For example,
numerous online sites provide multimedia streaming for live news, music, TV
programs, movies, online gaming, and SNS videos over the Internet. These services
rely on a multicasting protocol so that a server can stream multimedia contents to
requesting clients concurrently. With the growing popularity of such on-demand
multimedia services, usage of multicasting will only grow.
Although the demonstration in Figure 1.8 is only between hosts, intermediary nodes
including switches and routers also take advantage of them to advertise supervisory
information or to exchange information necessary to perform scheduled and
unscheduled network control functions.
1.3.2 Directionality in Data Exchange
Data flows between two network nodes can be one of the three types in directionality:
simplex, half-duplex, and full-duplex (see Figure 1.9).
1.3.2.1 Simplex
In simplex transmission, data flow is in only one direction. Radio and TV broadcasting
services are good examples. This mode of communications also exists between
computers and their input devices (e.g., keyboard, mouse). The simplex transmission,
however, is not a prevalent mode in the computer network.
1.3.2.2 Duplex
In the duplex mode, data flows both ways between two network nodes, and thus each
node has the capability of sending and receiving data. Duplex transmissions are either
half-duplex or full-duplex.
Figure 1.9 (a) Simplex, (b) half-duplex, and (c) full-duplex transmissions.
Half-duplex: In this mode, only one party is allowed to transmit data at a time, and
the other party should wait until its turn. For a good analogy, imagine the two-way
traffic flow on a single-lane railway. Another well-known example is the walkietalkie, a portable radio device that communicators take turns for speaking.
Although used in the early generation of computer networking (e.g., hubs), it has
been largely replaced by more effective full-duplex communications these days.
Full-duplex: In full-duplex mode, data flows in both directions simultaneously
between two network nodes. For this, there are generally two separate channels
established for a link (or circuit): one channel for each direction. It is like having
double lanes for two-way traffic. The traditional telephone system has been using
full duplex, so that two communicators on a circuit can talk and listen
simultaneously. Most computer networks take advantage of the full-duplex
technology these days.
1.4 Network Topology
Network topology is defined as the physical layout of a network, a design approach
utilized to interconnect network nodes (i.e., intermediary devices and hosts). The
logical layout concept also exists, but here we focus more on the physical arrangement
of network nodes and links. The physical layout of a network can be understood in
terms of relationships between intermediary devices and hosts, between hosts, or
between intermediary devices.
Many different topologies including bus, star, ring, mesh, tree (or hierarchy), and
hybrid (e.g., bus–star) have been in use to arrange network nodes. Each topology has
its own strengths and weaknesses, and the design process of an enterprise network
should factor in various elements unique to its organizational circumstance. These
include characteristics of locations (e.g., number of locations, degree of their
distribution), users (e.g., number of users), hosts (e.g., type and number of on-site
hosts), applications (e.g., importance of reliability in message delivery), and security
conditions.
1.4.1 Point-to-Point Topology
As the simplest topology, point-to-point establishes a direct connection between two
nodes. There may be only two end nodes directly linked or more than two nodes
between two end nodes making it an extended point-to-point connection (see Figure
1.10). A point-to-point link can have permanent and dedicated capacity as in the case
of the phone line between a house and a telephone company. Or, it can be dynamically
constructed and dismantled as needed. This dynamic formation occurs more often in
the form of extended point-to-point topology. For example, a long-distance or an
international call between two remote locations requires dynamic circuit formation
through multiple telephone switches.
Figure 1.10 (a) Point-to-point and (b) extended point-to-point topologies.
1.4.2 Bus Topology
In the bus topology, end stations are directly connected to a half-duplex common line,
with a terminator device at each end of the line absorbing data remaining in the
network (see Figure 1.11). Communications between any two stations, therefore,
should be made via the backbone medium. Using the common-line approach
practically results in broadcasting of data in which transmissions from a station reach
all the other stations on the network, although there is only one intended receiver. This
topology therefore allows only a single station to release data at a time to avoid
transmission collisions.
Figure 1.11 Bus topology (LAN example).
Because of its structural simplicity, the bus topology works well for small networks.
However, it is subject to traffic congestions when a network grows with more stations
attached. The early generation of Ethernet LAN was running on bus, but its usage has
mostly disappeared these days due to inherent limitations including unnecessary data
broadcasting and difficulties in cabling (e.g., installing a main line inside the ceiling).
Figure 1.12 Ring topology: (a) LAN and (b) WAN.
1.4.3 Ring Topology
In the ring topology, nodes are attached to a backbone ring that may be a copper wire
or an optical fiber. Depending on the technology standard, a network can have a
single-ring or a dual-ring architecture that affords redundancy and thus higher
survivability from link failures (see Figure 1.12). The ring network has technological
advantages in handling high-volume traffic in a reliable manner. This topology is also
adequate in constructing long-haul networks.
