SOHO Networking and Internet Activites AS LEVEL Computer Application SOHO Networking and Internet Activities YLLSS 2008 - 2009 1 SOHO Networking and Internet Activites In the syllabus, we have ... Internet Basics Students should be able to describe the hardware and software requirements for Internet access. Students should know how data is transmitted over the Internet and understand concepts of Internet Protocol (IP), Uniform Resource Locator (URL), Domain Name System (DNS) and Hypertext Transfer Protocol (HTTP). Internet services and resources Students should be able to formulate an effective strategy for searching specific information on the World Wide Web by using search-engines, and be able to critically analyse the sources of information. Students should have experience of the use of the Internet for file transfer by using ftp, remote logon, locating and using an online chat, joining discussion forums and newsgroups. Students should be able to use plug-ins or players for multimedia elements found on the Internet. Students should understand the differences between a mail client and web mail, and the protocols (POP, IMAP, SMTP, etc.) used in sending and retrieving emails. Ethical and social issues on the use of the Internet Students should be able to discuss critically issues arising from the digital divide, the emergence of a knowledge-based society and globalization. Students should be keenly aware of the issues of intellectual property, and be familiar with measures to safeguard themselves and their information on computers, by various means such as the installation of a firewall, filtering software, anti-spyware and anti-virus software. They should understand the use of cookies and the impact on user tracking. Students should understand the measures which ensure Internet security in data transmission, such as the use of a digital certificate and data encryption. This module focuses on knowledge and skills essential in constructing SOHO networks. SOHO networks are small scaled networks suitable for small-and-medium enterprises (SMEs) which make up more than 90% of businesses in Hong Kong. Building up networking capabilities and infrastructure within SMEs will increase the productivity and enhance communication internally among staff and externally to customers or clients throughout the world. Through the study of this module, students will gain an understanding of the basic principles of networking, and the knowledge and skills associated with the design, implementation and maintenance of a SOHO 2 SOHO Networking and Internet Activites network. Students will also be aware of the common security threats to SOHO networks and the measures to improve network security. This module will give students a solid foundation on networking in general, and SOHO networking, in particular. Students will appreciate the practical nature of the module, regardless of whether they continue to pursue knowledge in this area in tertiary education or migrate to the workforce. The time allocation for the module is about 32 hours (48 lessons). Topics Remarks (8 hours) A. SOHO Networking Basics Basic concepts of data Students should be able to identify and describe the basic function of communication and each component of a packet: header, data and trailer. They should networking also be able to explain briefly the use of packets in data transfer in a packet switching network. Students should understand the basic concepts of Internet Protocol (IP) addressing including the scheme and classes of IP addresses. They should understand the use of a subnet and know what a subnet an IP address belongs to from a simple subnet mask. Students should know the use of some common protocols including TCP/IP and DHCP, etc. Students should be able to explain the factors that need to be considered in choosing between a client-server network and a peer-to-peer network. Students should be able to compare and contrast the common types of communication links (e.g. modem dialup or cable modem, leased line, broadband and wireless, etc.) for Internet access in terms of data transfer rate, cost, and reliability. Basic network components Students should be able to identify and describe the functions of the various components which make up the wired and wireless networks. These include the network interface cards (NICs), cables, hubs, switches, routers, broadband routers, gateways, wireless adapters, wireless access points, wireless routers, etc. They should also be able to describe and explain briefly the services provided by a network operating system. SOHO network applications Students should be able to describe and appreciate the common applications of SOHO networking including resources sharing, Internet access, web serving, telecommunicating, etc. (16 hours) B. SOHO Network Design and Implementation Need analysis Students should be able to conduct a simple need analysis on a 3 SOHO Networking and Internet Activites proposed SOHO network and translate the needs identified into requirements and specifications. Design Students should be able to design a network to meet the requirements generated in the need analysis and represent it in a diagram. Students should be able to justify their design based on technical, cost-effectiveness and other considerations. Setup Students should have the experience of setting up simple Ethernet and wireless networks. Students should have the experience of sharing various resources (e.g. files, printers and Internet connection, etc.) among the networked computers / stations. Students should have the experience of setting folder/file-sharing permissions including read, write and execute rights, etc. Testing Students should have the experience of validating a network system by testing it according to a simple test plan based on the requirements and specifications. Documentation Students should be able to document the user requirements, a schematic diagram for the network and specifications of the network. End-user support Students should be aware of the importance of adequate end-user support and training on the attainment of the benefits sought. (8 hours) C. SOHO Network Management and Security Monitoring, fine-tuning and troubleshooting Students should develop the basic skills of monitoring and fine-tuning the performance of a simple network. Students should develop the basic skills of analysing problems associated with the use of a networked environment and performing troubleshooting for it. Backup Students should be aware of the importance of backup in disaster planning and recovery measures. Student should know the common hardware and software components of a network backup solution, such as Redundant Array of Independent Disks (RAID), Uninterruptible Power Supply (UPS), network backup servers, network backup and recovery software, etc. Security threats and measures Students should be able to describe the potential risks caused by the common network security threats including virus, worm and Trojan 4 SOHO Networking and Internet Activites programs, spyware, unauthorised access, interception, etc. Students should be able to propose effective measures to improve network security for both wired and wireless networks. These include anti-virus programs, authentication, access and user right control, packet filtering, public and private key encryption, Wired Equivalent Privacy ( WEP), and IPsec used in Virtual Private Network (VPN), etc. 5 SOHO Networking and Internet Activites Networking Practical implementation of network Different Roles: 1. A device is needed to exchange the data between computers. (e.g. hubs, switches or routers) 2. Media of communication. (e.g. UTP cable, optical fiber, etc) 3. Hosts (e.g. a number of PCs with network interface cards installed) There are a number of network card, below shows some of them: A NIC card for desktop computer. Usually, NIC is built-in in a motherboard. This one is a PCI NIC card. A wireless NIC card, for desktop computer. A NIC installed in a motherboard. Usually, it is inserted in a PCI slot. 6 SOHO Networking and Internet Activites A NIC installed in a PC which will be connected by a UTP cable. A wireless PCMCIA NIC card, It is usually in notebook computer. Digital signals are sent forth and back between the computer and the NIC card, inside a computer, digital signals are sent in groups (parallel), however, when sending out of the computer, the data is sent serially, i.e. if “01011100”, inside a computer, it is sent in group, however, when, it is passing through the NIC, it first send “0”, then, “1” and so on. Apart from network card, other connecting devices are required, for example: Router 7 SOHO Networking and Internet Activites Stackable switch Here shows some common connecting media: UTP Optical fibre Difference between straight-thru wire and crossover wire (UTP) Reason: 8 SOHO Networking and Internet Activites PC Hub Switch Modem PC crossover straight straight straight Hub straight crossover crossover crossover Switch straight crossover crossover crossover Modem straight crossover crossover phone cable Reference: http://www.homenethelp.com/web/explain/about-ethernet-crossover.asp 9 SOHO Networking and Internet Activites Illustration of a network A network is illustrated as below: Practical Situation Schematic representation Type of computer network LAN (Local Area Network) is a computer network which connects a number of computers and other devices within a limited geographical space such as a room or a office. WAN (Wide Area Network) is usually formed by connecting various LANs spreading over a wide geographical area into a large network. LAN Two popular types of LANs are peer-to-peer and client/server. Type Characteristics Peer-to-Peer network Every computer is connected directly to every other computer. Each computer can use information from, and provide information, to every other. Client / Server network Individual computers, called clients or workstations, are connected to central computer, called a server. The clients can access programs or files stored on the server. There are two types of LAN, they are: peer-to-peer and client/server. Client/Server Peer-to-Peer 10 SOHO Networking and Internet Activites The characteristics of Peer-to-Peer and Client/Server structure are: Peer-to-Peer All computers are workstations (no server is assigned to maintain the network users) Client/Server Security is week. A server is assigned to maintain the network user accounts. File server is one of the applications in client/server structure. It can provide spaces for the user to store files in the server. And users are authenticated by username and password. Since the server can give different levels of rights(權力) to different users, so securities is high. The way the network components incorporate to form a network These components include Connecting devices: Router, Switch, Hub (Their appearances are very similar) Hub Hub is some old-fashion connecting device, it broadcast all the message to all the ports it connected, so, it will easily slow down the transmission. Switch Switch is used to connect several similar networks together, it acts as a bridge. Switch will not be able to distinguish different network, it will only recognize the IP address and then forward the message to the PC according to the MAC address. Router Router is used to connect two or more networks together. Router will be able to make use of subnet mask to distinguish different networks. Connecting media: UTP, Optical Fiber UTP It is used to connect PC to some connecting devices Optical Fiber It is used to make connection between switches and routers. Network Server Software vs Network Client Software: NOS (Network Operating System) is used to manage network resources, control the flow of data, maintain security and track user accounts. It has two parts: Network Server Software and Network Client Software. Network Server Software: installed in the server. It controls file access from the server’s hard disk, manages the print queue, and tracks user data such as user IDs and passwords. Network Client Software: installed in the local hard disk. It gathers login information, handles drive mapping, etc. 11 SOHO Networking and Internet Activites Wireless LANs (WLAN): A wireless LAN requires an access point(AP, 收發 點 ) which behaves like a switch or hub. It also requires wireless NICs(Network Interface Card) installed in the computers. The figure on the left shows how wireless network combine with the existing LAN. The access point and the wireless NICs communicate by emitting and receiving radio waves. We called it RF (Radio Frequency). a) Access Point b) Wireless NIC c) Wireless network PC card d) Wireless USB adapter (mostly found in laptop) Ethernet Networks(乙太網): Ethernet is the most widely-installed local area network (LAN) technology. Specified in a standard, IEEE 802.3. An Ethernet LAN typically uses coaxial cable or special grades of twisted pair wires. Ethernet is also used in wireless LANs. Connection between LANs: Different LANs will utilize different network technologies. E.g. Ethernet, Token Ring, FDDI, ATM, Frame Relay, SMDS, and other networking technologies. To connect different type of networks, a gateway is needed. Quite often it is the router. A gateway is responsible to connect two different networks. 