5. Concept of Computer Network and Network Security System (ACtE05)

5.1 Introduction to Computer Networks and Physical Layer

Computer networks enable the sharing of resources and information among interconnected devices. Understanding their fundamental components and operational models is crucial for effective communication.

Networking Models

• Client-Server Model: In this model, a central server provides services or resources to multiple client devices. Clients request services (e.g., web pages, files), and the server processes these requests and sends back responses. Examples include web servers, email servers, and database servers. This model offers centralized control, easier management, and enhanced security but can be a single point of failure if the server goes down.
• Peer-to-Peer (P2P) Model: In a P2P network, each device (peer) can act as both a client and a server, sharing resources directly with other peers without a central server. Examples include file-sharing applications like BitTorrent. This model is often more resilient to failures and can be easier to set up for small networks but lacks centralized control and security features.

Protocols and Standards

Protocols are sets of rules that govern communication between devices, ensuring that data is transmitted and received correctly. Standards are agreed-upon specifications for protocols, ensuring interoperability between different vendors' equipment.

• RFC (Request for Comments): Documents published by the Internet Engineering Task Force (IETF) that describe Internet protocols, procedures, and technologies. They are the primary source of specifications for the Internet.
• ISO (International Organization for Standardization): A global federation that develops and publishes international standards across various industries, including networking (e.g., the OSI model).
• IEEE (Institute of Electrical and Electronics Engineers): A professional association that sets standards for electrical and electronics engineering, including many LAN technologies (e.g., IEEE 802.3 for Ethernet, IEEE 802.11 for Wi-Fi).

OSI Model (Open Systems Interconnection Model)

The OSI model is a conceptual framework that standardizes the functions of a communication system into seven abstract layers. Each layer performs specific functions and communicates with the layers directly above and below it.

1. Physical Layer (Layer 1):
   • Function: Transmits raw bit stream over the physical medium. Deals with electrical, mechanical, procedural, and functional specifications for activating, maintaining, and deactivating the physical link.
   • Protocols/Examples: Ethernet (physical aspects), USB, Bluetooth (physical aspects), RS-232, DSL.
2. Data Link Layer (Layer 2):
   • Function: Provides reliable data transfer across the physical link. Handles framing, physical addressing (MAC addresses), error control, and flow control.
   • Protocols/Examples: Ethernet (MAC/LLC), PPP, HDLC, Frame Relay.
3. Network Layer (Layer 3):
   • Function: Manages logical addressing (IP addresses), routing of packets from source to destination across different networks, and congestion control.
   • Protocols/Examples: IP (IPv4, IPv6), ICMP, ARP, RARP, OSPF, BGP.
4. Transport Layer (Layer 4):
   • Function: Provides end-to-end communication between processes on different hosts. Handles segmentation, reassembly, connection management, flow control, and error recovery.
   • Protocols/Examples: TCP (Transmission Control Protocol), UDP (User Datagram Protocol).
5. Session Layer (Layer 5):
   • Function: Establishes, manages, and terminates communication sessions between applications. Handles synchronization, dialog control, and token management.
   • Protocols/Examples: NetBIOS, RPC, Sockets.
6. Presentation Layer (Layer 6):
   • Function: Deals with data representation and encryption/decryption. Ensures data is in a format understandable by the application layer. Handles data compression, encryption, and translation.
   • Protocols/Examples: JPEG, MPEG, ASCII, EBCDIC, SSL/TLS (partially).
7. Application Layer (Layer 7):
   • Function: Provides network services directly to end-user applications. Interfaces with the operating system and user applications.
   • Protocols/Examples: HTTP, FTP, SMTP, DNS, SSH, Telnet.

TCP/IP Model

The TCP/IP model is a more practical and widely implemented networking model, consisting of four layers. It evolved from the ARPANET and is the foundation of the Internet.

1. Network Access Layer (Host-to-Network Layer):
   • Mapping to OSI: Combines OSI Physical and Data Link layers.
   • Function: Deals with the physical transmission of data across a specific network technology (e.g., Ethernet, Wi-Fi). Responsible for hardware addressing and putting data onto the network cable.
2. Internet Layer:
   • Mapping to OSI: Corresponds to OSI Network layer.
   • Function: Handles logical addressing (IP addresses) and routing of packets across different networks (internetworking).
   • Protocols: IP, ICMP, ARP, RARP.
3. Transport Layer:
   • Mapping to OSI: Corresponds to OSI Transport layer.
   • Function: Provides end-to-end communication between applications. Manages connection establishment, data segmentation, flow control, and error detection/correction.
   • Protocols: TCP, UDP.
4. Application Layer:
   • Mapping to OSI: Combines OSI Session, Presentation, and Application layers.
   • Function: Provides high-level protocols for direct application-to-application communication.
   • Protocols: HTTP, FTP, SMTP, DNS, SSH, Telnet.