Despite the technological advancement and availability of ring-based standards for
LANs such as token ring and fiber distributed data interface (FDDI), their acceptance
has been dwarfed by more cost-effective Ethernet that runs on star (or extended star)
topology. Ring topology, however, remains a popular choice in creating a high-speed
WAN backbone with fiber optics (for more details, see Chapter 9).
1.4.4 Star (Hub-and-Spoke) Topology
In the star topology, host stations are connected to a central intermediary device (see
Figure 1.13). The topology has several advantages. Above all, the topology makes it
easy to add and remove a host station from a network and also to locate node or cable
problems. It is also relatively simple to add more stations to a network. Ethernet LANs
mostly run on this topology these days. With Ethernet being a dominant wired LAN
standard, there are many equipment options (e.g., cabling, ports, connection speeds)
with competitive pricing. As a disadvantage, the intermediary device becomes a single
point of failure that can bring down a network.
Figure 1.13 Star (hub-and-spoke) topology: (a) LAN and (b) WAN.
An enterprise can also adopt a star to interconnect distributed LANs with WAN
connections. In this case, the network node placed at the hub location (e.g., main
office) mediates traffic between any other locations. Observe that the WAN topology
is determined by the relationship among intermediary devices, such as, routers rather
than those between hosts and an intermediary device.
1.4.5 Mesh Topology
Figure 1.14 (a) Full mesh and (b) partial mesh topology (WAN examples).
The mesh topology is an arrangement in which all possible connections between
network nodes are directly linked (see Figure 1.14). This makes a mesh network very
reliable through extra redundancies in which one inoperable node does not drag down
the entire network. The mesh network can be a sound option when the number of
nodes is relatively small. For example, for three network nodes, only three connections
are required, but if there are four nodes, it will take six direct links.
As more devices or locations are attached to a network, the number of direct
connections increases exponentially, making full mesh less practical in terms of
operational costs. The partial-mesh topology uses less links (thus less cost burden)
than full-mesh topology but more links than star (hub-and-spoke), making a network
less vulnerable to link failures with the redundancy.
1.4.6 Tree (or Hierarchical) Topology
In the tree topology, nodes are joined in a hierarchical fashion in which the one on top
becomes a root node (see Figure 1.15). There are two or more levels in the hierarchy
with the number of nodes increasing at the lower level, making the overall structure
like a Christmas tree. The tree structure is highly effective when many nodes (or
locations) have to be interconnected using reduced direct links. This topology has been
a popular choice among telephone service providers in constructing a backbone
network to cover a large geographical area.
Figure 1.15 Tree/hierarchical topology: (a) LAN and (b) WAN.
The tree approach is also frequently used for an enterprise network in which a large
number of end stations are interconnected through a hierarchy of intermediary devices.
For example, the LAN of a building may be star-based on each floor. Then, the
multiple star networks from different floors can be linked to higher-speed devices to
form a bigger LAN that covers the entire building. This topology shares strengths
inherent to the star network such as ease of network management and expansion.
When a network has a tree structure, intermediary devices (e.g., switches) located at
the higher level generally handle more traffic and thus should be more powerful (e.g.,
faster forwarding rate) than those at the lower level.
When it comes to actual implementations, many corporate networks adopt a hybrid
solution that combines more than one topology. Taking a simple example, each direct
link between two nodes in star, mesh, or tree topology becomes an instance of the
point-to-point connection.
1.5 Classification of Networks
In terms of coverage scope, computer networks are generally classified into four
different types: personal area networks (PANs), LANs, metropolitan area networks
(MANs), and WANs. Each type has widely accepted standard technologies.
1.5.1 Personal Area Network
The PAN represents a small network whose coverage is typically a few meters or less.
It has been popularized by the introduction of such wireless standards as Bluetooth,
WiFi Direct, Zigbee, and more recently near-field communication (NFC). For instance,
NFC represents a set of short-range—generally up to 2 in. (or 4 cm)—networking
technologies for small data sharing. NFC-enabled portable devices read tags or do
credit card transactions through such tap-and-pay systems as Apple Pay and Google
Wallet.
As another popular standard of the short-range PAN, Bluetooth builds a network
organized around an individual and thus allows devices located in close proximity
(e.g., generally up to 10 m) to exchange data without hard wiring. Figure 1.16
illustrates the usage of Bluetooth to interconnect computing and electronic devices in a
wireless setting.
