Topic 3—Networks (9 hours) Past paper questions : 3.1 Networks (9 hours) Assessment statement Obj Teacher’s notes Explanations Identify different types of networks. 2 Examples include local area network (LAN), virtual local area network (VLAN), wide area network (WAN), storage area network (SAN), wireless local area network (WLAN), internet, extranet, virtual private network (VPN), personal area network (PAN), peer-to-peer (P2P). S/E, INT Globalization has been accelerated by the technical advances linked to network development. LAN = a network inside one organization or one building traditionally made of wires and hubs connecting servers and clients. Typically in a business, connecting employee's PCs to the company's servers. Network fundamentals 3.1.1 WAN = a network that spans many computers in widely separate locations, e.g. separate cities for example, linking bank offices and ATMs. WANS usually include connections that are public, e.g. not owned by the company - like the public telephone lines VLAN = it seems to be a LAN, and is all controlled by one organization. Commonly PART of a LAN, isolated with no connection to other parts of the actual physical LAN. Makes sense for security purposes, isolating sensitive resources. WLAN - also called WIFI - a WIRELESS LAN, using mostly radio connections to "access point" hubs, with wires connecting the hubs to the servers. Rarely provides direct wireless connections between clients and servers, as cables (wires) are much faster. SAN - a network containing large amounts of storage (HDD). Usually virtualized so users don't need to worry about the actual machines containing the storage devices - commonly "data centers" VPN - Virtual Private Network - provides secure, private connections between clients and servers, running across public connections like phone line typically running across the Internet Security issues (encryption) are very important here. PAN - Personal Area Network - used to connect devices belonging to one user, or maybe a family. Typically running through wireless router in a home. P2P - Peer to Peer - communicates between "equal" clients, without using servers. Commonly used in the Internet to exchange files directly between client PCs. Video links: https://www.belden.com/blog/smart-building/network-types :https://www.youtube.com/watch?v=fCxfp1iUbqw 3.1.2 Outline the importance of standards in the construction of networks. 2 INT Standards enable compatibility through a common “language” internationally. ASCII - Before networks (1950's and 1960's) computers were all non-standard, custom built devices. They used "custom" storage methods, including non-standard character-code systems. Once there were enough computers containing enough data to make communication and data exchange useful, standard storage systems were needed. Then ASCII was invented in the early 1960's, making it possible to exchange data and information easily. Original ASCII was 7-bits plus a parity bit (128 codes). Later this expanded to 8-bits (without a parity bit) to provide 256 codes. UNICODE - Much later (1990s) this was expanded to UNICODE, because ASCII did not include codes for "foreign" languages like Chinese, Russian, Persian, etc. UNICODE is 16-bits, providing codes for 65536 different characters. Ethernet - a standard for LAN connections. This includes a communication protocol, as well as a standard type of connection card and standard cables. Without such standards, we could not ensure that new machines could connect successfully to an existing network. https://www.slideshare.net/makyong1/chapter-33-12564245 1. Standards ensure compatiblity 2. Define protocol 3. Roles: data integrity, flow control, deadlock resolution, congestion, error checking 3.1.3 Describe how communication over networks is broken down into different layers. 2 Awareness of the OSI seven layer model is required, but an understanding of the functioning of each layer is not. OSI - Open System Interconnection By establishing STANDARD layers with specific responsibilities, it's possible to implement communication (networking) with interchangeable modules. For example, if a new Operating System is created (e.g. Android), it's responsibilities must be implemented (programmed) inside the OS. But it's not necessary to also create a new browser (although this might actually be optimized for the system). https://www.geeksforgeeks.org/layers-of-osi-model/ https://www.youtube.com/watch?v=LANW3m7UgWs 3.1.4 Identify the technologies required to provide a VPN. 2 3.1.5 Evaluate the use of a VPN. 3 Client machine, server, connection (probably via Internet), encryption software, client software (not necessarily a browser), often a "relay" server (but not necessarily) S/E, AIM 9 The use of a VPN has led to changes in working Virtual Private Network - VPN provides "the best of both worlds" - mobility convenience through remote connections - security equivalent to that provided in a LAN patterns. This permits employees - including important administrators to work from home or during a trip, but still have access to sensitive and private data stored on the company's servers. This often uses non-standard, hence secure, communication protocols. A simple version uses non-standard PORT numbers for the communication channel. Simple VPNs only make connections between one client and one server. More complex versions may provide direct connections between clients, e.g P2P. Data transmission 3.1.6 Define the terms: protocol, data packet. 