Networking Devices

• Hubs: Operate at the Physical Layer (Layer 1). They are multi-port repeaters that broadcast incoming data to all connected devices. They create a single collision domain and a single broadcast domain, leading to inefficiencies and potential collisions.
• Bridges: Operate at the Data Link Layer (Layer 2). They connect two or more LAN segments and forward frames based on MAC addresses. Bridges reduce collision domains by segmenting the network but forward all broadcast traffic. They learn MAC addresses by inspecting incoming frames.
• Switches: Operate at the Data Link Layer (Layer 2). They are advanced multi-port bridges that create separate collision domains for each port. Switches learn MAC addresses and forward frames only to the destination port, significantly improving network efficiency. They still forward broadcast traffic.
• Routers: Operate at the Network Layer (Layer 3). They connect different networks (e.g., LANs to WANs) and forward packets based on IP addresses. Routers make routing decisions using routing tables and create separate broadcast domains, effectively segmenting networks.

Function Differences: Hubs broadcast, Bridges segment collision domains and forward based on MAC, Switches create individual collision domains and forward based on MAC, Routers connect different networks and forward based on IP, creating separate broadcast domains.

Transmission Media

Transmission media are the physical pathways over which data travels.

• Guided Media (Wired):
  • UTP (Unshielded Twisted Pair): Most common networking cable. Consists of pairs of copper wires twisted together to reduce electromagnetic interference (EMI). Affordable and easy to install. Categories (Cat5e, Cat6, Cat7) define performance.
  • STP (Shielded Twisted Pair): Similar to UTP but includes an additional metallic shield to further protect against EMI, offering better performance in noisy environments but at a higher cost and with more rigidity.
  • Fiber Optic Cable: Transmits data as pulses of light through thin strands of glass or plastic. Offers extremely high bandwidth, long transmission distances, and immunity to EMI. More expensive and difficult to install than copper.
• Unguided Media (Wireless):
  • WiFi (Wireless Fidelity): Uses radio waves to transmit data over short to medium distances. Governed by IEEE 802.11 standards. Common for local area wireless networking.
  • Satellite Communication: Uses microwave radio signals transmitted to and from Earth-orbiting satellites. Provides coverage over vast geographical areas, including remote locations, but can suffer from high latency.

5.2 Data Link Layer

The Data Link Layer (Layer 2) is responsible for reliable point-to-point or point-to-multipoint data transfer across a single network link. It encapsulates network layer packets into frames.

Services of the Data Link Layer

• Framing: Divides the stream of bits from the network layer into manageable units called frames. Each frame has a header (containing source/destination MAC addresses and control info) and a trailer (for error detection).
• Error Control: Detects and potentially corrects errors that occur during transmission over the physical medium. This ensures that data arrives at the destination without corruption.
• Flow Control: Manages the rate of data transmission between sender and receiver to prevent a fast sender from overwhelming a slow receiver.

Error Detection and Correction

• Error Detection:
  • Parity Check: Adds an extra bit (parity bit) to a block of data to make the total number of 1s either even (even parity) or odd (odd parity). Simple but can only detect an odd number of bit errors.
  • CRC (Cyclic Redundancy Check): Uses polynomial division to generate a fixed-length checksum (FCS) that is appended to the data. The receiver performs the same calculation; if the results match, the data is assumed to be error-free. Highly effective for detecting burst errors. CRC = Data_Block / Generator_Polynomial (modulo 2 division)
  • Checksum: Sums up the data units (often in 16-bit segments) and takes the one's complement of the sum. The receiver performs the same calculation and adds it to the received checksum; if the result is all 1s, there's no error. Used primarily in the Internet layer (IP) and Transport layer (TCP/UDP).
• Error Correction:
  • Hamming Code: A linear error-correcting code capable of detecting and correcting single-bit errors and detecting (but not correcting) double-bit errors. It adds redundant bits at specific positions within the data word. Number of parity bits (p) such that 2^p >= d + p + 1 where d = number of data bits.

Flow Control

• Stop-and-Wait: The sender transmits one frame and then waits for an acknowledgment (ACK) from the receiver before sending the next frame. Simple but inefficient, especially over high-latency links.
• Sliding Window Protocols: Allow the sender to transmit multiple frames before receiving an ACK, improving efficiency.
  • Go-Back-N (GBN): The sender maintains a window of unacknowledged frames. If an error occurs or a timeout expires, the sender retransmits all frames from the point of error onwards.
  • Selective Repeat (SR): The sender retransmits only the specific frames that are lost or corrupted. The receiver buffers out-of-order frames and delivers them to the network layer once all missing frames are received. More efficient than GBN but more complex to implement.

Data Link Protocols

• HDLC (High-Level Data Link Control): A bit-oriented protocol for point-to-point and multipoint links. It supports full-duplex communication and various frame types (information, supervisory, unnumbered).
• PPP (Point-to-Point Protocol): A widely used protocol for establishing a direct connection between two nodes. Commonly used for connecting home users to the Internet via DSL or dial-up. It supports authentication (PAP, CHAP) and network layer protocol multiplexing.