1.5.2 Local Area Network
The LAN, in general, covers a relatively confined area to interconnect hosts located
within the physical boundary of an organization or a company, making it larger than
the personal area network in coverage. Size of the LAN varies considerably as it is
determined by the size of an organization. For example, if a company occupies only a
single floor of a building, the firm’s LAN is limited to that floor. If an organization
uses all floors of a building, its LAN covers the entire building.
Figure 1.16 Bluetooth-enabled personal area networks.
A bigger network that interconnects multiple buildings within a university or a
corporate campus is also a LAN. The oversized LAN is generally termed as a campus
LAN or a campus area network. The campus LAN’s extended scale makes its design
and operations more challenging than smaller LANs. To create a campus LAN,
smaller networks (e.g., one in a building) are joined by high-speed intermediary
devices (e.g., core routers or switches) in a hierarchical structure of multiple layers
(see the tree topology in Figure 1.15).
As a simple example, imagine a relatively small-scale campus LAN of two
buildings, each with a fast core switch and two workgroup switches that attach
computers to the LAN (see Figure 1.17). The actual campus LAN can be significantly
more complex than the example. Details of LAN technologies are covered in Chapters
7 and 8 focusing on the dominant Ethernet and WiFi standards. As said, there is no
one-size-fits-all definition of the LAN especially in its size, and therefore, readers
should interpret the term in its usage context. Lastly, as a LAN is installed within an
organization’s boundary, the organization fully controls it, making any changes (e.g.,
updates, maintenance) as needed.
Figure 1.17 An illustration of campus LAN.
1.5.3 Metropolitan Area Network
The MAN is generally designed to cover a good-sized city, being considerably larger
in its geographical span than the LAN. The MAN is used to interconnect LANs
through land-based or wireless standards within a metropolitan area. In general,
common carriers (or telecom carriers) such as telephone service providers (telcos) and
Internet service providers (ISPs) have the ownership of the MAN infrastructure, and
corporate clients subscribe to the MAN service to access the Internet and other WANs.
Figure 1.18 An illustration of MAN.
Figure 1.18 demonstrates a hypothetical MAN of a common carrier around the
Boston metropolitan area, with high-speed cabling (e.g., 10 Gb/s) and fast intermediary
devices. It shows that through the MAN, the three client-site LANs are interconnected
and also send data to the Internet and to the carrier’s WAN platform.
In the past, WAN standards (e.g., Frame Relay) were technology choices for the
MAN infrastructure. However, because of the popularity of Ethernet as a LAN
standard, the Ethernet-based technology called Metro-Ethernet has become a preferred
choice for the MAN platform. Besides, WiMax (or WirelessMAN) has been
introduced as a broadband standard for wireless MAN service.
1.5.4 Wide Area Network
The WAN is designed to cover a state, a nation, or an international territory (see
Figure 1.19). It interlinks LANs including campus networks, MANs, and even smaller
WANs. To tie its geographically distributed LANs, a client organization (e.g.,
university, company) creates its own private WAN connections by subscribing to the
WAN service available from telecom carriers (e.g., China Telecom, Verizon,
Vodafone). These companies install and maintain their private WAN infrastructure to
commercially offer WAN services to individual and organizational clients.
Figure 1.19 WAN links and an enterprise network.
Separate from the carrier-owned private WAN infrastructure, the Internet has
become an extremely popular platform for WAN connections as well. The Internet
itself is the largest global network that no single company or nation has an exclusive
ownership on. For example, a telecom carrier has its own Internet infrastructure, but it
makes up just a small fraction of the global Internet backbone. With its ubiquity
(covers the entire planet), flexibility (connect any time and any place), and cost
advantage (substantially cheaper than the private WAN service), the Internet has
become an extremely popular option for WAN connections these days.
The enterprise network spans an organization to facilitate communications among
employees, departments, workgroups, and other entities. An organization’s units may
be housed in one building or several buildings at a location, distributed in multiple
locations throughout a region, or dispersed nationally or globally. Reflecting the
structural diversity of organizations, an enterprise network can be of any combination
of one or more PANs, LANs, and MAN/WAN connections (see Figure 1.19). Chapter
9 explains popular WAN services available from telecom carriers, and Chapter 10
covers the architectural details of the Internet, another extremely popular WAN
platform these days.
1.5.5 Rise of Internet of Things
Because of the prevalence of PANs, LANs, MANs, and WANs, a new paradigm called
Internet of things (IoT) is unfolding. IoT is not a type of network/networking
technology, but it represents a new development (or paradigm) in which numerous
devices (e.g., cars, appliances, gadgets, electronics, mobile devices, security
monitoring devices, health devices) automatically detect each other and communicate
seamlessly to perform a host of tasks over wired/wireless networks and the Internet.