1 Protocol = a clear and effective set of rules for communication, including specific steps for starting a conversation, continuing the conversation, making decisions about when to continue or stop, and a specific way for ending the conversation Data Packet = a small collection of data that is part of a larger communication. For example, a video may be broken into smaller packets - maybe 16 KiloBytes each - that are "streamed" one after another out to the client. Notice that in the Internet, there is no guarantee that packets will arrive in the same order they were sent, so the recipient must reassemble the packets in the correct order to make a complete and coherent whole. Examples of Commonly Used Protocols TCP/IP = Transmission Control Protocol / Internet Protocol includes IP addresses, packet-switching strategies, error correction strategies, handshaking methodologies, etc HTTP = Hyper Text Transport Protocol used by clients and servers in the WWW An HTTP session is a sequence of network request-response transactions. An HTTP client initiates a request by establishing a Transmission Control Protocol (TCP) connection to a particular port on a server (typically port 80; see List of TCP and UDP port numbers). An HTTP server listening on that port waits for a client's request message. Upon receiving the request, the server sends back a status line, such as "HTTP/1.1 200 OK", and a message of its own. The body of this message is typically the requested resource, although an error message or other information may also be returned. (Wikipedia) FTP = File Transport Protocol This was the most common protocol used in the Internet before the WWW was invented in 1990. SMTP = Simple Mail Transfer Protocol used by email servers to send email from one to another Notice that this is a "push" technology - email is SENT to the recipient, whereas HTTP is a "pull" technology - web-pages are requested before they are sent. https://www.youtube.com/watch?v=ISrJ5ojvOgA 3.1.7 Explain why protocols are necessary. 3 Including data integrity, flow control, deadlock, congestion, error checking. Integrity - means that the data arrives unchanged, reliably. It is common that electro-magnetic interference or other faults corrupt data during transmission. Error Checking - The data is sent in packets and each packet contains some error-checking codes, for example a check-sum for the entire packet, which is a complicated calculation done on all the bytes in the packet. When a packet arrives, the recipient performs the check-sum algorithm to check whether the result matches the result that was transmitted. If the results don't match, the recipient sends an error message back to the transmitter and asks for a retransmission. Parity Check - For smaller transmissions, such as a password in a LAN, we might use parity checks. This is a single b it that accompanies a Byte, tellings whether the sum of all the bits is even or odd. Again, the recipient checks whether the received parity bit correctly matches the received Byte - if not it asks for retransmission Flow Control - If a server is busy, like CNN during an important news event, then a client might request a web-page and the web-page does not arrive quickly. Then the client might assume that the request never arrived, so it sends another request. If lots of clients are making repeated requests, the server will queue-up all the requests, making a longer and longer list of unfinished work. This can make the server slower and slower, and eventually the server needs to be shut don't. Flow Control should prevent such disasters, by cleverly managing the flow of data and requests. For example, it's better to immediately send back a "busy" message, rather than just not sending the requested data. If multiple servers are available, perhaps in various geographical locations (like Google's servers) flow control can re-route requests to a less busy server. Deadlock - when two (or more) competing tasks are each preventing each other from finishing. So the system keeps trying over and over again to finish one of the tasks, but keeps getting interrupted by the other. In modern OS's, this seldom happens, but a common example is a PC that has too many processes running and is unsuccessfully trying to "swap" some of them to virtual memory. Every swap operating takes time, and this overhead makes the system unstable - we call this "thrashing". Deadlock implies that the problem is NEVER going to end. Congestion - similar to deadlock, but only causing a significant slowdown. This usually refers to the communication channels (wires and routers) rather than the servers. How do protocols help? Protocols are a set of RULES that control how communication happens. For example, if a client sends a request to a server, the protocol might require an immediate response - either the requested data or a message saying that the server is busy and there may be a delay. Even if the data will be sent quickly, the server might still send an acknowledge message, saying that it received the request. Another example is handshaking. When two devices start communicating, they must agree on the transmission speed that will be used. If the speed is set too high, there may be lots and lots of errors, resulting in lots and lots of retransmissions, meaning the high transmission speed actually slows down communication. Packet sizes, error-detection protocols and flow control (choose a different channel or server) all contribute to fewer problems and overall faster data transfer. 