Multiple Access Protocols

These protocols resolve conflicts when multiple stations share a single broadcast channel.

• ALOHA:
  • Pure ALOHA: Stations transmit whenever they have data. Collisions occur if transmissions overlap. If a collision occurs, stations wait a random time and retransmit. Low utilization.
  • Slotted ALOHA: Time is divided into slots. Stations can only transmit at the beginning of a slot. Reduces collision probability but still has low utilization.
• CSMA (Carrier Sense Multiple Access): Stations "listen" to the channel before transmitting (carrier sensing).
  • 1-persistent CSMA: If the channel is idle, transmit. If busy, wait for it to become idle, then transmit with probability 1. High collision risk if multiple stations wait.
  • Non-persistent CSMA: If the channel is idle, transmit. If busy, wait a random time, then sense again. Reduces collisions but increases delay.
  • p-persistent CSMA: If the channel is idle, transmit with probability 'p'. With probability (1-p), defer to the next slot. If busy, wait. Used with slotted channels.
• CSMA/CD (Carrier Sense Multiple Access with Collision Detection): Used in wired Ethernet (IEEE 802.3). Stations sense the carrier. If a collision is detected during transmission, all stations stop transmitting, wait a random backoff time (using binary exponential backoff algorithm), and then retransmit. Backoff_Time = random(0, 2^k - 1) * Slot_Time where k = min(number_of_collisions, 10)
• CSMA/CA (Carrier Sense Multiple Access with Collision Avoidance): Used in wireless networks (IEEE 802.11). Due to the "hidden terminal" problem and difficulty of collision detection in wireless, stations try to avoid collisions. This often involves mechanisms like RTS/CTS (Request to Send/Clear to Send) and explicit interframe spacing.
• TDMA (Time Division Multiple Access): Divides the channel into time slots. Each station is allocated a specific time slot to transmit, preventing collisions. Efficient for fixed-rate traffic.
• FDMA (Frequency Division Multiple Access): Divides the available bandwidth into separate frequency bands. Each station is assigned a unique frequency band for transmission.
• CDMA (Code Division Multiple Access): Allows multiple users to share the same frequency band simultaneously. Each user is assigned a unique spreading code to encode their data, which is then decoded at the receiver using the same code.

LAN Addressing and ARP

• LAN Addressing (MAC Address): Every network interface card (NIC) has a unique 48-bit (6-byte) physical address called a MAC (Media Access Control) address. It is globally unique and burned into the NIC by the manufacturer. MAC addresses are used for addressing within a local network segment.
• ARP (Address Resolution Protocol): A protocol used to map an IP address (Network Layer) to a MAC address (Data Link Layer) within a local network. When a device needs to send data to an IP address on its local network but doesn't know the corresponding MAC address, it sends an ARP request broadcast. The device with the target IP address replies with its MAC address.

Ethernet, IEEE 802.3, 802.4, 802.5

• Ethernet (IEEE 802.3): The most prevalent LAN technology. It specifies the physical and data link layer standards for wired networks, primarily using CSMA/CD for medium access control. Different versions exist (e.g., Fast Ethernet, Gigabit Ethernet, 10 Gigabit Ethernet) supporting various speeds and transmission media.
• IEEE 802.4 (Token Bus): A standard for token-passing access on a bus topology. Primarily used in industrial automation, it allowed stations to transmit only when they held the "token." Less common today.
• IEEE 802.5 (Token Ring): A standard for token-passing access on a ring topology. Stations pass a token around the ring; only the station holding the token can transmit. Offers deterministic access but is more complex and less flexible than Ethernet. Largely obsolete.

Wireless LANs (802.11, WiFi standards)

IEEE 802.11 defines the standards for Wireless Local Area Networks (WLANs), commonly known as Wi-Fi. It specifies various physical layer and MAC layer protocols for wireless communication. Different amendments (e.g., 802.11a/b/g/n/ac/ax) offer increasing speeds, ranges, and frequencies.

Wide Area Protocols

• Frame Relay: A packet-switching telecommunication service designed for cost-efficient data transmission for intermittent traffic between local area networks (LANs) and between end-points in a wide area network (WAN). It operates at the data link layer and provides connection-oriented service with minimal error checking, relying on higher layers for error recovery.
• ATM (Asynchronous Transfer Mode): A high-speed, connection-oriented switching technology that uses fixed-size cells (53 bytes) for transmitting voice, video, and data. Designed to handle diverse traffic types efficiently, it operates at the data link layer and was once envisioned as the backbone for broadband networks.

5.3 Network Layer

The Network Layer (Layer 3) is responsible for logical addressing and routing packets across different networks (internetworking). Its primary protocol is IP.