Surely, the various network types explained earlier are keys that will bring IoT to
reality, although its full-swing may be years away.
The following scenario demonstrates how the emerging IoT paradigm is going to
fundamentally transform the society through transparent and automated connectivity
among numerous computing and non-computing devices.
Exercise 1.3
Year 2025 in San Diego: Laura is a marketing manager of a large business insurance
firm. Her daily schedule is loaded with both personal routines and job-related
activities. Today, she has to wake up at 6 am. There is an early morning meeting at
downtown, and also a business flight to Los Angeles is scheduled at 12 pm. While
her car self-drives to the downtown location, it warns that the brake pads are
wearing thin and the tire pressure is low. Her car transmits the information to her
maintenance shop for a biannual assessment and report. At one point, her car
cautions that the shortest path originally suggested has a sudden traffic jam caused
by an accident and chooses an alternative path. It also senses weather conditions,
adjusts internal temperature and humidity, activates the sun blind, and controls
influx of polluted air.
After the brief meeting at downtown, she is on the road again for a short trip to
Los Angeles to meet a key business partner. The electronic ticket purchased days
ago is in her Apple watch. When she enters the Lindberg airport, the watch initiates
communications with the airport’s customer support system by sending the ticket
information. It suggests the nearest entrance gate as well as a close parking lot for
the flight. At the boarding gate, she taps her watch to the kiosk for boarding.
While flying, she checks the delivery status of the Xbox game she ordered 2 days
ago. Her son has been asking for it for his birthday gift. Tracking the postal office
database indicates that the game has been delivered to her office. Using her watch,
she also checks her son’s current location and health conditions. Although he is with
a caring nanny, Laura worries about her son who suffers from asthma. He wears a
wrist device for remote diagnosis and monitoring by her family doctor. On arriving
in Los Angeles, she is directed by her watch to pick a reserved rental car equipped
with a smart chip that records usage time, location, travel distance, and other
information for automated billing to the corporate account. After a short meeting
with her boss to report the outcome of the Los Angeles trip, she heads back home
with her son’s Xbox game.
It has been a long day for Laura. On the way home, she drops by a nearby grocery
store. When she grabs a shopping cart, its attached display greets her recognizing
her membership and shows special discount items of the day. She also picks up an
advertisement paper that has a full list of products in promotion. By placing her
watch close to a particular product code, more details are displayed. Prior to
shopping, she connects her home network to check the availability of food items and
their condition. Using the check, the watch automatically develops a recommended
shopping list. As the watch knows Laura’s precise location in the store, it plots ideal
routing through the store, saving her precious time in searching for shopping items.
With her busy schedule, she realizes that she might have to sign up for the grocery
store’s auto-replenishment service that links her home network to the store’s
tracking system.
When Laura arrives home, information and data stored in her watch and the
notebook computer are auto-synchronized with the home network’s central server.
Laura’s health information (e.g., pulse rates) gathered by the watch’s smart sensors
is also synchronized with the home server’s health assistant. Tonight, the health
assistant analyzes gathered data and recommends her to see a doctor after spotting
abnormality in her pulsation for the past 3 days. With Laura’s nodding, the health
assistant makes an appointment with her family doctor’s reservation system and
transmits health data for the doctor’s review. When she replenishes groceries in the
refrigerator, product information including their expirations is passed on to the
central server. It is already 10 o’clock. Before going to bed, she reads arrived
messages including automatic diagnosis of her son’s condition and an electronic
report from the auto maintenance shop.
Class Discussion
1. Discuss where and how PAN, LAN, MAN, and WAN technologies are used to
realize IoT.
2. In the scenario, can you identify new business opportunities (called business
models) that do not exist today? What about existing business models that may
become less relevant or even obsolete in the future because of technology
advancement?
1.6 Subnetwork versus Inter-network
Building on the explanation of intermediary devices in Section 1.2.2, the relationship
among network, subnetwork (or subnet), and inter-network (or internet) is further
clarified. The network is a loosely defined term whose scope covers a variety of
settings (e.g., personal surrounding, house, university campus, country). Section 1.5
classified it in terms of PAN, LAN, MAN, and WAN. Depending on how it is
designed, a network can be a subnetwork or an inter-network (i as a lowercase letter)
with multiple subnetworks joined by one or more routers. Remember that the internetwork is a generic term and thus differs from the Internet (I as an uppercase letter),
the largest network on the planet (the architectural details of which are explained in
Chapter 10).