12 SOHO Networking and Internet Activites Comparison of Speed in different network: The speed of a network is measured in the unit bps (bit per second). Bandwidth(頻寬) Type of network LAN Wireless LAN WAN Modem Ethernet (乙太網) 10M bps Fast Ethernet 100M bps Gigabit Ethernet 1G bps (~1000M bps) Bluetooth 1M bps 802.11b 11M bps 802.11g 54M bps T1 1.5M bps T2 44.7M bps ISDN 1.5 Mbps Remote access through telephone line 56K bps Some important servers Server Name Description File server (DC, A high speed computer that stores the programs and data files shared by users. domain controller) Most file servers also store important information, like user accounts and the network information. Data in a file server are important and must be back up regularly. Mail server A mail server provides e-mail services to users. Each user has a mailbox which stores the incoming mails and copies of sent mails. Print server A print server manages one or more printers. It allows a shared printer to be accessed by authorized users Web server A web server stores the contents of web pages created by users of a LAN. It entertains requests from other users on the Internet by delivering web pages. Proxy server A proxy server improves the efficiency of Internet access by temporarily storing copies of web pages visited by previous users of the same LAN. It also filters web pages to prevent users from accessing certain sites. Question: What are the advantages of networking of computers? Share a folder for other network users: Step 1 Select the property of this folder 13 SOHO Networking and Internet Activites Step 2 Share this folder Assign firewall setting Step 3 Set user right Step 4 Class work 1: 1. Create a folder “share” in your d-drive and then share with your classmates. 2. Use the vnc programs to remote control a pc. 14 SOHO Networking and Internet Activites You can easily get a vnc from www.realvnc.com. Or you can get it in school at the resources section on the web page http://yiuming.yll.edu.hk/ 3. Use command net in the DOS command window to a) view the computers in the same subnetwork (net view) and then, show their share folder b) view the users in your computer (net user). Conventional Questions set 1: The accounting and marketing departments of a trading company are on the 8/F and 12/F of a commercial building respectively. All the computers in the company are connected with a structure shown below: a) Name an interface card that connects computers to the network. NIC (Network Interface Card) b) Suggest suitable transmission media for medium A and medium B. Explain briefly your answers. Medium A: UTP (connecting PC to connecting device) Medium B: Optical Fiber c) What are the possible devices X and Y in the figure? What are the functions of these devices. X: Switch Y: Router d) All the user files, including confidential ones (such as accounting spreadsheets, customer records, etc.), are stored in the file server. Explain how the server can prevent unauthorized access of the files? Authorized users have to provide username and password to access the system, different users can be set to have different level of rights. e) Server Z can improve the efficiency of Internet access by temporarily storing copies of web pages 15 SOHO Networking and Internet Activites visited by previous users of the same LAN. Name Z. Proxy server f) Suggest THREE benefits of connecting the computers to a network. Database sharing / file sharing Hardware sharing Communication between users 1. 2. In a wireless LAN, A. there is no limit in the number of workstations B. data transmitted are always encrypted C. the wireless access point is a server D. every computer has a unique Internet Protocol address. A network is set up in a building with 15 computers and a powerful computer dedicated to managing disk drives and printers. What type of network is this? 3. 4. 5. A. a peer-to-peer local area network B. a peer-to-peer wide area network C. a client-server local area network D. a client-server wide area network The LANs in a WAN are connected together by A. hubs or switches B. routers C. wireless access points D. printers Which of the following is / are function(s) of a proxy server? (i) Firewall (ii) Content filter (iii) Cache for web pages A. (i) and (ii) only B. (i) and (iii) only C. (ii) and (iii) only D. All of the above Which of the following is not commonly used for wireless communication? A. WiFi B. Bluetooth C. HSDPA D. SMS 16 SOHO Networking and Internet Activites Prerequisite for Internet Technology We have to have some knowledge about the technology in the Internet, here, we have to know that networking technology is one thing, Internet technology is other thing. For example, in networking, we will have the concept of server and client computer, however, in Internet technology we will require you to have more practical knowledge about different server, say, FTP server, Web server, SMTP server, POP3 server, etc. So, here is some technology that you will encounter in the following section: Server FTP server Web server POP3 server SMTP server Streaming server Communication IPv4, IPv6 Technology Domain name VPN WEP WPA SSL Common file format ASF, WMV, MOV, MPG, 3GP, RM, RMVB, AVI, AU, RA, MP3 JPEG, GIF, PNG Units Bps bps G M K Access Mode Dial up ADSL Cable VDSL ISDN T1, T3 Device and component Router Switch Hub AP 17 SOHO Networking and Internet Activites Wireless adaptor NIC NAS Bridge Gateway Protocols and standard HTTP HTTPs POP3 SMTP TCP UDP DHCP 802.11g, 802.11b Reserved ports (e.g. 80, 21, 25 etc) Activities Web technology Web server setting Web browser setting plug-in Cookie VoIP MSN Streaming 18 SOHO Networking and Internet Activites Internet Technology Internet and World Wide Web(WWW) The Internet is a world-wide system of computers connected by communication networks. The Internet is decentralized by design. Each Internet computer, called a host, is independent. The administrator of a host in the Internet can choose which Internet services to use and which local services to make available to the global Internet community. World Wide Web (WWW) has become the most widely used part of the Internet. It is a world wide collection of hypertext documents, Web pages, which contains links enabling users to navigate quickly to related documents. These documents are formatted in a markup language called HTML (HyperText Markup Language). There are several applications called Web browsers that make it easy to access the World Wide Web; Two of the most popular being Netscape Navigator and Microsoft's Internet Explorer. Question: Apart from Web Server, name 3 kinds of servers that can be found in the Internet? Mail Server, FTP Server, DNS Server, DHCP server, Proxy Server, etc Web Server and Web Browser Web Server is a computer that delivers (serves up) Web pages. Every Web server has an IP address and possibly a domain name. For example, if you enter the URL http://www.pcwebopedia.com/index.html in your browser, this sends a request to the server whose domain name is pcwebopedia.com. The server then fetches the page named index.html and sends it to your browser. Any computer can be turned into a Web server by installing server software and connecting the machine to the Internet. There are many Web server software applications, two leading Web servers are Apache, the most widely-installed Web server, and Microsoft's Internet Information Server (IIS). Web browser is a software application used to locate and display Web pages. The two most popular browsers are Netscape Navigator and Microsoft Internet Explorer(IE). Both of these are graphical browsers, which means that they can display graphics as well as text. In addition, most modern browsers can present multimedia information, including sound and video, though they require plug-ins(外掛程式) for some formats. 19 SOHO Networking and Internet Activites Class Activities: 1. Configure the IIS in your computer. 2. Post a Web page at the root 3. View your web page 4. View the Web pages of your classmates. NOTE: Different browsers will present a web page in a slightly different way. ISP(Internet Service Provider 互聯網服務供應商) Short for Internet Service Provider, a company that provides access to the Internet. ISP will provide the connection of the Internet and your computer at your home. There are basically two different type of connection, broadband or dial up. Type of Connection Broadband Connection ADSL Uses standard telephone lines in conjunction with an ADSL modem. The system is “asymmetric” because the data transfer rates are higher for information being downloaded (known as the downstream rate, varies from 1.5 to 9 Mbps) than for that being uploaded (known as the upstream rate, varies from 16 to 640 Kbps). The Netvigator broadband service is based on ADSL technology. Cable Modem Connects a computer to a cable TV network and is therefore limited to those with access to such a connection. It has a theoretical capacity of 30 Mbps, but it has to be shared among users at the same location. The data transfer rate typically averages about 1.5 Mbps. The I-Cable broadband service is based on cable modem technology. 20 SOHO Networking and Internet Activites Ethernet Ethernet uses a bus or star topology and supports data transfer rates of 10 Mbps. A newer version of Ethernet, called 100Base-T (or Fast Ethernet), supports data transfer rates of 100 Mbps. And the newest version, Gigabit Ethernet supports data rates of 1 gigabit (1,000 megabits) per second. Dial up(撥號上網) Connection To use dial up connection, a modem is the basic hardware requirement. A modem has to be installed in both the client computer (e.g. at your home) and the server (e.g. the server in the ISP). The usage of modem is for modulate digital signal into analog signal, and then send the signal through the telephone line, and then demodulate the analog signal to return the original digital signal. Through this process, data can be changed in these computers. Usually, the connection speed of dial up would be 56 Kbps (bit per second). Question: Determine the min. time to download a 2 M Byte file. Question: Nowadays, broadband connection is so common that seldom people would use modem, can you name some of usage of modem apart from dial-up connection to the Internet? It is used to receive fax and save it in a computer’s hard disk. Question: Apart from speed, what is the main disadvantage of using dial-up connection over broadband connection? You cannot use dial-up when you are using the telephone service. 21 SOHO Networking and Internet Activites Protocol(協約) Data from different kind of computers and computer networks can be transmitted in the Internet is because they are using the same protocol(協約). There are a lot of protocols available in the Internet. E.g. TCP/IP, HTTP, SMTP, FTP, UDP, telnet, etc. Above all, TCP/IP is the fundamental protocol used in the Internet. i.e. All other protocols are built on top of this protocol. TCP/IP TCP/IP(Transmission Control Protocol / Internet Protocol) is the basic communication protocol of the Internet. It may be used as a communications protocol in either an intranet or an Internet. To send a message/file from a computer A to computer B. TCP is responsible to breaks the data into packets(信息包). Then IP is responsible to routes the packets. Here is the procedure: 1. A message is divided into packets and numbered. 2. Each packet is addressed to the destination 3. The packets travel to the destination without using a defined path 4. If a path is congested with heavy traffic or inoperable, packets can be rerouted via other paths. 5. When the packets arrive at the destination, they are reassembled to form the original message. Question 1: Why we need to break up the files into packets before sending in the Internet? 