Addressing (Internet Address)

• IP Address: A unique numerical label assigned to each device connected to a computer network that uses the Internet Protocol for communication.
  • Classful Addressing (IPv4): An older system that divides IP addresses into classes (A, B, C, D, E) based on the first few bits of the address, determining the default network and host portions.
    • Class A: 0xxxxxxx.xxxxxxxx.xxxxxxxx.xxxxxxxx (First bit is 0). Range: 1.0.0.0 to 126.255.255.255. Large networks.
    • Class B: 10xxxxxx.xxxxxxxx.xxxxxxxx.xxxxxxxx (First two bits are 10). Range: 128.0.0.0 to 191.255.255.255. Medium-sized networks.
    • Class C: 110xxxxx.xxxxxxxx.xxxxxxxx.xxxxxxxx (First three bits are 110). Range: 192.0.0.0 to 223.255.255.255. Small networks.
    • Class D: 1110xxxx.xxxxxxxx.xxxxxxxx.xxxxxxxx (First four bits are 1110). Range: 224.0.0.0 to 239.255.255.255. Reserved for multicast groups.
    • Class E: 1111xxxx.xxxxxxxx.xxxxxxxx.xxxxxxxx (First four bits are 1111). Range: 240.0.0.0 to 255.255.255.255. Reserved for experimental use.

Subnetting

Subnetting is the process of dividing a large network into smaller, more manageable subnetworks (subnets). This improves efficiency, reduces broadcast traffic, and enhances security.

• Subnet Mask: A 32-bit number that distinguishes the network portion of an IP address from the host portion. It has 1s for the network and subnet bits and 0s for the host bits. Example: 255.255.255.0 for a /24 network.
• CIDR (Classless Inter-Domain Routing): Replaced classful addressing by allowing network prefixes of arbitrary length, specified by a slash notation (e.g., 192.168.1.0/24). This enables more efficient use of IP address space.
• VLSM (Variable Length Subnet Masking): An extension of CIDR that allows different subnets within the same network to have different subnet mask lengths, further optimizing IP address utilization by allocating only the necessary number of IP addresses to each subnet.

Routing Protocols (Unicast and Multicast)

Routing protocols determine the best path for data packets to travel from source to destination across an internetwork.

• Unicast Routing Protocols: Used for one-to-one communication.
  • RIP (Routing Information Protocol): A distance-vector routing protocol that uses hop count as its metric. Simple to configure but has limitations (max 15 hops, slow convergence).
  • OSPF (Open Shortest Path First): A link-state routing protocol that uses Dijkstra's algorithm to calculate the shortest path. More scalable and efficient than RIP, suitable for larger networks.
  • BGP (Border Gateway Protocol): An exterior gateway protocol (EGP) used for routing between autonomous systems (AS) on the Internet. It makes routing decisions based on paths, network policies, and rulesets.
• Multicast Routing Protocols: Used for one-to-many communication, where a single packet is delivered to multiple specific destinations. Examples include PIM (Protocol Independent Multicast).

Routing Algorithms

• Shortest Path (Dijkstra's Algorithm): A link-state algorithm that finds the shortest path between nodes in a graph. Each router builds a complete map of the network topology and then computes the shortest path to all other routers.
• Flooding: A simple routing algorithm where every incoming packet is sent out on every outgoing link except the one it arrived on. Guarantees the packet will reach its destination (if a path exists) but generates massive redundant traffic.
• Distance Vector Routing: Each router maintains a routing table with the best known distance to each destination and the next hop. Routers periodically exchange their entire routing tables with their directly connected neighbors. (e.g., RIP).
• Link State Routing: Each router determines the state of its directly connected links (cost, status) and broadcasts this information (Link State Advertisements - LSAs) to all other routers in the autonomous system. Each router then constructs a complete topology map and computes shortest paths. (e.g., OSPF).

Network Layer Protocols

• ARP (Address Resolution Protocol): (Reviewed in Data Link Layer) Maps IP addresses to MAC addresses.
• RARP (Reverse Address Resolution Protocol): Maps MAC addresses to IP addresses. Used by diskless workstations to obtain their IP address at boot time.
• IP (Internet Protocol): The primary protocol of the Internet Layer. It is responsible for logical addressing and fragmentation of data into packets, and routing these packets across networks. It is a connectionless and unreliable protocol.
• ICMP (Internet Control Message Protocol): Used by network devices, including routers, to send error messages and operational information indicating, for example, that a requested service is not available or that a host or router could not be reached. (e.g., ping utility uses ICMP).

IPv6

IPv6 (Internet Protocol version 6) is the successor to IPv4, designed to address the exhaustion of IPv4 addresses and introduce improvements.