Figure 1.20 is a simple demonstration of a LAN in which two subnetworks are tied
by a router to become an inter-network. When two computers exchange data across the
two subnetworks, the data-forwarding process (or activity) is called “internetworking.” As related, the difference between intra-networking and inter-networking
was explained in Figure 1.4 in which a subnetwork contains several intermediary
devices (e.g., switches, wireless access points) for intra-networking. In summary,
Figure 1.20 is a scenario in which the network is a LAN that is also an inter-network
with two subnetworks.
Figure 1.20 Scenario 1: A company’s network.
Figure 1.21 Scenario 2: A company’s network.
Figure 1.21 is another scenario of a company network composed of two remotely
located office LANs joined by a WAN link. In that setup, each LAN is a subnetwork
because delivering messages within the LAN boundary does not need router’s help.
This differs from Figure 1.20 in which one LAN consists of two subnetworks.
Additionally, the WAN connection is considered a subnetwork, although it may be
3000 miles long! As a result, the company’s enterprise network becomes an internetwork with three subnetworks. These two simple scenarios highlight fluid
relationships among the boundaries of the LAN/WAN, subnetwork, and inter-network.
Exercise 1.4
1. Refer to Figure 1.6 and answer the following questions:
a. How many subnetworks are there in each LAN?
b. If PC1 in LAN1 sends a file to a printer in LAN1, is this internetworking?
c. If PC1 in LAN1 sends a request message to a server in LAN3, is this
inter-networking?
d. If PC1 in LAN1 connects to an IP Phone in LAN1, is this internetworking?
e. If PC2 and a server in LAN3 exchange messages, is this inter-networking?
2. Figure 1.22 is a small corporate network installed in a building. It has three
switches connected to the border router with built-in firewall capability to
prevent intrusions from the Internet. Disregarding the connection between the
firewall router and the Internet:
a. How many LANs are there?
b. How many subnetworks are there?
c. If PC1 sends a message to the email server, is this inter-networking?
Figure 1.22 A hypothetical corporate network.
d. If PC1 sends a message to the file server, is this inter-networking?
e. What is the intermediary device used for intra-networking?
1.7 Measures of Network Performance
Network performance to effectively propagate host-produced data is a critical issue,
and much consideration should be given to optimize it during the stages of network
planning, design, implementation, maintenance, and upgrade. There is no shortage of
stories that underscore the importance of adequate network performance, especially as
networks move more real-time (e.g., voice calls, video streaming, online gaming) and
mission-critical (e.g., financial transactions, electronic commerce) data these days.
Many of the applications demand a certain degree of “guaranteed” performance
regardless of circumstances (e.g., traffic congestion). A number of measures are being
used to reflect such network performance from different angles, and those of capacity
(or speed), delay (or latency), and reliability are among the most important ones.
1.7.1 Capacity
Table 1.1 Metrics of Storage versus Network Capacity
Storage/Memory Capacity
KB (Kilobyte) = 1000 bytes
Network Capacity in Data Rate
Kbps (kilobits/s) = 1000 bits/s
MB (Megabyte) = 1 million bytes
Mbps (Megabits/s) = 1 million bits/s
GB (Gigabyte) = 1 billion bytes
Gbps (Gigabits/s) = 1 billion bits/s
TB (Terabyte) = 1 trillion bytes
Tbps (Terabits/s) = 1 trillion bits/s
PB (Petabyte) = 1 quadrillion bytes Pbps (Petabits/s) = 1 quadrillion bits/s
Network capacity (or speed) is gauged by the metrics of data rate. Data rate is about
how fast data flow in one direction from point A to point B (not the combined speed of
both directions). Not to confuse between byte and bit metrics (1 byte is generally 8
bits) in which byte metrics are primarily for data storage or memory capacity, not
network capacity. Table 1.1 summarizes metrics of data storage/memory capacity and
network capacity as increasing factors of bits per second (bps).
Table 1.2 Data Rates for Audio and Video Contents
Type of Content
Audio (MP3 encoding)
Quality Level
Data Rate
Telephone sound quality 8 Kbps
AM sound quality
32 Kbps
FM sound quality
96 Kbps
CD sound quality
224–320 Kbps
Video (MPEC2 encoding) DVD quality
HDTV quality
5 Mbps
15 Mbps
1.7.1.1 Data Types and Data Rate
Depending on the type of data to be propagated, required data rate differs considerably
in which plain texts take up the smallest capacity followed by audio and video. Much
of the network traffic these days is in the multimedia format that combines text, sound,
image, and video. To put things in perspective, Table 1.2 summarizes data rate
necessary to transport audio and video data at different quality levels. MP3 and
MPEC2 are popular compression standards used to encode audio and video data.
Exercise 1.5
Refer to Table 1.2. The data rate (in each direction) necessary for a digitized
telephone call is 8 Kbps. This means that a two-way full-duplex call between two
parties takes 16 Kbps. How many calls can be made concurrently with the data rate
necessary to transport just one HDTV channel?