22 SOHO Networking and Internet Activites A large file will inevitably block the traffic in a network, so, packet switching is used to allow many users make use of the network at the same time. Question 2: How to know that which packets are lost in the Internet? Each packet is assigned a packet number. The files is reassembled based on these packet number, so, if any packet is lost, the receiver will ask the sender to send the same packet once again. Question 3: If a web page contains a picture, a hyperlink, a table and a MIDI file. How many files has to be transmitted from the Web server to the client computer? 3 files, the webpage itself, a picture and the midi file. Question 4: Who is responsible to reassemble packets? Who is responsible to reconstruct the Web page? TCP is responsible to reassemble the packets into a file and the browser is responsible for the reconstruction of the web page. Question 5: When packets are sent to computer B, may be due to some routing problem, the packets may not be able to reach the destination, will it stay at the network/Internet forever? If not, how long will it stay? It will die out after passing through a number of nodes (typically router), different network will allow a specific number called TTL (Time-to-live), each time it passed through a nodes, its valued will be decreased by 1. HTTP (HyperText Markup Language) Apart from TCP/IP, there are many types of protocols, e.g. HTTP, FTP, SMTP, they are called application protocol where TCP/IP is commonly referred as communication protocols or Internet protocol suite. HTTP is used in WWW. It’s publicly assigned port number is 80. It is the protocol used to send the request from the web client (web browser) to the web server through the opened port, then, receive the files (or resources) from the web server. FTP (File Transfer Protocol) FTP is a commonly used protocol for exchanging files over any network that supports the TCP/IP protocol (such as the Internet or an intranet). There are two computers involved in an FTP transfer: a server and a client. The FTP server, running FTP server software, listens on the network for connection requests from other computers. The client computer, running FTP 23 SOHO Networking and Internet Activites client software, initiates a connection to the server. Once connected, the client can do a number of file manipulation operations such as uploading files to the server, download files from the server, rename or delete files on the server and so on. SMTP (Small Mail Transfer Protocol) SMTP is a relatively simple, text-based protocol, where one or more recipients of a message are specified (and in most cases verified to exist) and then the message text is transferred. Apart from HTTP, FTP or SMTP, there are lots of different protocols in the Internet, they include POP3, Telnet, Finger, BT, etc. IP Address, Domain Name, DNS (Domain Name Server) Every host (computer) that communicates over the Internet or intranet is assigned an IP address that uniquely identifies the device(i.e. the computer) and distinguishes it from other computers on the Internet. An IP address consists of 32 bits, often shown as 4 octets of numbers from 0-255 represented in decimal form instead of binary form. For example, decimal form 168.212.226.204 binary form 10101000.11010100.11100010.11001100. Question: Why decimal form is used? Answer: Question: Then, why binary form is used? Answer: An IP address consists of TWO parts, one identifying the network and one identifying the node, or host. (i.e. A network id and a host id). The Class of the address determines which part belongs to the network address and which part belongs to the node address. All nodes on a given network share the same network prefix but must have a unique host number. Class A Network -- binary address start with 0, therefore the decimal number can be anywhere from 1 to 126. The first 8 bits (the first octet) identify the network and the remaining 24 bits indicate the host within the network. Example: 24 SOHO Networking and Internet Activites 102.168.212.226 is a Class A IP address because it is in fact, 01100110. 10101000. 11010100. 11100010 Since the first bit is 0, it is a class A IP address. And any IP address starts from 1 to 126 belongs to Class A. e.g. 15.X.X.X 71.X.X.X 121.X.X.X 01111001.X.X.X Class B Network -- binary addresses start with 10, therefore the decimal number can be anywhere from 128 to 191. (The number 127 is reserved for loopback and is used for internal testing on the local machine.) The first 16 bits (the first two octets) identify the network and the remaining 16 bits indicate the host within the network. An example of a Class B IP address is 168.212.226.204 where "168.212" identifies the network and "226.204" identifies the host on that network. Class C Network -- binary addresses start with 110, therefore the decimal number can be anywhere from 192 to 223. The first 24 bits (the first three octets) identify the network and the remaining 8 bits indicate the host within the network. An example of a Class C IP address is 200.168.212.226 where "200.168.212" identifies the network and "226" identifies the host on that network. Class D Network -- binary addresses start with 1110, therefore the decimal number can be anywhere from 224 to 239. Class D networks are used to support multicasting. Question: How many unique IP address rhetorically exist? As you can see, a company can apply to have a Class A, Class B or Class C network depend on its size. For example, a big company may own a network with the structure 25.X.X.X, i.e. it can cater for approximately 256x256x256 IP address, i.e. provide 16,777,216 PCs with real IP on the Internet. However, there are at most 125 companies can own a class A network. And they are already occupied by some big enterprises like Microsoft, IBM, etc. So, most companies can only have class C network. For example, a company can have a network with IP ranging from 200.168.212.0 to 200.168.212.255. i.e. It can only cater at most 256 PC on the Internet. Then, if a company did have more than 256 PC connected to the Internet but it is only a class C network, how to solve the problem? The answer is virtual IP. Virtual IP and Real IP Take our school as an example, from our ISP we get altogether 6 IP addresses. It seems that we can only provide only 6 PC on the Internet. It is not true. The following figure is a simplified structure of our school: 25 SOHO Networking and Internet Activites Proxy Server PC 1 192.168.0.14 PC 2 (192.168.0.221) 192.168.0.23 192.168.0.87 (218.88.64.29) Router (Gateway) PC 3 192.168.0.46 Internet Virtual IP Virtual IP means the IP itself will not go into the Internet. It will only flow inside the LAN (Local Area Network). By this, we can solve the problem of not enough IP addresses. The common virtual IP are 10.X.X.X and 192.168.X.X, the first one is a class A network, and the latter one is class B network. Question: Do you think is it possible to have the IP address for PC 1 to be 10.0.0.5 and the IP address for PC 3 to be 192.168.0.22? Explain please. No, the prefix of the IP is the network ID, obviously, these two IP address have two different network ID. Question: If PC 1 and PC 2 connected to the Internet, what are the IP of them? 218.88.64.29 Another IP is 127.0.0.1 is a IP for self test which will not flow inside a LAN not to mention the Internet. Structure of IP address An IP address is composed of two parts, Host ID and Network ID. For example, the IP of a network ranges from 192.168.33.0 to 192.168.33.255, i.e. in binary, From 11000000.10101000.00100001.00000000 To 11000000.10101000.00100001.11111111 <- Network ID -> <- Host ID -> We, as humans, are able to extract the Network ID out of the IP address. However, how does a computer to know the network ID and the Host ID? It uses Subnet mask. So, to compare two IP, the first part (i.e. Network ID) is used to distinguish if they are in the same network. The second part (i.e. the host ID) is used to distinguish the computers in the same network. Example: For the following IP, which of them are in the same network? (i) 10.129.64.23 26 SOHO Networking and Internet Activites (ii) 192.168.0.23 (iii) 10.129.64.48 Answer: Subnet mask Now, we are able to see PC in the same LAN should have the same IP structure, for example, 10.0.0.5 will have a different IP structure. But, how does the computer know that? It uses subnet mask. For example, if the PC range from 10.0.1.0 to 10.0.1.255, then, the subnet mask would be 11111111. 11111111. 11111111.00000000 For example, if the PC range from 192.168.3.96 to 192.168.3.103, i.e. ranging from 11000000. 10101000. 00000011. 01100000 to 11000000. 10101000. 00000011. 01100111 The subnet mask would be 11111111.11111111.11111111.11111000 So, the network address would be 11000000. 10101000. 00000011. 01100000 Ref: http://www.webopedia.com/TERM/s/subnet_mask.html Example: For the following IP, which of them are in the same network? Given that the subnet mask is 255.255.255.224 (i) 10.129.64.84 (ii) 10.129.64.92 (iii) 10.129.64.97 The subnet mask in binary form would be: binary form of 84 is: 0101 0100 binary form of 92 is: 0101 1100 binary form of 97 is: 0110 0001 11111111. 11111111. 11111111.11100000 Static IP and Dynamic IP Therefore, we can see that IP addresses are valuable resources so that some ISP will usually allocate dynamic IP instead of static IP to its customer. [Static IP means that every time you get to the Internet through your ISP, your IP is the same as before.] Question: If your IP was 218.134.97.22 yesterday, and today it is 218.134.97.41, is it dynamic or static? If the IP of your friend David is 218.134.97.66, do both of you belong to the same ISP? 27 SOHO Networking and Internet Activites Hacking Since when you surf on the Internet, you will have your identity (The IP address) exposed. Sometimes, hackers will make use of some system flaws to attack you. For example, when a hacker want to connect to you, he or she needs to use a opened port. Port(端口) In TCP/IP and UDP networks, an endpoint to a logical connection. The port number identifies what type of port it is. For example, port 80 is used for HTTP traffic. Port Number Description 20 FTP -- Data 21 FTP -- Control 23 Telnet 25 Simple Mail Transfer Protocol (SMTP) 53 Domain Name System (DNS) 80 HTTP 110 POP3 194 Internet Relay Chat (IRC) 443 HTTPS 546 DHCP Client 547 DHCP Server Blocking and Filtering Sometime, some people will try to attack your system. They will first scan your computer if you opened ports. So, if you find that there is a guy from 203.94.81.19 always scan your computer, then, you can block any connection from the IP with that IP address. Apart from that, you can also block some ports to avoid hacking. Sometimes, we can filter some web pages under some web site. e.g. we can filter all files from yahoo.com. Question: If you are a student in a school, are we able to connect to download.yahoo.com if the yahoo.com is being filtered by the school? YES if we know the exact IP address of that domain. DNS (Domain Name Servers) 28 SOHO Networking and Internet Activites Domain name servers translate between domain names and IP address according to the domain name system. Question: Why DNS is required? Exercise: With reference to the following diagram, answer the following questions: In the computer, type "cmd" to go to the DOS command interface, then, type in the command "ipconfig /all", to check the following information: IP address: DNS: Subnet Mask: 29 SOHO Networking and Internet Activites 2001 – AS – CA #4 (a) When accessing the web site of the Hong Kong SAR Government, people can either type in the IP address "202.128.227.5" or the domain name address "www.info.gov.hk". Explain the relationship between the IP address and the domain name address. The DNS by which hosts on the Internet have both domain name addresses and IP addresses. The domain name address is used by human users and is automatically translated into the numerical IP address. (b) Give ONE advantage of using the domain name address and ONE advantage of using the IP address. Domain name – easy for human to remember IP address – language independent URL A URL (Uniform Resource Locator) refers to a particular Web page or a particular file residing on a Web site, for example, the following two URLs are basically TWO different Web pages residing at the Web site http://www.microsoft.com URL1: http://www.microsoft.com/downloads URL2: http://www.microsoft.com/directx A URL is the address of a Web page. It is composed of 3 parts. Protocol, Domain Name, Resources Example: Resolve the following URL. http://www.chinesebooks.com/term/domain_name.html Protocol: http Domain Name: www.chinesebooks.com Resources: Folder: term File: domain_name.html Example: Which of the following is / are valid URLs? i) http://www.cnn.com/page1.htm ii) http://www.cnn.com/page2.php iii) http://records.cnn.com/page3.asp iv) http://www.cnn.com/temp/page1.htm v) http://www.cnn.com/ vi) http://62.80.9.131/ vii) ftp://www.cnn.com/prof1/ viii) telnet://www.cnn.com ix) mms://www.cnn.com:1099 x) https://www.cnn.com/ 30 SOHO Networking and Internet Activites Domain: A domain name can be divided into several parts. For example, “www.cityu.edu.hk” can be divided into four parts, “www”, ”cityu”, “edu” and “hk”. From right to left, each part gives more and more specific information about the host. For example Specific Information the host is a web General Information www.cityu.edu.hk In Hong Kong server Second Level Domain Top level Domain As such, we say that the rightmost part contains codes to identify the top-level domain, that the one on its left contains codes to identify the second-level domain, and so on. There are two types of codes for top-level domains, generic and country codes. Common codes for top-level domain Type com Generic code edu Generic code gov Generic code net Generic code ca Country code cn Country code hk Country code jp Country code Exercise: Try to test a network has traffic congestion or not. 1. Use the "Ping" command. 