3.1.8 Explain why the speed of data transmission across a network can vary. 3 3.1.9 Explain why compression of data is often necessary when transmitting across a network. 3 Depending on the amount of traffic in the network and the frequency of errors (due to interference), transmission speed can speed up or slow down. It would be foolish for a server to transmit data 10 times faster than the client can actually receive it. Also, the server may have other things to do (many client connections), so it might choose to send lots of small packets at a high speed, rather than very large packets at a slower speed. S/E, INT Compression has enabled information to be disseminated more rapidly. In the distant past, file sizes were quite small - several kilobytes of text. The advent of multimedia (pictures, videos and sound) significantly increased file sizes. A normal picture is well over 1 MegaByte. And there are lots and lots of files being transmitted in most networks. Sending all this data in uncompressed form would saturate (overwhelm) the available bandwidth, resulting in substantial delays. So compression i s commonly used to reduce file sizes and hence reduce the overall amount of data being transmitted. This is effective as long as the client receiving the data is powerful enough to decompress the data quickly. If not, then we can use lossy compression, where some details are simply removed (lost). A typical example is to send a low-resolution version of a video, say 320x200, rather than an HD (high resolution) version at 1920x1080. This means 30 times less data is transmitted, but then a lot details are removed when so many pixels are removed. Some researchers claim that 50% of Internet traffic is videos. If these were all uncompressed, nothing would work any more. 3.1.10 Outline the characteristics of different transmission media. 2 Characteristics include: speed, reliability, cost and security. Transmission media include: metal conductor, fibre optic, wireless. Metal cables (copper) - CAT 5 cables work reliably up to 100 meters, at speeds like 100 Megabits per second. Cables can be relatively expensive in a large building with a long cable to each client, and with substantial installation costs for drilling holes and making connections. But the cables are highly reliable and provide relatively good security, since physical access is required if someone wishes to steal data. Wireless (WIFI) - radio signals like 802.11n, which supports well over 100 Megabits per second. Unfortunately WIFI is subject to substantial interference from steel in walls and other radio signals. WIFI is generally inexpensive to install, especially because many devices can share the same "access point" (hub), without needing a cable for each device. The range is substantially less than 100 meters (more like 30 m). Reliability is generally good due to adjustable transmission speeds and good error-detection, but security is poor since the signal can be received outside the building. Fibre Optic - tiny glass fibres, bundled inside a protective cable wall. The fibres carry light signals, rather than electricity. The light signals are considerably faster than electrical signals, they are not disrupted by electro-magnetic interference, and the optical fibres are a lot thinner than metal cables - so one optical fibre cable carries a lot more data (higher bandwidth) than similarly sized copper cable. Hence speed (actually bandwidth) is much higher. But fibre cables are a lot more expensive than copper, requiring significantly more sophisticated manufacturing techniques. Also, the fibre must connect into a special box that converts the optical signals to electronic signals, and these boxes are also expensive. Besides high bandwidth, one large attraction of fibre is that it will not attract lightning strikes and will not "short-out" when wet, making it very popular for use outside of buildings. The light signals decay slowly, so distances of 50 kilometers or more are possible, making fibre optic the principal medium for the Internet Backbone. "Hacking" into a fibre optic signal is considerably more difficult than tapping into a copper cable, so security is considerably better. 3.1.11 Explain how data is transmitted by packet switching. 3 3.1.12 Outline the advantages and disadvantages of wireless networks. 