• Packet Formats: IPv6 packets have a simpler, fixed-size header (40 bytes) compared to IPv4 (20-60 bytes), which speeds up processing. Key fields include Version, Traffic Class, Flow Label, Payload Length, Next Header, Hop Limit, Source Address (128-bit), and Destination Address (128-bit).
• Extension Headers: Optional headers that provide additional services (e.g., fragmentation, routing, authentication, encryption). They are placed between the main IPv6 header and the transport layer header, processed only by the destination or specific intermediate routers.
• Transition from IPv4 to IPv6:
  • Dual Stack: Devices run both IPv4 and IPv6 protocol stacks simultaneously, allowing them to communicate with both IPv4 and IPv6 hosts.
  • Tunneling: IPv6 packets are encapsulated within IPv4 packets to traverse IPv4-only networks.
  • Translation (NAT64): Translates between IPv6 and IPv4 addresses and protocols, allowing IPv6-only hosts to communicate with IPv4-only hosts.
• Multicasting: IPv6 extensively uses multicasting, which allows a single packet to be delivered to multiple interfaces. There is no broadcast in IPv6; its functionality is replaced by multicast to the all-nodes link-local multicast address.

5.4 Transport Layer

The Transport Layer (Layer 4) provides end-to-end communication between application processes running on different hosts. It segments data from the application layer and passes it to the network layer, and vice-versa.

The Transport Service (Reliable vs Unreliable)

• Reliable Service: Guarantees delivery of data, in order, without loss or duplication. Achieved through mechanisms like acknowledgments, retransmissions, and sequencing. TCP provides reliable service.
• Unreliable Service: Does not guarantee delivery or order. Data may be lost, duplicated, or arrive out of order. Faster and lower overhead. UDP provides unreliable service.

Transport Protocols (TCP vs UDP Comparison)

• TCP (Transmission Control Protocol):
  • Connection-oriented: Establishes a connection before data transfer.
  • Reliable: Guarantees delivery using ACKs, sequence numbers, and retransmissions.
  • Ordered data transfer: Delivers data in the order it was sent.
  • Flow control: Prevents sender from overwhelming receiver.
  • Congestion control: Manages network congestion.
  • Full-duplex: Data can be sent and received simultaneously.
  • Header Size: 20 bytes (min).
  • Applications: Web (HTTP/S), Email (SMTP/POP3/IMAP), File Transfer (FTP).
• UDP (User Datagram Protocol):
  • Connectionless: No connection setup required.
  • Unreliable: No guarantee of delivery, order, or duplication prevention.
  • No flow control, no congestion control.
  • Minimal overhead: Faster.
  • Header Size: 8 bytes.
  • Applications: DNS, VoIP, Video Streaming, Online Gaming.

Port and Socket

• Port: A 16-bit number that identifies a specific application or service running on a host. It allows multiple applications to share a single IP address.
  • Well-Known Ports (0-1023): Reserved for common services (e.g., HTTP: 80, HTTPS: 443, FTP: 20/21, SSH: 22, DNS: 53).
  • Ephemeral Ports (1024-65535): Dynamically assigned by the operating system to client applications when they initiate a connection.
• Socket: A combination of an IP address and a port number (e.g., 192.168.1.10:80). It serves as an endpoint for communication, allowing applications to send and receive data across a network.

Connection Establishment (3-way Handshake)

TCP uses a three-way handshake to establish a reliable connection:

1. SYN (Synchronize Sequence Numbers): The client sends a SYN packet to the server, indicating its intention to establish a connection and its initial sequence number (ISN).
2. SYN-ACK (Synchronize-Acknowledgment): The server receives the SYN, acknowledges it by sending a SYN-ACK packet, and sends its own ISN.
3. ACK (Acknowledgment): The client receives the SYN-ACK and sends an ACK packet to acknowledge the server's ISN. The connection is now established, and data transfer can begin.

Connection Release

TCP connection release typically involves a four-way handshake:

1. FIN (Finish): One side (e.g., client) sends a FIN packet, indicating it has no more data to send.
2. ACK: The other side (server) acknowledges the FIN.
3. FIN: After processing any remaining data, the server also sends a FIN packet to the client.
4. ACK: The client acknowledges the server's FIN, and after a waiting period (TIME_WAIT state) to ensure all packets are delivered, the connection is fully closed.

Flow Control and Buffering

• Flow Control: TCP uses a sliding window protocol to prevent a fast sender from overwhelming a slower receiver. The receiver advertises its "receive window" size, indicating how much buffer space it has available. The sender adjusts its transmission rate accordingly.
• Buffering: Both sender and receiver maintain buffers to temporarily store data segments. The sender's buffer holds data awaiting acknowledgment, and the receiver's buffer holds incoming data before it's processed by the application.

Multiplexing and De-multiplexing

• Multiplexing: At the sender, the transport layer accepts data from multiple application processes, adds port numbers to each segment, and passes them down to the network layer. This allows multiple applications to share a single network connection.
• De-multiplexing: At the receiver, the transport layer uses the destination port number in the incoming segments to direct them to the correct application process.