2. In the DOS command, type in "ipconfig /all" and check the IP address for default gateway. 3. In the DOS command, type in "ping X.X.X.X", the IP of default gateway. 4. To see the connection is OK or not, if not, it will give a "timeout" message. 5. In the DOS command, type in "ping www.yahoo.com.hk", DNS will give you the IP address of www.yahoo.com.hk, then, try to type in the IP address in your browser. i.e. " http://202.1.233.33". Cookie A message given to a Web browser by a Web server. The browser stores the message in a text file(in a temporary file folder). The message is then sent back to the server each time the browser requests a page from the server. Purpose of cookie: To identify users and possibly prepare customized Web pages for them. Scenario: 31 SOHO Networking and Internet Activites When you enter a Web site using cookies, you may be asked to fill out a form providing such information as your name and interests. This information is packaged into a cookie and sent to your Web browser which stores it for later use. The next time you go to the same Web site, your browser will send the cookie to the Web server. The server can use this information to present you with custom Web pages. Data Encryption(數據加密) The translation of data into a secret code. Encryption is the most effective way to achieve data security. To read an encrypted file, you must have access to a secret key or password that enables you to decrypt it Securities SSL, https Short for Secure Sockets Layer. SSL works by using a private key to encrypt data that's transferred over the SSL connection. By convention, URLs that require an SSL connection start with https: instead of http:. Bandwidth consideration The amount of data that can be transmitted in a fixed amount of time. It is usually expressed in bps (bit per second). As mentioned in the type of connection, the upstream rate is different from downstream rate. Question: ISP upstream rate downstream rate John ISP A 5M bps 512K bps Mary ISP B 10M bps 10M bps (i) If a 3M Byte file is transferred from John to Mary, what is the min required time? (ii) If a 5 M Byte file is transferred from Mary to John, what is the min required time? File Size Consideration Since the bandwidth of the ISP or the network is a valuable resources, so, sometimes, we will compress the file before sending through the Internet. There are several compressed format, e.g. zip, rar, etc. There are several programs available in the market that compress and decompress files. They include: Winzip, PowerArchiver, etc. 32 SOHO Networking and Internet Activites Question 1: What are the advantages of using compressed files for people to download through the Internet? Question 2: Can a Zip file compressed from Winzip be decompressed by PowerArchiver? Why? Question 3: Why sometimes the zip files will contain the self-extractor and sometimes they will not? Question 4: One of your friend told you that sending a zip file through the Internet do not need to use the protocol TCP/IP because the file is compressed, do you agree? Appendix I: Question: What is the difference of WWW and Internet? Many people use the terms Internet(互聯網) and World Wide Web(萬維網) (a.k.a. the Web) interchangeably, but in fact the two terms are not synonymous. The Internet and the Web are two separate but related things. The Internet is a massive network of networks, a networking infrastructure. It connects millions of computers together globally, forming a network in which any computer can communicate with any other computer as long as they are both connected to the Internet. Information that travels over the Internet does so via a variety of languages known as protocols(協定). The World Wide Web, or simply Web, is a way of accessing information over the medium(媒介) of the Internet. It is an information-sharing model that is built on top of the Internet. The Web uses the HTTP protocol, only one of the languages spoken over the Internet, to transmit data. Web services, which use HTTP to allow applications to communicate in order to exchange business logic, use the the Web to share information. The Web also utilizes browsers, such as Internet Explorer or Netscape, to access Web documents called Web pages that are linked to each other via hyperlinks. Web documents also contain graphics, sounds, text and video. The Web is just one of the ways that information can be disseminated over the Internet. The 33 SOHO Networking and Internet Activites Internet, not the Web, is also used for e-mail, which relies on SMTP, Usenet news groups, instant messaging and FTP. So the Web is just a portion of the Internet, albeit a large portion, but the two terms are not synonymous and should not be confused. Appendix II: Question: How does a Web server work? For Example, when you want to visit Webopedia, you can type its URL -http://www.webopedia.com -- into your Web browser. Through an Internet connection, your browser initiates a connection to the Web server that is storing the Webopedia files by first converting the domain name into an IP address (through a domain name service) and then locating the server that is storing the information for that IP address. Internet Domain -webopedia.com Router www2(Web Server 2) Host 1 Host 2 www(Web Server 1) The Web server stores all of the files necessary to display Webopedia's pages on your computer -- typically all the individual pages that comprise the entirety of a Web site, e.g. any images/graphic files and any scripts that make dynamic elements of the site function. Once contact has been made, the browser requests the data (files) from the Web server, and using HTTP, the server delivers the data back to your browser. The browser in formats, or reconstruct the Web page according to the HTML code of the Web page and the related files like .jpg or .mov and display it in your monitor. In the same way, the server can send the files to many client computers at the same time, allowing multiple clients to view the same page simultaneously. 2002 – AS – CA #2 2. The figure below shows the interconnections between the Internet and the local area networks in ABC Company. The numbers allocated to the devices indicate the IP addresses. 34 SOHO Networking and Internet Activites (a) (i) Briefly explain what a ‘gateway’ is. A gateway is an interface that enables dissimilar networks to communicate with one another. (ii) How many local area networks are there in the figure? Explain briefly. 3 (hints from the IP addresses) (b) Assume the computer with the IP address ‘130.8.0.1’ in the figure is a web server and its domain name is registered as ‘ABC130.com’. A web site with a web page named ‘index.html’ is placed in the web server, where the web page can be accessed by the URL ‘http://www.ABC130.com/index.html’. (i) What is the top-level domain of this web site? com (or .com) (ii) Is it possible to access this web site with the URL ‘http://www.ABC130.com.hk’ from Hong Kong? Explain briefly. No, the URL is not registered for the company. (Or Yes, the company may register the URL separately.) (iii) Is it possible to access this web page with the URL ‘http://130.8.0.1/index.html’ through the Internet? Explain briefly. Yes. The IP address is what a domain name system will supply. It is an alternate way to specify the URL. (iv) What will be the protocol(s) needed for browsing the web page over the Internet? Hypertext Transfer Protocol (or HTTP) (‘Http’ or ‘http’ is not acceptable) 35 SOHO Networking and Internet Activites 2003 – AS – CA #5 John is the chairperson of a chess club in a university. He designs and builds a web site for the club. (a) A fixed IP address is assigned to him to establish a web server on the campus. However, John has not yet registered a domain name for the club and so he tells the interested parties to use the URL, `http://200.102.234.48/index.html', to access the web site. (i) Name the different components of the given URL. http:// HTTP protocol 200.102.234.48 IP address index.html first page / home page / file / default page / resource (ii) Is it possible to access the home page without specifying 'index.html' in the URL? Explain briefly. Yes, a default web page (預設網頁), index.html, is used / No, the page may not be set in the web server. (2 marks) (b) The web site provides the service of recruiting members. for members to log into the web site. John needs to establish identification codes (i) Can John use members' IP addresses assigned by their Internet Service Providers (ISP) for identification? Justify your answer. No, IP from ISP could be dynamic (change from time to time) An email address is a unique identification. (ii) John decides to use the email addresses of members for identification. Give one reason to support John's decision. Suggest one method for John to ensure that the email addresses provided by members are not fake. Peter can send an email to the email address with initial password for confirmation. (3 marks) (c) The web site also provides a service for registered members to play online chess games through the Internet. Is it necessary for John to keep track of the current IP addresses of the online players? Justify your answer. Yes, the current IP addresses for the players are required to maintain the communication dialog / keep track of records for security. (2 marks) Mock Questions: 2. David is a freelancer who specializes in multimedia designing, he is planning to setup a Small Office Home Office (SOHO) in his apartment. Generally, he will meet his customers on the Internet. To advertise his products, he hosted a web site with the domain name “www.davidhelp.com” and one computer is used as the web server. Apart from that, he has another computer to create the multimedia design. A computer C is used to act as the domain controller. Files will be shared in computer A, computer B and computer C. In this domain, virtual IPs will be used. 36 SOHO Networking and Internet Activites Internet Domain Controller Computer C Hardware D Computer A Computer B Web Server Multimedia design a) How many servers are there in this domain? What is the use of Computer C? (2 marks) There are 2 servers 1. Distribute IPs 2. Authorize Legal Access b) Describe all the necessary procedure David has to take to host a web server at his home. (3 marks) 1. Apply the domain 2. Apply an ISP 3. Get a fixed IP / Acknowledge the domain name to the ISP c) Describe all the procedures and requirements (both software and hardware) to get his computers connected to the Internet and how does he meet his clients on the Internet? (3 marks) 1. Apply an ISP 2. Install a OS that supports networking in the computers 3. Configure a router 4. Install a LAN card 5. Connect the computers to the router with UTP 6. Install a Web Cam and a microphone 7. Install a video conferencing software d) Compare the requirements of computer A and computer B in terms of CPU, RAM, Harddisk Storage, Display Card, Operating System and peripherals required. (3 marks) Computer A CPU Computer B Low demand in Speed and cache High demand in Speed High demand in Cache RAM Stable, not easy to functioning Hard disk Stable, not fail Large Storage Fast speed easy to functioning fail Large Storage Fast speed 37 SOHO Networking and Internet Activites Display Card No special requirement High demand High demand in Cache Operating Provide Web services No special requirement No special requirement Scanner System Peripherals IEEE1394 USB CF Reader e) David is told that to operate a web server, he has to install a DNS and a proxy server in the domain. Is that true? Why? What is the function of DNS? What is the function of a proxy server? (5 marks) It is not true. Because it is not a must to use proxy server to get to the Internet. Proxy server is used to hold temporarily some frequently visited web pages files and it can act like a firewall. Also, we did not need to install a DNS in our system. Although it is a must to use a DNS, however, it is not a must to install one by our own. It is because the ISP will provide a DNS, we did not need to install our DNS unless we have our own needs. f) David created a web page for the public to download his products. However, the shape of the table in the web page will change according to the window size. E.g. The web page is in a small window. The web is in full screen window. What is the problem and how to solve it? (2 marks) The width of table is set by percentage instead of pixels. All we need to do is to do the width of the table / cells in the unit of pixels. 