Channel Capacity and Throughput: A network’s transmission capacity can be
measured in terms of both Channel Capacity and Throughput.
Channel Capacity: It is the maximum theoretical data rate of a link and is
oftentimes referred to as bandwidth or rated speed. Strictly speaking, channel
capacity in data rate is a digital concept, and bandwidth is an analog concept
(more accurate technical definition of bandwidth is explained in Chapter 4).
However, they are directly correlated—the bigger the bandwidth of a link, the
bigger the channel capacity; thus, practitioners use them interchangeably.
Throughput: It refers to actual data rate of a link. As a more realistic speed of a
network link, it is usually slower than channel capacity due to a number of
technical and circumstantial reasons including the effect of link distance,
transmission interferences, and internal/external noises. For instance, popular
WiFi standards such as 802.11n and 802.11ac can transmit at several hundred
Mbps (see Chapter 8). However, its actual throughput gets substantially lower as
the distance between two communicating nodes is increased.
1.7.2 Delay
Delay (or latency) represents the amount of time a network link takes to deliver data
between any two nodes and is usually in milliseconds (or 1000th of a second). Delay
can be measured in both one-way trip and round trip (e.g., a request and response
cycle) between two points. For example, as shown in Figure 2.13 in Chapter 2, the
ping utility program that tests if a particular target node is reachable gauges latency
based on a round trip. In the figure, the ping request was issued four times by the
source host, and all of them were replied by the target host (209.131.36.158) with a
round-trip latency of 26–29 ms.
When computers exchange data, there are various delay sources. Imagine a
hypothetical situation in which a person downloads the main page of
www.facebook.com. She/he will certainly experience delay until the web page is
displayed on the browser. Among the sources of delay are
Propagation delay: It takes time for the signal carrying the web page to travel
between two remotely located hosts.
Delay at hosts: The source host should internally process the user request before
releasing it to the Internet. This includes conversion of the request into a packet
(to be explained in Chapter 2) and then to an electronic signal (to be explained in
Chapter 4) for propagation. When the request arrives at the destination host (i.e.,
www.facebook.com server), it also performs similar internal processing to
ultimately produce a response packet and convert it to a signal for delivery.
Delay at intermediary devices: An intermediary device (e.g., router, switch)
mediates data transmissions between hosts, and the message forwarding requires
its own internal processing including the lookup of a reference table (e.g., routing
table, switch table) and subsequent forwarding path decision. Also, when
messages arrive at a port continuously, they are temporarily placed in a queue
before processing, inevitably resulting in queuing delay.
Delay is especially a sensitive issue when a network is used by time-sensitive
applications. In fact, because of the ever-growing popularity of real-time or near-realtime multimedia applications such as video-on-demand, videoconferencing, and online
gaming, more messages need to be propagated with little delay and oftentimes with
guaranteed performance.
1.7.3 Reliability
This performance dimension is about a network’s capacity to convey data in a stable
manner. The reliability of data delivery is mildly or severely affected (1) when there
are corrupted or lost data in the middle of their transmissions and (2) when a network
experiences interruptions (e.g., node failures, link failures).
Corrupted or lost data: Data corruption or loss takes place in different
magnitudes. It can be as small as a bit change (e.g., from 0 to 1) or as big as the
moderation or loss of entire bit streams. There are a number of sources that
trigger the reliability problem. Among them are network node crash caused by
certain forces; physical damage or cut of cabling; overflow of a network node’s
buffer space; power interruption or surge; and internal and external noises
triggered by such factors as signal interference due to lightning, industrial noise,
and cross talk.
Network unavailability: A network becomes unavailable when there is a node or
link failure. Just as a computer crashes, an intermediary device can fail for several
reasons including overloading, a system bug in its built-in software, power
interruption, succumbing to a malicious attack (e.g., denial-of-service attack), and
operational mismanagement. Also, the network link can be a source of trouble
when it is accidentally damaged or when cabling between a node and a link is
unstable. When a network itself becomes unavailable either entirely or partially
due to the node or link fault, this limits network accessibility.
1.7.4 Quality of Service
A concept closely associated with the dimensions of network performance is quality of
service (QoS). QoS represents the capability of a network in guaranteeing
performance in terms of link capacity, latency, and reliability. It is particularly
germane to the carrier’s WAN (including the Internet) service offered to business
clients (e.g., e-commerce stores). In early days, QoS was not such a critical issue for
WAN connections as network applications were not that sophisticated and mission
critical. However, as more computer programs perform business functions vital to
organizations over the network, the ability of WAN to guarantee network performance
has become an essential requirement.