Congestion Control Algorithms

Congestion control aims to prevent network overload, which can lead to packet loss and reduced throughput. TCP uses several algorithms:

• Slow Start: When a connection starts or recovers from congestion, TCP initially increases its congestion window (cwnd) exponentially (by 1 MSS for each ACK received) to quickly probe the available bandwidth.
• Congestion Avoidance: Once the congestion window reaches a threshold (ssthresh), TCP switches to a linear increase, adding 1 MSS to cwnd per Round Trip Time (RTT), to avoid overwhelming the network.
• Fast Retransmit: If the sender receives three duplicate ACKs for a segment, it assumes that segment is lost and immediately retransmits it without waiting for a timeout, improving recovery speed.
• Fast Recovery: Often paired with Fast Retransmit. After a fast retransmit, TCP halves its ssthresh and sets cwnd to ssthresh plus three segment sizes, then proceeds with congestion avoidance.

5.5 Application Layer

The Application Layer (Layer 7) is the closest to the end-user, providing network services directly to applications. It interacts with software applications that implement a communicating component.

Web (HTTP & HTTPS)

• HTTP (Hypertext Transfer Protocol): The foundation of data communication for the World Wide Web. It is a stateless, client-server protocol used for requesting and serving web pages and other web resources. Uses port 80.
• HTTPS (Hypertext Transfer Protocol Secure): An encrypted version of HTTP, using SSL/TLS to secure communication over a computer network. It provides authentication of the website and server, protection of data in transit, and data integrity. Uses port 443.
• Status Codes: Three-digit codes returned by a web server in response to a client's request, indicating the status of the request (e.g., 200 OK, 404 Not Found, 500 Internal Server Error).
• Request Methods: HTTP defines several request methods (verbs) to indicate the desired action to be performed on the identified resource.
  • GET: Requests data from a specified resource.
  • POST: Submits data to be processed to a specified resource.
  • PUT: Uploads a representation of the specified resource.
  • DELETE: Deletes the specified resource.
  • HEAD: Requests the headers that would be returned if the HEAD resource were requested.

File Transfer

• FTP (File Transfer Protocol): A standard network protocol used for transferring computer files between a client and server on a computer network. It uses separate control (port 21) and data (port 20 or ephemeral) connections.
• PuTTY: A free and open-source terminal emulator, serial console, and network file transfer application. Supports SSH, Telnet, SCP, and SFTP.
• WinSCP: A free and open-source SFTP, FTP, WebDAV, and SCP client for Microsoft Windows. Its main function is secure file transfer between a local and a remote computer.

Electronic Mail

• SMTP (Simple Mail Transfer Protocol): Used for sending email messages between mail servers and from a mail client to a mail server. Uses port 25 (unencrypted) or 587 (submission with TLS).
• POP3 (Post Office Protocol version 3): Used by email clients to retrieve email messages from a mail server. Typically downloads messages to the local device and deletes them from the server. Uses port 110 (unencrypted) or 995 (SSL/TLS).
• IMAP (Internet Message Access Protocol): A more advanced protocol for retrieving email. It allows users to manage emails directly on the server, synchronizing changes across multiple devices. Uses port 143 (unencrypted) or 993 (SSL/TLS).

DNS (Domain Name System)

DNS translates human-readable domain names (e.g., example.com) into machine-readable IP addresses (e.g., 192.0.2.1).

• Hierarchical Structure: DNS is organized as a distributed, hierarchical database.
  • Root Servers: Top level, know where to find TLD servers.
  • TLD (Top-Level Domain) Servers: (e.g., .com, .org, .net) Know where to find authoritative name servers for specific domains.
  • Authoritative Name Servers: Hold the actual DNS records for a domain (e.g., example.com).
• DNS Record Types:
  • A: Maps a domain name to an IPv4 address.
  • AAAA: Maps a domain name to an IPv6 address.
  • CNAME: Canonical Name, creates an alias from one domain name to another.
  • MX: Mail Exchanger, specifies mail servers for the domain.
  • NS: Name Server, specifies the authoritative name servers for a domain.
  • PTR: Pointer, used for reverse DNS lookups (IP to domain name).
• Resolution Process: When a user types a domain name, the local DNS resolver queries a recursive DNS server. If the recursive server doesn't have the record, it queries the root server, then TLD server, then authoritative name server to resolve the IP address, caching the result along the way.

P2P Applications (BitTorrent)

Peer-to-peer applications allow users to share files and resources directly with each other without a central server. BitTorrent is a popular P2P protocol for large file distribution. Users (peers) download parts of a file from multiple other peers simultaneously and also upload parts they have to others, creating a highly efficient and resilient distribution network.

Socket Programming (TCP/UDP Socket API)

Socket programming provides an API (Application Programming Interface) for network communication. It allows applications to create sockets, bind them to addresses/ports, listen for connections, accept connections, and send/receive data using either TCP or UDP.