38 SOHO Networking and Internet Activites g) Finally, David created some web pages which David thinks they look nice, so he put them in his web server. However, his clients found that the layout of his web pages are not that good, some of them may even have problems in opening the web pages. What are the potential problems? (2 marks) The browsers of the clients are different from David’s. Different browsers will present a web page in different way. The browsers does not support some of the Script / embedded materials. 3. Network Adapter or NIC is an important hardware on a network. a) State TWO components on a network where a NIC can be found. Workstation, server, some connecting devices, like switch, access point, router b) A NIC is known to be 10/100 Mbps. (i) What does Mbps stands for? (ii) What do the numbers indicate? (i) Mbps stands for mega bits of data transmitted per second, i.e. 106 bits per second. (ii) A 10 / 100 Mbps NIC means that the NIC can transmit data at speeds of 10 Mbps or 100 Mbps, depending on other devices and networking medium of the channel. c) All NICs carry a MAC address. (i) What is the purpose of this address? (ii) State the characteristics of this address. (i) MAC address is used to identify a network interface card on a network. (ii) It is unique universally; it cannot be modified. The following is the result shown on the screen when a network utility of a workstation is executed: d) Physical Address 00–02–3F–24–11–7D DHCP Enabled Yes Autoconfiguration Enabled Yes IP Address 192.168.1.33 Subnet Mask 255.255.255.0 Default Gateway 192.168.1.1 DHCP Server 192.168.1.1 DNS Server 202.130.97.65 What is the MAC address of the NIC? 00-02-3F-24-11-7D 39 SOHO Networking and Internet Activites e) How many bytes are used in the MAC address? Six byte f) Which of the above data can be modified by users through configuration? All of them except the Physical address g) A traditional NIC is known to convert between parallel and serial data transmissions. Describe in details the role of a NIC in this aspect. The buses on the motherboard, connecting the memory and CPU, are parallel; The cable that connect the computers on a network are serial; As a NIC is the interface between buses and cables, it converts between parallel and serial data transmissions. 4. In a university, there is a large network, we called it a LAN, under it, there are a lot of sub networks. David is an undergraduate in this university. He has a computer connected to the network in his dormitory. Through the connection plug, the computer can be connected to the Intranet of the university and the Internet. The university has its own mail server, and it offers David an email address called davidlee078@hknewu.net. Unlike some web based email account, it provides POP3 services to the clients. The university provides each undergraduate a unique account so that they can login the Intranet. Also, the university provides each account with 50M Bytes storage in the Intranet. a) Each computer (host) in any sub network would have a unique address, IP address. This address is consists of two parts. The first part is called network id, the second part is called host id. i) How many bits are there in an IP address? (1 marks) ii) The structure of a IP address in a sub network is as followed: …… <- Network ID -> <- Host ID -> So, as shown in the above diagram, 5 bits are used to represent a host id. What is the maximum number of hosts in a network? (Note that 00000 and 11111 are not legitimate host id.) What is the subnet mask of this network, represents it in decimal form? (4 marks) iii) David finds that today his IP address is 212.23.48.117 but yesterday, his IP address was 212.23.48.112. According to the structure in part (a)(ii), what are the range of IP addresses in this network? David knows that there are two kinds of IP addresses, real or virtual, is his IP address real or virtual? Also, is this IP address dynamic or static? (4 marks) b) In this network, it has a server that distributes IP addresses to each computer (host). In David’s room, if he 40 SOHO Networking and Internet Activites wants to connect to the Internet, he just needs to turn on the computer. (He needs not to enter any user id or password) But if he wants to get into the Intranet, a user id and a password are required. i) What is the difference between Intranet and Internet? (2 marks) ii) What is the disadvantage that no user id or password is required to get in to the Internet? (1 mark) iii) If the user id and the password of David is “davidlee078” and “123” respectively. Is the password good? Give reasons please. State some recommendations to the university policy so that password of the undergraduates will not be too simple. (2 mark) iv) Why do the university need to provide the students with 50M Bytes storage in the Intranet? (1 mark) v) If there are altogether 5,000 undergraduates, each with 50M Bytes storage. The files are stored in some file servers. The file servers run in raid mode, each file server can provide 80G storage. How many file servers are required? (1 mark) vi) David created a video and compressed it into another format with bit rate around 250 Kbps, the whole video is 18 minutes long. Do you think David will have sufficient space to store the video in his server account? (2 marks) c) In terms of services, what is the difference between the web based email account and the email account given by the university? (2 marks) Suggested Answer: 4. a) i) 32 bits ii) max number of host = 32 255.255.255.224 iii) 212.23.48.96 to 212.23.48.127 They are real and dynamic IPs b) (i) Internet – It has no geographical restraint. Intranet – require user id and password to log in the system to avoid illegal access (ii) Any people even they are not authorized can make use of the bandwidth of the university if they can reach to the connect plug. (iii) It is not good because it is too short and easy to guess. Recommendation: The password should be at least 6 characters long OR 41 SOHO Networking and Internet Activites The password has to be a combination of number and characters (iv) The students can store their files in anywhere in the university (v) The number of file server required = =5000*50/1024/80 = 3.06 At least 4 file servers are required. (vi) c) Space Required = 250/8/1024*60*18=32.96 Mbytes < 50Mbytes, so it is ok. Web based account can be reached anywhere in the globe. Email account given from the university and provide POP3 service, i.e. you can set your email service by the email program. E.g. New email can alert you if you are online. 42 SOHO Networking and Internet Activites Internet Activities and its technology How Internet influence us? Below shows the throughput(流量) of HKIX: Yearly based Daily based Weekly based Search Engine What is it? A program that searches documents for specified keywords and returns a list of the documents where the keywords were found. How does it work? Typically, a search engine works by sending out a spider to fetch as many documents as possible. Another program, called an indexer, then reads these documents and creates an index based on the words contained in each document. Reference: http://computer.howstuffworks.com/cookie.htm Web browsing / Web surfing Web browsing means you use navigate the Web and traverse hypertext links. To browse any Web pages, we need to have installed a Web Browser. 43 SOHO Networking and Internet Activites Basic browser supports "text formatting" and some multimedia like graphics. However, if you wants to play a movie (e.g. mpeg I, wmv, etc) you need to call the external viewer (e.g. Window Media Player or Real player). There are quite a number of common external viewer in the market, e.g. Real Player, Quicktime player, Acrobat Reader, Flash Player, Shockwave player, etc. These "Plug-in program" will invoke automatically when it is needed. e.g. When you are going to view a Web page that contain a flash file, then the flash player will be run for you, and if you have not installed the program, it will ask you to permit the installation. Question: Sometime if you have not installed a plug-in program, it will ask you for permission to install it, is it safe to allow the installation? Why? (It is very similar to 2005#7(c)) Note: Java VM (Java Virtual Machine) is one of the Plug-in program. Class work: Insert a Java Applet in a web page. Source: http://javaboutique.internet.com/ Exercise: You will learn how to assign a default player to play a mpeg movie. And how it looks like in the browser. Class work: Try to find out what settings can be changed in our web browser IE? Name 10 of them. Settings Description 44 SOHO Networking and Internet Activites Below shows some of the settings: Cookie History Default homepage Color scheme Refreshing web page(F5) Temporary Internet Files allowed storage 45 SOHO Networking and Internet Activites Trusted sites Restricted sites Privacy Level Pop-up blocker HTTP version 1.1 Java enable Printing option SSL 2.0 46 SOHO Networking and Internet Activites Web hosting and Web posting Web hosting A web host provides storage space in its web server so that your web pages are accessible on the Internet. It has a permanent connection to the Internet. Web hosting is the business of housing, serving and maintaining files for one or more web sites. In fact, you may also set up a web server at home provided you have broadband access. Web posting Web posting is to upload the necessary files to the web server so that web pages can be displayed. An FTP software is needed. The following information is needed to configure your FTP software: The address of the web host The remote directory Your login and password Question: What should be aware of when you set your password? 