For example, Amazon.com and eBay.com entirely rely on the Internet for business
transactions, and even a few minutes of service disruption means millions of dollars in
lost revenue. When a carrier offers QoS to a client organization, its network should be
able to provide the client with the level of “promised” performance regardless of
circumstances (e.g., traffic congestion).
Of course, the QoS-guaranteed network service is costlier than the non-QoS service
to client organizations. A carrier can use such techniques as data prioritization and
dedication of link capacity to enhance service quality. Businesses, however, may not
need such QoS provision if their WAN links are used mainly for general applications
(e.g., emails, web surfing).
1.8 Numbering Systems
In this section, three different numbering systems (i.e., binary, decimal, and
hexadecimal) used to represent numeric values in networking are reviewed. Although
they are used altogether, there is a preference of one system over the others depending
on the usage context. As we are already aware of, network nodes process various data
types (e.g., texts, images, videos) in binary of 0s and 1s.
Table 1.3 Numbering Systems
Numbering
System
Number
of
Digits
Digits in Base
Binary
2
0 and 1
Decimal
10
0 through 9
Hexadecimal 16
0 through 9, A, B, C, D, E, and F (in which A = 10, B
= 11, C = 12, D = 13, E = 14, F = 15)
Note: Hexadecimal values are indicated by either 0x prefix or h suffix. For example,
0x3256 means that 3256 is hexadecimal.
Data in binary, however, are hard for human beings to comprehend, and thus both
decimal (with 10-base) and hexadecimal (with 16-base) numbering systems are also
utilized for better readability. With 16 base, hexadecimal is more efficient than
decimal in expressing binary combinations. As such, translation between binary and
decimal and that between binary and hexadecimal become the fundamental knowledge
in studying computer networking, especially network addressing. Table 1.3
summarizes three numbering systems and their base digits.
1.8.1 Binary versus Decimal
The translation between binary and decimal is explained based on the unit of 8 bits as
it becomes the building block of 32-bit IP addresses. For example, an IP address of
123.45.56.89 is equivalent to 01111011. 00101101. 00111000. 01011001. The binary–
decimal conversion is demonstrated using an example of 8-bit binary (01011010) and
its equivalent decimal (90) values.
1. Binary (01011010) to decimal (90) conversion
a. First, determine the decimal position value of each binary bit using the
power-of-two computation.
b. Once decimal position values are in place, add up the decimal values of
nonzero binary positions. In the example, the summation of 64, 16, 8, and 2
becomes 90.
Initial binary combination (8 bits)
0
1
Power of two
27
26 25 24
Decimal position values
128 64 32 16
Add decimal values of nonzero binary
positions
0
1
64
1
0 1
0
23 22 21 20
8
4 2
+16 +8
+2
1
=
90
2. Decimal (90) to binary (01011010) conversion
Decimal Position Values
128 64
32 16
a. Find the largest decimal position value
128 [64] 32 16
that is ≤90
b. Obtain the remainder value
1
4 2
1
32 [16] 8
4 2
1
Difference between 26 and 16 =
10
e. Find the largest decimal position value
that is less than or equal to the remainder 128 64
value 10
f. Obtain the remainder value
8
4 2
Difference between 90 and 64 =
26
c. Find the largest decimal position value
that is less than or equal to the remainder 128 64
value 26
d. Obtain the remainder value
8
32 16
[8] 4 2
1
Difference between 10 and 8 = 2
g. Find the largest decimal position value
that is less than or equal to the remainder 128 64
value 2
32 16
8
4 [2] 1
h. Obtain the remainder value. As the
Difference between 2 and 2 = 0
remainder becomes 0, stop here.
i. Binary numbers corresponding to the
parenthesis values above are 1s and the 0
others are 0s.
1
0
1
1
0 1
0
Notes: 01011010 (8 bits) is identical to 1011010 (7 bits). The demonstration is
based on the 8-bit combination.
Exercise 1.6
1. Convert decimal values 38, 110, 192, and 255 to their 8-bit binary counterparts.
2. Translate the following 8-bit binary blocks to their corresponding decimal
values.
01100001 11110110 11100011 10100010
1.8.2 Binary versus Hexadecimal
In computer networking, hexadecimal digits are used to represent MAC (or physical)
addresses (see Section 1.2.1). Each MAC address is 48 bits (see Section 1.9.2), and
they are converted to 12 hexadecimal digits (thus, each hex digit is equivalent to 4
bits). The following demonstration focuses on the conversion between a hexadecimal
digit and its equivalent 4 binary bits.