• TCP Socket API: Involves creating a socket, binding it (for servers), listening, accepting connections, and then using send() and recv() for reliable, connection-oriented data transfer.
• UDP Socket API: Involves creating a socket, binding it (optional for clients), and then using sendto() and recvfrom() for connectionless, unreliable datagram transfer.

Application Server Concept

An application server is a software framework that provides an environment for running enterprise applications. It manages the business logic, data access, and other resources required by applications, often handling tasks like transaction management, security, and concurrency. Examples include web servers (like Apache, Nginx), database servers (like MySQL, PostgreSQL), and enterprise application servers (like JBoss, WebLogic).

Traffic Analyzers

Tools used to monitor, capture, and analyze network traffic for performance, security, and troubleshooting.

• MRTG (Multi Router Traffic Grapher): A free tool that monitors and graphs the traffic load on network links. It collects data via SNMP and generates HTML pages with graphical representations.
• PRTG (Paessler Router Traffic Grapher): A commercial network monitoring solution that can monitor various aspects of a network, including traffic, bandwidth, applications, and devices, using protocols like SNMP, WMI, and NetFlow.
• SNMP (Simple Network Management Protocol): An application-layer protocol used for managing and monitoring network devices. It allows network administrators to collect information, modify device configurations, and receive event notifications (traps) from managed devices.
• Packet Tracer: A network simulation tool developed by Cisco Systems. It allows users to design, configure, and troubleshoot network topologies without physical hardware, providing a hands-on learning environment.
• Wireshark: A free and open-source packet analyzer. It captures network traffic and displays it in a human-readable format, allowing deep inspection of individual packets and protocol analysis.

5.6 Network Security

Network security involves protecting a computer network and its data from unauthorized access, misuse, modification, or denial of service.

Types of Computer Security

• Data Security: Protecting data at rest, in transit, and in use from unauthorized access, corruption, or loss. Includes encryption, access controls, and backups.
• Network Security: Protecting the network infrastructure and traffic from attacks. Includes firewalls, intrusion detection systems, VPNs, and secure protocols.
• Application Security: Protecting software applications from threats and vulnerabilities. Involves secure coding practices, vulnerability testing, and application-level firewalls.

Types of Security Attacks

• Active Attacks: Involve modification of data or creation of false data.
  • DoS (Denial of Service): An attacker attempts to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet.
  • MITM (Man-in-the-Middle): An attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other.
  • Replay Attack: An attacker intercepts a valid data transmission and maliciously retransmits it to produce an unauthorized effect.
• Passive Attacks: Involve monitoring or eavesdropping on transmissions without altering the data.
  • Eavesdropping: Unauthorized interception of private communications.
  • Traffic Analysis: Observing patterns and characteristics of communication (e.g., volume, frequency, origin/destination) to infer information, even if the content is encrypted.

Principles of Cryptography

Cryptography is the practice and study of techniques for secure communication in the presence of third parties (adversaries).

• Symmetric-key Cryptography: Uses a single, shared secret key for both encryption and decryption. Faster but key distribution is a challenge. Examples: AES, DES. Ciphertext = E(Plaintext, Key) Plaintext = D(Ciphertext, Key)
• Asymmetric-key Cryptography (Public-key Cryptography): Uses a pair of mathematically related keys: a public key (for encryption, widely distributed) and a private key (for decryption, kept secret). Slower but solves key distribution. Examples: RSA, ECC. Ciphertext = E(Plaintext, Public_Key) Plaintext = D(Ciphertext, Private_Key)
• Hash Functions: A one-way mathematical function that takes an input (or 'message') and returns a fixed-size alphanumeric string of bytes (the 'hash value' or 'message digest'). It's computationally infeasible to reverse the process or find two different inputs that produce the same hash. Used for data integrity verification. Examples: MD5, SHA-256. Hash_Value = H(Message)

RSA Algorithm

RSA (Rivest–Shamir–Adleman) is a widely used asymmetric encryption algorithm.

• Key Generation:
  1. Choose two large distinct prime numbers, p and q.
  2. Calculate n = p * q.
  3. Calculate Euler's totient function φ(n) = (p-1)(q-1).
  4. Choose an integer e (encryption exponent) such that 1 < e < φ(n) and gcd(e, φ(n)) = 1.
  5. Calculate d (decryption exponent) such that d * e ≡ 1 (mod φ(n)).
  6. Public Key: (e, n). Private Key: (d, n).
• Encryption: To encrypt a message M (where 0 ≤ M < n), the sender computes: C = M^e mod n
• Decryption: To decrypt the ciphertext C, the receiver computes: M = C^d mod n
• Example:
  • Let p=3, q=11.
  • n = 3 * 11 = 33.
  • φ(n) = (3-1)(11-1) = 2 * 10 = 20.
  • Choose e=7 (since gcd(7, 20) = 1).
  • Find d such that 7d ≡ 1 (mod 20). d=3 (since 7*3 = 21 ≡ 1 (mod 20)).
  • Public Key: (7, 33). Private Key: (3, 33).
  • Let message M=4.
  • Encryption: C = 4^7 mod 33 = 16384 mod 33 = 16.
  • Decryption: M = 16^3 mod 33 = 4096 mod 33 = 4.