1. Long password is better, e.g. more than 8 characters 2. Combination of alphabet and alphanumeric, 3. Do not use birthday or telephone number or dictionary words 4. Change regularly Question: Can we choose to host the Web site at home? What are the advantages and disadvantages? Question: Can we successfully host a Web site but with no domain name? E-mail Dedicated e-mail software (e.g. Outlook Express) Web based e-mail account (e.g. Yahoo!, hotmail, etc.) IRC (Internet Relay Chat) ICQ Video Conferencing(視像會議) Netmeeting is a common video conferencing software provided by Microsoft. Broadcasting 47 SOHO Networking and Internet Activites Unicast Communication that takes place over a network between a single sender and a single receiver. multicast In networking, a distinction is made between broadcasting and multicasting. Broadcasting sends a message to everyone on the network whereas multicasting sends a message to a select list of recipients. Streaming Server Streaming is a technique for transferring data such that it can be processed as a steady and continuous stream. Streaming technologies are becoming increasingly important with the growth of the Internet because most users do not have fast enough access to download large multimedia files quickly. With streaming, the client browser or plug-in can start displaying the data before the entire file has been transmitted. For streaming to work, the client side receiving the data must be able to collect the data and send it as a steady stream to the application that is processing the data and converting it to sound or pictures. This means that if the streaming client receives the data more quickly than required, it needs to save the excess data in a buffer. If the data doesn't come quickly enough, however, the presentation of the data will not be smooth. There are a number of popular streaming format available in the market, they include asf, ra, etc. Codec The term codec is an acronym that stands for "compression/decompression." A codec is an algorithm, or specialized computer program, that reduces the number of bytes consumed by large files and programs. Codecs are used in many popular Internet products, including QuickTime, Netmeeting, Cu-Seeme, and VDOphone. Every streaming format will have different coding method, so it requires different codec to decode the file for the viewer / player to play. Video files especially new format will often require new codec to decode. If the player / viewer does not have the required codec, it will ask you to download the codec to view the file. E-commerce and e-learning B2B – Business to Business B2C – Business to Customer (e.g. amazon.com) Attacks in Internet Spam Electronic junk mail or junk newsgroup postings. Some people define spam even more 48 SOHO Networking and Internet Activites generally as any unsolicited e-mail. DoS Short for denial-of-service attack, a type of attack on a network that is designed to bring the network to its knees by flooding it with useless traffic. Many DoS attacks, such as the Ping of Death and Teardrop attacks, exploit limitations in the TCP/IP protocols. Trojan Horse A destructive program that masquerades as a benign application. Virus A program or piece of code that is loaded onto your computer without your knowledge and runs against your wishes. Viruses can also replicate themselves. All computer viruses are manmade. A simple virus that can make a copy of itself over and over again is relatively easy to produce. Worm A program or algorithm that replicates itself over a computer network and usually performs malicious actions, such as using up the computer's resources and possibly shutting the system down. Also see virus. Securities measures Patch, Virus Definition, Firewall, Packet filtering, content filtering, blocking, port 2000 – AS – CA #5 5. Suggest what Internet resources can help in the following cases: (a) Because of serious illness, a student is unable to attend lessons at school. Instead, he must have lessons at home. His teacher wants to arrange interactive lessons for him to take place simultaneously with the lessons for his classmates at school. (b) A student is working on a research project and would like to survey public opinion on the research topic. He does not want to conduct direct interviews with the public. (4 marks) a) by install a video camera in classroom and send the images through lnternet / video conference. b) by building up a newsgroup/ICQ/email/web page with survey form in Internet for this topics and invite public to give their ideas. 2005 – AS – CA #2 2. (a) John buys and installs anti-virus software on his computer. After using the software for a period of time, he finds that it is very effective. He recommends it to Mary and then she buys and installs the software on her computer. Later on, they open the same document file infected by the same virus in their own computers. John's computer is infected but Mary's computer is free from infection. Give two possible reasons. (2 marks) 49 SOHO Networking and Internet Activites John deactivates his anti-virus software. John has not regularly updated the database of the new definition of the virus from the manufacturer. The version of John's anti-virus program is older than that of Mary's. They use different operating systems. They use different software to open the document. (any 2) <When you are dealing questions like “why this computer is not functioning or why this program is not functioning, always think of the directions like OS cross platform problem, software version compatibility, language setting, plug-in setting, firewall setting, proxy server setting, browser setting, system updating etc. Here, e.g., we can set the firewall such that it can open some port for Inbound connection (i.e. let outsiders use your server’s services.) and block some ports for both inbound or outbound connection. A typical example is that, “if in case you install your web server, however, you forgot to open your HTTP port (i.e. port 80), then, others cannot browse your web site. (b) Give two identification methods that anti-virus software may use to detect computer viruses. (2 marks) Look for virus signature /definition which is a known specific pattern of virus codes. Check recording size/creation date of existing files and detect if viruses alter these attributes. MC Questions 1. Digital Divide means A. someone spend too much time on the Internet so that they become socially isolated. B. someone spend too little time on the Internet so that they will become illiterate to the digital world. C. someone lack enough resources so that they will not be enough to keep in touch with the digital environment and hence lacks the ability to find a living. D. someone or some companies control most of the Internet throughput that they can easily convey their idea by making use of the Internet. 2. Phishing means A. a kind of injuries caused by spending too much time on the Internet, B. a fake web site that disguise itself to be a faithful web site to get confidential information of the users. 3. C. a behavior that irresponsibly tries to announce some false statements to fool the publics. D. a kind of hacking techniques for the hackers to get attack the system security holes. Which of the following is generally not provided by web hosting service providers? A. Internet connection B. storage space for web pages 50 SOHO Networking and Internet Activites 4. C. a unique URL associated with a published web site D. free server-side program development services. To play a video online from a streaming server, Peter finds that the data transmission rate is 500Kbps, which of the following statements is / are not correct? (1) It is not possible for a 56Kbps modem to view this video. (2) In one second, there will be roughly 500x1024/8 Byte data downloaded. (3) The image size of another video with 250Kbps will be about half of this video. A. (1) and (2) only B. (1) and (3) only C. (2) and (3) only D. (1), (2) and (3) 2001 – AS – CA #6 Mr. Lee is a computer system manager. He is developing an on-line transaction system for a toy store which allows customers to buy and pay for purchases through the Internet. Briefly describe TWO computer crimes Mr. Lee might have to deal with and suggest ONE method of preventing each crime you have identified. (4 marks) Crimes Preventive measure Intercepting of data through the Internet encryption of data Unauthorized access of data restrict access of data Hacking of system use of firewall “injection of virus” is also acceptable. 2001 – AS – CA #8 Classify each of the following eight items into one of three categories: computer hardware, system software, or application software. Internet browser Router Internet search engine Operating system RAM Electronic spreadsheet Utility program Modem (4 marks) Hardware router: RAM, Modem System software: utility program, operating system Application: Internet browser, internet search engine, electronic spreadsheet 2000 – AS – CA #8 8. Billy is doing a project on "The impact of computers on education today." He wants to search for useful information from the web sites on the Internet. He enters the keywords "computer impact" in the search menu of a browser. The web sites with the exactly matched keywords are displayed on Billy's computer 51 SOHO Networking and Internet Activites screen. (a) Give TWO disadvantages of searching web sites by exact keyword matching. (b) The web sites that Billy found are different from those his classmates found even though they are using the same keywords to search. Give TWO possible reasons for this difference. (4 marks) a) Some useful web sites may not have the words exactly matched with the keywords there may be thousands of useless web sites were also found. b) Different time to search Different searching engines or database for searching Web Page design / Web Authoring What exactly a Web page? Web page is a Text file (Text ONLY, NO graphics, sound files etc), but why the Web page we always see contain so many different kinds of multimedia? We can see it with the following example: In a browser, it looks like... The Web page itself is exactly like this... <HTML> <HEAD> <TITLE> DEMO </TITLE> </HEAD> <BODY> <!-- this is the comment --> </BODY> </HTML> So, a Web page is only a text file with some standard markup language, the code(編碼) is called tag. The markup language it used is called HTML(HyperText Markup Language). This markup language supports hyperlink(超連結). Understanding how Web page (HTML) works? (Pay your attention to the files structures) Web Page in a browser HTML code <HTML> <head> </head> <body> </body> </HTML> 52 Files structure SOHO Networking and Internet Activites Hello! <HTML> <head> </head> <body>Hello! </body> </HTML> Hello! Good Morning! <HTML> <head> </head> <body>Hello! Good Morning! </body> </HTML> Hello! <HTML> Good Morning! <head> </head> <body>Hello! <BR> Good Morning! </body> </HTML> Hello! <HTML> <head> </head> <body>Hello! <BR> <img src=image1.jpg> </body> </HTML> <HTML> <head> </head> <body>Image 2 <img src=aaa\image2.jpg> Image 2 </body> </HTML> Markup Language There are a variety of markup languages, such as HTML, XML, etc. Since Markup languages work properly as long as a web browser can support them, they are independent of the operating systems of different computers. Therefore, markup languages are compatible with different machines. (i.e. it can overcome the cross-platform problem) 53 SOHO Networking and Internet Activites Basic Structure of Web pages(in HTML format) <html> <head> <title>Title goes here HTML document Head </title> </head> <body> Body Body goes here </body> </html> Basic Tags in HTML Tags Meaning Example <IMG> To put an image in the web page <IMG src="abc.gif" width=100> Attribute SRC Width Height <A> To put an anchor (hyperlink) <A href="abc.htm" target=_blank> Href Target <I> Italic <I>It is italic </I> / <Strong> Italic <Strong>It is italic </Strong> / <Table> To add a table <table border=0 width=500 height=50%> Width Height Border <Embed> To insert an object <Embed src="abc.mid"> src width height <Br> Line break Good <BR> Morning! <Head> To insert some information about <head> / / the web page itself, e.g. the title <meta http-equiv="Content-Type" <Body> of the web page or is it in content="text/html; charset=big5"> Chinese </head> To define the background image, <body bgcolor="Black"></body> bgcolor bgcolor, etc. <body bgcolor="#000000"> background </body> bgproperties 54 SOHO Networking and Internet Activites <Script> Insert some Script to the web <Script language=”JavaScript”> Language page, the script would be JavaScript or VBScript <Form> Send data from client (browser) <Form name="Form1" action="abc.asp" name to Web server through HTTP action method="Get"> method Class Exercise: 1. Host a web site at the student computer. 