2 3.1.13 Describe the hardware and software 2 Here is a good explanation at HowStuffWorks Wireless networking S/E Wireless networks have led to changes in working patterns, social activities and raised health issues. Physical issues are outlined above in 3.1.10. Wireless is very popular now because it provides high mobility (no need to be connected to a cable) at low installation costs. A university can outfit the entire campus with WIFI connections by installing hundreds of access points. A cabled version would require a huge number of cables, and users would have difficulty moving around. The combination of high mobility and low cost have made WIFI the primary network technology for most homes and most public locations. Cables are still popular in businesses who require a higher level of security. A combination of the two - providing secure cables for some purposes and convenient WIFI for other purposes - is very popular in the business world. WIFI Hardware Access points - radio receivers that communicate with digital devices like components of a wireless network. laptops and Smartphones. Cables - Most access points are then connected by a cable t o a telephone line or into a cabled LAN. WIFI Enabled Device - computer, Smartphone, television, etc. Any device with an antenna and a WIFI chip/card and a suitable OS. If a device does NOT contain WIFI support, a "dongle" might be added and plugged into a USB port, assuming the OS will support this. This might not work in an older computer. Mobile Devices - devices like tablets and Smartphones are purposely designed for portability, depending on batteries and designed to be small and easily carried around. These are virtually all intended for WIFI connections, and probably don't contain a network cable connector (RJ 45). WIFI Software WIFI support is provided as standard modules i n most OS's installed in devices requiring the support. Application software is normally the same for WIFI or cabled networks, so no specific applications are required. It might be the case that NOT ALL browsers run on a device - say a Smartphone - but probably SOME browser will work. Cloud - Mobile devices make extensive use of "cloud computing", especially online data storage and browser-based "apps". This adds to the portability of the device, making personal data available around the world by storing it on a web-server. 3.1.14 Describe the characteristics of wireless networks. 2 Include: WiFi; Worldwide Interoperability for Microwave Access (WiMAX); 3G mobile; WIFI - 802.11 hubs like you see at home and in school, at MacDonalds and the airport, etc. Data rates around 100 Megabits per second. 3G - that is the cell phone (handy) network providing WEB DATA access. This is NOT what you need for cell phone voice calls. But you could use it for VoIP future networks. S/E, INT Connectivity between different locations. (Voice Over IP). "a minimum data rate of 2 Mbit/s for stationary or walking users, and 384 kbit/s in a moving vehicle," (Wikipedia) WiMAX - "WiMAX (Worldwide Interoperability for Microwave Access) is a wireless communications standard designed to provide 30 to 40 megabit-per-second data rates,[1] with the 2011 update providing up to 1 Gbit/s[2] for fixed stations" (Wikipedia) Limited versions of WiMAX are available in various places around the world, but usage is still not very common, and basically dying off (not increasing) Future Networks Internet of Things, 5G, better BlueTooth, Network Neutrality, NFC = Near Field Communication = Contactless Credit Card readers 3.1.15 Describe the different methods of network security. 2 Include encryption types, userID, trusted media access control (MAC) addresses. S/E Wireless networks have led to concerns about the security of the user’s data. WEP - Wired Equivalent Privacy - this was the first encryption technology widely used in WIFI. It uses a 40-bit key. "Although its name implies that it is as secure as a wired connection, WEP has been demonstrated to have numerous flaws and has been deprecated in favour of newer standards such as WPA2." (Wikipedia) WPA2 - WiFi Protected Access - "makes use of the Advanced Encryption Standard (AES) block cipher" (Wikipedia) This is considerably more secure than WEP, using up to 256 bits for the key. It has not yet been "cracked". MAC - Media Access Control - a unique identifier for every network device in the world (!!) Some WIFI access points require the MAC address to be added to the list of permitted devices, so a new user with a new device will be denied access. This is considerably safer than WEP or WPA2, because knowing the key is not enough - your device must be added into the approved list by a system administrator. This would be impractical in a public area like a school, but is quite easily done in a home network. In a business environment, it is time consuming but might be worthwhile for improved security. userID - This happens at a higher level than other protocols. For example, if you want to use WIFI in a hotel, your computer is allowed direct connection to the hotel's network. Then you must supply a user ID and a password before the network will allow you to connect to the Internet. The hotel might charge for the service, and so the network will limit the number of days that your ID is valid. 3.1.16 Evaluate the advantages and disadvantages of each method of network security. 