Digital Signatures

Digital signatures provide authenticity, integrity, and non-repudiation. They are created using asymmetric cryptography and hash functions.

• Creation: The sender hashes the message to create a message digest. The sender then encrypts this message digest using their own private key. The encrypted hash is the digital signature.
• Verification: The receiver receives the message, the digital signature, and the sender's public key. The receiver hashes the received message using the same hash function. The receiver then decrypts the digital signature using the sender's public key. If the two hash values match, the signature is valid, confirming the message's integrity and the sender's identity.

Securing E-mail (PGP)

PGP (Pretty Good Privacy): A widely used program for encrypting and decrypting emails and files. It uses a hybrid cryptosystem, combining symmetric-key encryption for the message content (with a randomly generated session key) and asymmetric-key encryption (RSA) for securing the session key and digital signatures for authentication.

Securing TCP Connections (SSL/TLS Handshake)

SSL (Secure Sockets Layer) / TLS (Transport Layer Security): Cryptographic protocols that provide secure communication over a computer network. TLS is the successor to SSL. They operate between the application and transport layers.

• SSL/TLS Handshake: A complex process involving multiple steps to establish a secure connection:
  1. Client Hello: Client sends supported TLS versions, cipher suites, compression methods, and a random number.
  2. Server Hello: Server responds with its chosen TLS version, cipher suite, compression method, and a random number.
  3. Server Certificate: Server sends its digital certificate (containing its public key) and optionally a chain of certificates to a trusted root CA.
  4. Server Key Exchange (optional): If needed, server sends additional key exchange parameters.
  5. Server Hello Done: Server signals end of its hello messages.
  6. Client Key Exchange: Client generates a pre-master secret, encrypts it with the server's public key (from the certificate), and sends it to the server.
  7. Change Cipher Spec (Client): Client indicates it will now use the negotiated cipher suite for encryption.
  8. Client Finished: Client sends an encrypted hash of all handshake messages.
  9. Change Cipher Spec (Server): Server decrypts the pre-master secret, generates the master secret, and indicates it will use the new cipher suite.
  10. Server Finished: Server sends an encrypted hash of all handshake messages.
  After the handshake, data is encrypted and decrypted using symmetric keys derived from the master secret.

Network Layer Security (IPsec, VPN)

• IPsec (Internet Protocol Security): A suite of protocols that provides security services at the IP layer. It offers authentication, integrity, and confidentiality for IP packets. IPsec can operate in two modes:
  • Transport Mode: Encrypts/authenticates only the payload of the IP packet. Used for end-to-end communication.
  • Tunnel Mode: Encapsulates and encrypts/authenticates the entire original IP packet, creating a new IP header. Used for VPNs.
  IPsec uses two main protocols: Authentication Header (AH) for integrity and authentication, and Encapsulating Security Payload (ESP) for confidentiality, integrity, and authentication.
• VPN (Virtual Private Network): Extends a private network across a public network (like the Internet), enabling users to send and receive data as if their computing devices were directly connected to the private network. VPNs typically use IPsec or SSL/TLS to create secure, encrypted tunnels.

Securing Wireless LANs

• WEP (Wired Equivalent Privacy): An early security protocol for 802.11 wireless networks. It uses a shared secret key and RC4 stream cipher. WEP is highly insecure due to design flaws and easily crackable.
• WPA (Wi-Fi Protected Access): A security standard developed to address WEP's weaknesses. It uses TKIP (Temporal Key Integrity Protocol) for stronger encryption and message integrity. WPA also introduced 802.1X authentication.
• WPA2 (Wi-Fi Protected Access II): The current industry standard for securing wireless networks. It uses AES (Advanced Encryption Standard) with CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol), providing much stronger encryption and integrity than WPA/TKIP. WPA2-Enterprise uses 802.1X for robust authentication.

Firewalls

A firewall is a network security device that monitors and filters incoming and outgoing network traffic based on a defined set of security rules.

• Packet Filter Firewall: Operates at the Network and Transport layers. It inspects individual packets based on IP addresses, port numbers, and protocol types. It is fast but stateless (doesn't track connection state) and vulnerable to certain attacks.
• Stateful Inspection Firewall: Keeps track of the state of active connections. It inspects packets in the context of a connection, allowing return traffic for established connections. More secure than packet filters but requires more processing.
• Application Gateway (Proxy Firewall): Operates at the Application layer. It acts as an intermediary (proxy) for specific application protocols (e.g., HTTP, FTP). It terminates the connection from the client, inspects the application-layer content, and then establishes a new connection to the server. Offers the highest level of security and content filtering but can be slower.