2. Setting right to the web site. 3. Put your default home page (index.htm) at the wwwroot and view the other home page. 4. Writing ASP program. Web Authoring Tools What is it? A software that enables the user to develop a Web site. The software will generate the required HTML coding for the layout of the Web pages based on what the user designs. These tools are WYSIWYG(What you see is what you get). Usually, it will have two view mode, Code view mode and design view mode. Example: Dreamweaver, FrontPage, etc Reference: Question: What are the advantages of using Web authoring tools? Why HTML should be learnt? Practical Requirement in the Web page design The above are only the theories of Web page design and HTML, now, you are required to create a web page on your own. If you know how to create Web pages, then you will have advantages, if not, that is OK as long as you are able to finish the following techniques. And the following techniques will be presented in the lessons and it is supposed to be useful in the TAS. Techniques: Description Frames According to pixel or percentage Text Formatting Colour, Size CSS Cascade Style Sheet Layer Table Set borde. Fixing the width of table. Column Span. Row Span 55 SOHO Networking and Internet Activites Inserting Multimedia multimedia like mp3, mpeg, wmv, asf, etc. Inserting Graphics gif, jpg, jpeg, Inserting Flash Creating Hyperlink Parent, Self, Blank Creating Form We need to use "form" to transmit data from client computer to the Web server by using Web pages, there are two method, "Get" and "Post" Inserting JavaScript Inserting Java Applet Setting Characters set Set it to Traditional Chinese Characters (Big-5) or Simplified Chinese Characters (GB) Static Web page and Dynamic Web pages Dynamic Web pages usually mean Web content that changes each time it is viewed. For example, the same URL could result in a different page depending on the time of day, the geographical position, etc. It is done by server side. Static Web pages mean the content of the Web page will not change. Note: Usually adding JavaScript is not a Dynamic Web page. Web page editing Since Web pages contain Text only (ASCII only), it can be edited by any text editor. Incorporating Multimedia Elements Web page work well with text, graphics, media files by using tags, e.g. <embed>, it is the browser (like IE, Netscape, etc) to reconstruct the Web page and display it on the monitor. Hyperlink and Anchor Hyperlink is a user friendly access mechanisms to get to the other web pages, anchor is a bookmark at the same web page. Web Page Design consideration Aspect ratio and Resolution Almost all computer screens have an aspect ratio of 4:3. So for the web page with resolution 800 600 (not 600 800), 1024 768 are suitable for most of the computer monitors. Note that, this doesn’t mean, however, that the web page can be 800 600 pixels. Rather, the page must fit within the viewer’s browser window. The browser’s borders and title bars take up space. Providing feedback and interaction Forms and Forums Mailto (e.g. <a href=”mailto:user_name@yahoo.com.hk”>Email Us</a> 56 SOHO Networking and Internet Activites 2004 – AS – CA #4 4. David is a secondary school student. His school provides a web page hosting service for students to upload their web pages. David has uploaded his web pages with the following structure: A segment of his homepage (index.html) with frames is shown below: (a) When David browses his homepage in the school, he finds that the photo cannot be displayed. What mistake may he have made? (1 mark) Since the image file is stored in ‘image/photo.jpg’, it is likely that the path of the image is not linked properly. (Or use wrong case in the letters.) (b) The school's web page hosting service stops right after David has successfully browsed his homepage in the school. What will happen if David clicks on the five hyperlinks of his homepage? Explain your answers. (5 marks) HKEAA: It is a successful visit to the remote link (the external link will Not involve the web hosting service (i.e. the web server) of the school.) It is NOT successful Because the pages are held by the school web hosting service / school server. 57 SOHO Networking and Internet Activites It is NOT successful Because the pages are held by the school web hosting service / school server. Home: it is successful because it has been loaded in the cache. (OR: The photo may not be displayed, as the cache size is limited.) Go Top: It is successful as the link is done locally (link to the same page) Catering for users of different needs Different browsers Different browsers will present a web page in a slightly different way. e.g. IE (Internet Explorer) and Navigator. B. Different access means People will browse web pages by different means, e.g. PC, Laptop, mobile phones, PDAs. C. USERS WITH SPECIAL NEEDS When you design your web site, you should also make sure that it caters for users with special needs, such as those suffering from different forms of disabilities, so that they can access to the information there. Here are some guidelines that help you achieve this. Special needs arising Ways to cater for the needs from visual problem • Use larger fonts. • Use colours of high contrast. • Ensure that all information conveyed with colour can also be conveyed in the absence of colour. ‧ Avoid causing content to blink, flicker, or be animated. ‧ Provide audio descriptions of major content of the web page displayed. motor problem ‧ Provide navigation means controlled by key strokes instead of using the mouse. ‧ Avoid scrolling. hearing problem ‧ Provide captions or transcripts of important audio content. having insufficient ‧ Provide text-based version of multimedia web pages. bandwidth / ‧ Display thumbnails instead of high resolution images. transmission ‧ Provide methods to skip audio or video / animation elements. capabilities 58 SOHO Networking and Internet Activites Exercise 2A: Which of the following statements is / are correct? True 1. HTML code is interpreted by client computer. 2. For a static web page, the code delivered to the client computer is the exact False copy stored in the web server. 3. Sometime, in order to perform a dynamic web page, the browser in the client computer has to install the appropriate plug-in. 4. Both Java and JavaScript are script languages. 5. The response of client-side dynamic web pages are faster. 6. VBScript is a server-side script language instead of a client-side script language 7. To validate input data before sending is one of the advantages of client-side computing. 8. When some simple calculation is required to perform in a web page (say adding two numbers), it is suitable for the client computer to perform such operation. 9. When some complicated calculation is required to perform in a web page, it is suitable for the web server to perform such operation. 10. JavaScript is usually referred as a client-side script. 11. When we are using a Windows system browser, we are able to view the web pages in a Linux server. 12. Dreamweaver is a web authoring tool to produce web pages. Exercise 2B: 1. For this HTML tag, <img src=”image/picture1.jpg” width=100 height=80>, what information you can get? (i) What is it? Picture (ii) What is the file name? picture1.jpg (iii) What is the file type? Jpeg (iv) Which folder is it in? image (v) Width? 100 2. What is HTML stands for? 3. What is the tag to set the background color to black? 4. Which of the following tags is green in color? <font color=”#22AA22”>What color is it?</font>, <font color=”#AA2222”>What color is it?</font> 59 SOHO Networking and Internet Activites 5. If the tags are in the form of (Open tag) This is the hyperlink (Close tag) , then, what is the HTML code to hyperlink the it to a web site http://www.abc.com. 6. How to show the symbol < in web page? 7. To upload files from client PC to web server through FTP, there would be two information to verify your identity to get access to the web space, what are they? 8. Do all web sites support FTP upload? Why? 9. Which of the following is not true for rollover button? 10. A. It is favorable to have transparent backgrounds B. There would be two image files for a rollover button C. Images file size would be one of the consideration D. There would have an event called onMouseOver E. All of the above Which of the following is not true for frames in web page? A. There would have one and only one frameset file. B. There would have a lot of different frame files. C. The simplest frame web page would have at least 2 web pages. D. It is better to name the frames. E. None of the above For the following URL http://www.anyorganisation.org.cn/image/index.htm , answer the questions 11 to 16. 11. What is the domain name? 12. What is top level domain? 13. Which area this organization is supposed to locate at? 60 SOHO Networking and Internet Activites 14. What is http stands for and what is the function of it? 15. In your browser, you enter the URL www.anyorganisation.org.cn/image/, will it make any difference? Why? 16. Now, if you want to host your web site as the name yourname.anyorganisation.org.cn, is that possible? 17. What is the common method to upload files from client PC to web server? 18. Why graphic file format like jpeg and gif are common in Internet but not the others? 19. Apart from HTML version, why some web sites provide text version? 20. Which of the following is not a valid URL? 21. A. http://www.abc.com B. ftp://www.abc.com C. http://lesson1.school.abc.com/ D. http://203.107.212.67/ E. None of the above Which of the following is a valid ip address in the Internet? A. 10.121.123.125 B. 192.168.23.54 C. 232.117.0.1 D. 189.283.187.77 E. None of the above 61 SOHO Networking and Internet Activites 2005 – AS – CA #1 1. David is going to write online game software. a) He wants to design a game that can be played through a browser. Give two kinds of browser settings that should be considered. (2 marks) Plug-ins (e.g. Java Applets VM, Active X, Flash player, Shockwave player) Security Script running language cookies Temporary files (any 2) -> Java Virtual Machine is a program that enables a computer to run Java Applets. Since usually Java Applet is downloaded together with the web pages and hence it has to solve the cross-platform issues, so, the Java Applet VM is in fact different for different OS. Flash player is a program that runs flash movie (.swf). There are different version flash player, e.g. player 5.0, 6.0 or 8.0. A flash 8.0 flash movie may not successfully played by a flash 5.0 player, i.e. we have to update the player to enjoy the latest features. Usually, updating is prompted through Internet and can be finished online. b) He wants to design this game with an additional function to cater for users with impaired vision. Give a suggestion for the function. (2 marks) A sensible option for David is to create some sort of "magnify glass" utility over the top of the software to simulate high power magnification to different areas of the screen. The game can provide different sound effects for specific events. (any other reasonable answer) ->It requires suitable imagination, commonly sense in using computer and some English vocabularies to answer this question. c) If he decides to post the software as shareware, will the public be allowed to freely copy the software? Explain your answer briefly. (1 mark) For many kinds of shareware, the public allows to freely copy the software according to the terms and agreement. It depends on the terms and agreement stated in the software. -> Basically, a shareware will only offer a right to use to the user, it will not offer the right to copy (i.e. copyright) to the user. d) Finally, he decides to post the software as 'Open Source' software. Give two main characteristics of 'Open Source' software. (2 marks) 62 SOHO Networking and Internet Activites The software is free and the source codes are released to the public. ASCA 2003#10 7. Steven is an IT coordinator in a school. He considers using the following two methods to filter improper contents on the World Wide Web (WWW). Method A: Block access to a list of domains and IP addresses. Method B: Allow access only to a list of domains and IP addresses. Suppose the lists of domains and IP addresses for the two methods are set as follows: Method A Method B yousex.com education.com mypornography.com gospel.com tooviolence.com news.com 202.40.218.20 202.40.218.23 a) According to the setting of Method A, will the following URLs be blocked? Justify your answers. (i) ‘http://gallery.mypornography.com/~john/index.htm’ (ii) ‘http://www2.tooviolence.com’ (iii) ‘http://www.yousex.com.jp’ (3 marks) The following diagram shows the flow of the filtering of Steven’s design: block START: Method A Method B allow allow Pass Filtering block Do Not Pass Filtering b) (i) According to Steven’s design, will the web site with URL ‘http://education.yousex.com’ be blocked? Justify your answer. (ii) Steven discovers that the domain ‘tooviolence.com’, which contains improper contents, can still pass through the filtering. Give one possible reason. (4 marks) In order to protect students from browsing improper contents, Steven considers using a web filtering service in the school. The Internet Service Provider (ISP) of the school provides three proposals for free filtering service: Proposal 1: Installing the filtering software on each computer in the school 63 SOHO Networking and Internet Activites Proposal 2: Installing the filtering software on the school proxy server Proposal 3: Installing the