The conversion takes nothing but the translation between a hexadecimal’s decimal
value and its corresponding 4 bits. For example, the hexadecimal digit “A” is
equivalent to decimal “10,” which in turn translates into 1010 in binary using the same
conversion method in Section 1.8.1. The conversion is summarized as follows:
Hexadecimal
Decimal
Binary
A
→ 10
→ 1010
A
← 10
← 1010
To translate a binary bit “stream” into its corresponding hexadecimal values, the bit
stream should be divided into 4-bit blocks first. Then, convert each 4-bit unit into its
corresponding decimal value and subsequently find its hexadecimal equivalence.
Recall that A = 10, B = 11, C = 12, D = 13, E = 14, and F = 15. As an example, for the
binary bit stream of 10010110100010101101,
1. Creation
of
4-bit
blocks:
10010110100010101101
becomes
1001.0110.1000.1010.1101.
2. Conversion of each block into a decimal value: 1001.0110.1000.1010.1101
becomes 9.6.8.10.13.
3. Conversion of each decimal value into a hexadecimal equivalence: 9.6.8.10.13
becomes 0x968AD.
Exercise 1.7
1. Convert 0x17AB to its binary counterpart.
2. Convert the following hex digits to binary bits with each hex digit representing
4 binary bits.
0xABCDEF 0x34A57 0x12DF01 0x78ADC
3. Convert the binary stream “10110110100011100001” to hex with each hex
digit representing 4 binary bits.
4. If the physical address of a computer’s network card (NIC) is
001001100111100010101011010111000100100010001101, What is its
corresponding hexadecimal address?
1.9 Network Addressing
Just as postal addresses are necessary to deliver snail mails, network nodes transport
data relying on standardized address information. So, allocation of addresses to hosts
and intermediary devices, their configuration, and management are activities
fundamental to adequate operations of a computer network. In this section, network
addresses currently in use are characterized in terms of permanency, accessibility, and
privacy dimensions.
1.9.1 Characterizing Network Addressing
Permanency (temporary vs. permanent)
Network addresses can be either temporary (or dynamic) or permanent (or static).
The temporary address is dynamically assigned to a station, and it can be
reclaimed and reassigned to another station, if unused for a certain period of time
(e.g., 24 h). Such temporary address is typically allocated to a user device (as a
related concept, refer to the DHCP standard in Chapters 2 and 10). The permanent
address, meanwhile, is either printed on a node’s network card (e.g., MAC
address) by the device manufacturer or manually set up (e.g., IP address) on a
computer system. In general, server computers and intermediary devices are
given one or more permanent IP addresses.
Accessibility (local vs. global)
Addresses can be either locally or globally recognized. Locally recognized
addresses are only used within a subnetwork to move data for intra-networking.
The MAC address printed on a host’s network card (NIC) is an example. In
contrast, globally recognized addresses are used to transport data beyond the
subnetwork boundary, thus for inter-networking and global reach. The IP address
belongs to this type.
Privacy (public vs. private)
IP addresses are divided into public and private addresses. Packets containing
public addresses can be forwarded to the destination host over the Internet. In
contrast, the private address, as the term implies, is used only within an
organization or a home network. In other words, the packet with a private address
is deliverable to a destination node located within the same organizational or
home network boundary, but not outside. The usage of private addresses offers
heightened security as internal nodes are invisible from outside. Many
organizations rely on private IP addresses to protect their internal networks and
also to be flexible in address allocation to internal hosts and intermediary devices
(more details are given in Chapter 5).
The two different address schemes used concurrently for computer networking are
MAC and IP addresses.
1.9.2 MAC Address
The NIC of a computer has at least one MAC address assigned to it. The MAC address
is also known as a physical or hardware address because it is permanently printed on
an NIC and thus cannot be changed (although it can be spoofed or masked using
software). The NIC for Ethernet or WiFi as the two most dominant LAN standards
uses an MAC address of 48 bits, which is burned into the NIC’s read only memory
(ROM). When a node is started, its MAC address is copied into the NIC’s random
access memory (RAM) to enable the node’s networking function.
As stated, the 48-bit MAC address is presented to people as 12 hexadecimal digits,
each digit representing 4 binary bits. The MAC address in hex is generally written in
one of the three formats:
01-35-A7-BC-48-2D: (two hex digits separated by “-”)
01.35.A7.BC.48.2D: (two hex digits separated by “.”)
01A7BC.482D: (four hex digits separated by “.”)
Out of the 12 hexadecimal digits, the first 6 become an organizationally unique
identifier (OUI). The OUI indicates an NIC card’s manufacturer and is assigned by
Institute of Electrical and Electronics Engineers (IEEE), a leading standard-setting
organization responsible for LAN standards (e.g., Ethernet, WiFi). The remaining six
d…