3 userID - simple to implement (requires only software), easy to manage, very flexible. MAC - more trouble to set up and manage than others, but highest level of security (assuming we can trust the administrator). Limits the number and variety of devices that can be used. WEP - easy to setup and use, but "broken" because the key is too short WPA2 - easy to setup and use, not "broken" like WEP, but less secure than MAC because any device can be used as long as the user knows the key Discussion Questions (1) Explain 2 differences between the World-Wide-Web and a Wide-Area-Network. (2) Outline a sensible SECURITY system for use in a Peer-to-Peer network. (3) The OSI Layers model is supposed to provide standardization for Network communications. Explain why other standards like ASCII, UNICODE and HTML are still needed, even though they are not part of the OSI standard. (4) Explain why SOFTWARE is more important than HARDWARE when setting up a VPN. (5) Explain why WIFI and VPN might BOTH be needed to provide mobility for some users. (6) Explain the different roles of HTTP and HTML in the World-Wide-Web. (7) Outline 2 advantages that make Optical Fibre better than Copper Cables for outdoor use. (8) Outline the most important difference between how SMTP transfers email and how HTTP distributes web-pages. (9) Explain the importance of check-sums in a packet-switching system. (10) Explain two essential differences between MAC security and userID security in a wireless network connection. (11) Explain how DNS and Domain Names work. (not in the syllabus, but still worth knowing) (12) What is the total bandwidth of the World-Wide-Web? 640 TeraBytes per min (eg Youtube Video 60 MB per sec - actually 1 MB per sec - lots of users - 5 billion per day) ~~~~~~~~ (13) Assume that a bank director wishes to be able to work from home. He wants to access secret documents as well as public documents from his bank's servers. (a) Outline one advantage and one disadvantage of using a wireless (WIFI) connection at home. (b) Outline one advantage and one disadvantage of using VPN. (c ) Explain why he might be able to work WITHOUT using HTTP. (d) Explain why the documents probably contain ASCII codes. (e) Outline 2 ways that ENCRYPTION might be used in this system. ~~~~~~~~ Examination questions #12 May 2014 HL p 1 An international organization has offices located across several countries. For some of its activities, for example human resource management, it has been decided to adopt a “Software-as-a-Service” (SaaS) solution in order to keep the running costs low. (a) Describe the features of SaaS. [3] (b) Discuss the limitations of SaaS in relation to security. [6] Each office makes some data available to external customers through the use of an extranet and allows employees to work from home through a VPN. (c) Define the term extranet. [2] (d) Distinguish between a VPN and an extranet. [4] May 2015 HL P 1 3. Outline one example of the use of a virtual private network (VPN). 6. Describe how a GPS system can identify the position of a person. [3] 7. Describe one way that the operating system of a networked workstation hides the complexity of the network from the user. [3] 10. Six lawyers and one secretary work together in the same building and are connected via a LAN to a central server. Each has their own workstation. (a) Outline the concept of the Open Systems Interconnection (OSI) model in communication across a network. [3] (b) Outline, with an example, the function of protocols. [3] The secretary deals with booking appointments for clients. New clients are given the first available appointment with any lawyer and returning clients are given the first available appointment with their usual lawyer. A new customized computer package is bought to deal with appointment making. (c) Identify the data that needs to be input by the secretary when someone asks for an appointment. [2] The data on appointments is held as one page for each day. (d) Describe a suitable data structure to hold the data for one day. [3] (e) Using the data structure you suggested in (d), outline the steps in a procedure to create an appointment for a client. [5] May 2016 P1 #12 A college has a high-speed network. The network is accessible to all students and staff through their personal accounts. The network may be accessed by using desktop computers available in the college. When in the college, users can also use personal laptops to connect wirelessly or dock with an Ethernet cable. When not in the college, users can connect via a virtual private network (VPN) over the internet. (a) In the given context, distinguish between Ethernet and wireless in terms of reliability of transmission. [4] (b) Describe two features of a VPN that make it secure. [4] (c) State one technology that is necessary for a VPN. [1] The college is devising a policy for the use of its IT resources and services. They are considering prohibiting the use of external services such as cloud storage and blogs. (d) In relation to the specific activities that may be carried out by students, discuss two advantages and two disadvantages of the use of external services. [6] ~~~~~~~~ Nov 2017 HL P1 #11 A wireless local area network (WLAN) is used to extend access to a school’s wired local area network. (a) Identify one hardware component of the WLAN, other than computers. [1] The advantages of this WLAN are user-mobility and economical access points. (b) Outline two disadvantages of this WLAN. [4] (c) Identify three ways in which the network administrator can reduce the risk of unauthorized access to confidential data. [3] The concept of packet data transmission is used within this network. Figure 1 shows the simplified structure of a data packet. (d) Define the term protocol. [1] (e) With reference to Figure 1, explain how data is transferred by packet switching. [6]