filtering software on the ISP’s proxy server c) Give one advantages of each of the proposals over the others. (6 marks) d) (i) Steven discovers that the computers in the school are always infected with computer virus. Suggest two different ways through which computers may be infected. (ii) Steven considers setting up a firewall to prevent computers in the school from virus infection. Is this method effective? Justify your answer. (4 marks) HKCE 2003#10 Suggested Answer: a) b) (i) Yes, it is under the domain ‘mypornography.com’ (ii) Yes, it is under the domain ‘tooviolence.com’ (iii) No, it is not in the list of domain (i) Yes, it can be blocked. It is not under the domain ‘education.com’. (ii) c) Its IP address is under the list in Method B. e.g. 202.40.218.20 or 202.40.218.23 Proposal 1: It can set individual needs Proposal 2: It can centralize the filtering policy Proposal 3: It can cut the workload of the school (server / manpower) d) (i) Backing storage such as floppy disk Email Files downloaded from the Internet Computers are hacked by someone (any two) (ii) No, firewall is mainly used to prevent computer from hacking /outside attack only. Extra exercise: 1. What are the following terms stand for? Briefly describe what they are. (i) HTTP (v) ISP (ii) FTP (vi) TCP/IP (iii) DNS (vii) NIC 64 SOHO Networking and Internet Activites (iv) HTML (viii) URL Suggested Answer: 1 (i) HTTP – HyperText Transfer Protocolis, it is a set of rules for transferring files (text, graphic images, sound, video, and other multimedia files) on the World Wide Web. (ii) FTP – File Transfer Protocol. It is a protocol for file transfer (upload and download) in a network. (iii) DNS – Domain Name Server, it is an Internet service that translates domain names into IP addresses. (iv) HTML – Hypertext Markup Language, it is the authoring language used to create documents on the World Wide Web. (v) ISP – Internet Service Provider, it is a company that provides access to the Internet. (vi) TCP/IP – Transmission Control Protocol/Internet Protocol, it is the suite of communications protocols used to connect hosts on the Internet. (vii) NIC – Network Interface Card, it is a network card for the computer to get access to the network or the Internet. (viii) URL – Uniform Resource Locator, it is the global address of documents and other resources on the World Wide Web. 65 SOHO Networking and Internet Activites 2. 3. Why markup language is used? (1) It uses ASCII coding system. (2) It overcomes the cross-platform problem. (3) It can be regarded as a kind of high level program. A. (1), (2) only B. (1), (3) only C. (2), (3) only D. (1), (2) and (3) Which of the following is not a type of markup language? A. HTML B. CLASS C. XML D. SGML 2001 – AS – CA #3 3. Classify each of the following eight items into one of four categories: Internet resources, protocol, operating system, or others: HTTP TCP/IP ISP BBS HTML UNIX URL WWW (4 marks) Internet resources: BBS, WWW Protocol: HTTP, TCP/IP OS: UNIX Others: HTML, ISP, URL -> Common application protocol includes FTP, SMTP, HTTP, HTTPS, TELNET, POP3 Common data transmission protocol includes TCP, IP, UDP Common OS includes UNIX, Linux, Mac, Windows Common browser includes I.E., Netscape, Firefox Common Web server includes IIS, Apache Common server side programming language includes ASP, PHP, ASPX, CGI Common server in the Internet includes DNS, DHCP, Proxy, Mail, etc. Company provides Internet technology includes HKDNR – Domain name registration, it register all the domain with top level domain “.hk” Cisco – network equipment, like, router, switch, etc. Oracle – database management system HKIX – information exchange center in HKCU. Netvigator, i-cable -> ISP Web hosting company 66 SOHO Networking and Internet Activites 2000 – AS – CA #5 5. Suggest what Internet resources can help in the following cases: (a) Because of serious illness, a student is unable to attend lessons at school. Instead, he must have lessons at home. His teacher wants to arrange interactive lessons for him to take place simultaneously with the lessons for his classmates at school. (b) A student is working on a research project and would like to survey public opinion on the research topic. He does not want to conduct direct interviews with the public. (4 marks) a) by install a video camera in classroom and send the images through lnternet / video conference. b) by building up a newsgroup/ICQ/email/web page with survey form in Internet for this topics and invite public to give their ideas. -> This questions asked the knowledge of common technology. Technology has advanced much in these several years, nowadays, it is mostly related to e-business or mobile devices. E.g. nowadays, there are more and more PDA support GPS (Global Positioning System), i.e. it can direct you to the destination any time any where by making use of satellite. Also, since many people are using PDA (or mobile phones which have PDA functions), we need to take the design of web page into consideration, for example, usually, web page are designed for the resolution 800x600, however, nowadays, we should design a specific page for this users with say, 320x240 resolution. Also, we need to take the communication of these devices with computer into consideration when choosing these kind of appliances, usually, it should support blue tooth(for headset, file transfer) or WiFi(Internet, GPS). Since it is mobile device, battery is always a consideration. Last but not the least, storage media is another consideration, of course, external memory would be flash memory, usually, SD card, Mini-SD. Apart from that, more and more people will perform e-commerce on the Internet. Asymmetric key infrastructure (Public key and Private key encryption) has been widely used in e-banking(in this case, public key is used to do encryption and private key is used to do decryption), and digital signature(in this case, public key is used to do encryption and private key is used to decryption). Usually, VPN (Virtual Private Network) will use symmetric key infrastructure of which both are using the same set of private keys. Nowadays, Weblog is very popular, many people like to share their ideas with others by making use of the Internet, we called this phenomenon “Web 2.0”, i.e. every users can be a editors and contribute to the community. BT is another P2P (Point to Point file sharing technology), a group of people can download a very large file in a short period of time. 2000 – AS – CA #7 7. (a) A warehouse manager would like to computerize the inventory control system in his company. He 67 SOHO Networking and Internet Activites can either purchase a ready-made application package or invite a consulting firm to develop an application. Give ONE advantage of each option. (b) The company has two warehouses. The manager would like to connect the computers installed in the two warehouses via a telephone line. Draw a diagram to show the necessary components and links. a) (4 marks) Ready-made: less expensive, less time-consuming, less bugs Custom-made: match the company’s requirement exactly b) computer modem computer modem ->Advantage of ready-made software (Packaged software): Less cost for training. More updated versions available. Basic operation of modem would be: Convert digital signal to analog signal and vice versa. The basic connection between a SOHO and an ISP is as shown below: LAN Web server Switch Router Content Filter Firewall ISP You need to note the order and its proper position. 2000 – AS – CA #8 8. Billy is doing a project on "The impact of computers on education today." He wants to search for useful information from the web sites on the Internet. He enters the keywords "computer impact" in the search menu of a browser. The web sites with the exactly matched keywords are displayed on Billy's computer screen. (a) Give TWO disadvantages of searching web sites by exact keyword matching. (b) The web sites that Billy found are different from those his classmates found even though they are using the same keywords to search. Give TWO possible reasons for this difference. (4 marks) a) Some useful web sites may not have the words exactly matched with the keywords there may be thousands of useless web sites were also found. b) Different time to search Different searching engines or database for searching ->There are some preferences that can be set to facilitate the searching of web sites. E.g. we can limit to 68 SOHO Networking and Internet Activites some web sites with certain country codes (e.g. hk, cn, tw, etc). Or, we can exclude some file type like wav, etc. In fact, different search engines will use different policies to rank its findings, and hence its findings wil be different. 2001 – AS – CA #4 4. (a) When accessing the web site of the Hong Kong SAR Government, people can either type in the IP address "202.128.227.5" or the domain name address "www.info.gov.hk". Explain the relationship between the IP address and the domain name address. The DNS by which hosts on the Internet have both domain name addresses and IP addresses. The domain name address is used by human users and is automatically translated into the numerical IP address. (b) Give ONE advantage of using the domain name address and ONE advantage of using the IP address. Domain name – easy for human to remember IP address – language independent 2002 – AS – CA #2 2. The figure below shows the interconnections between the Internet and the local area networks in ABC Company. The numbers allocated to the devices indicate the IP addresses. (a) (i) Briefly explain what a ‘gateway’ is. A gateway is an interface that enables dissimilar networks to communicate with one another. (ii) How many local area networks are there in the figure? Explain briefly. 3 (hints from the IP addresses) (b) Assume the computer with the IP address ‘130.8.0.1’ in the figure is a web server and its domain name is registered as ‘ABC130.com’. A web site with a web page named ‘index.html’ is placed in 69 SOHO Networking and Internet Activites the web server, where the web page can be accessed by the URL ‘http://www.ABC130.com/index.html’. (ii) What is the top-level domain of this web site? com (or .com) (ii) Is it possible to access this web site with the URL ‘http://www.ABC130.com.hk’ from Hong Kong? Explain briefly. No, the URL is not registered for the company. (Or Yes, the company may register the URL separately.) (iii) Is it possible to access this web page with the URL ‘http://130.8.0.1/index.html’ through the Internet? Explain briefly. Yes. The IP address is what a domain name system will supply. It is an alternate way to specify the URL. (iv) What will be the protocol(s) needed for browsing the web page over the Internet? Hypertext Transfer Protocol (or HTTP) (‘Http’ or ‘http’ is not acceptable) 2003 – AS – CA #5 5. John is the chairperson of a chess club in a university. He designs and builds a web site for the club. (a) A fixed IP address is assigned to him to establish a web server on the campus. However, John has not yet registered a domain name for the club and so he tells the interested parties to use the URL, `http://200.102.234.48/index.html', to access the web site. (i) Name the different components of the given URL. http:// HTTP protocol 200.102.234.48 IP address index.html first page / home page / file / default page / resource (ii) Is it possible to access the home page without specifying 'index.html' in the URL? Explain briefly. Yes, a default web page (預設網頁), index.html, is used / No, the page may not be set in the web server. In fact, a web server can set any web page as the default home page, but most likely, it would be index.htm or index.html or index.asp or index.php or index.aspx, etc. You should also note that you can set a number of files as the default home page with different priorities. Apart from that you can also set the read / write / index options for different folders, remember, when you open a forum, you have to grant the write authorities to the users so that they can write the data (post message) to the database of the forum. You can also set the virtual directories which maps with another computer. Rather open port 80 for HTTP connection, you can also reassign another port number to the web server. Because there are so many different settings in the web server, so, even a simple HTTP requests, e.g. http://www.abc.com/demo/ may give a number of different effects on the client’s browser. (2 marks) 70 SOHO Networking and Internet Activites (b) The web site provides the service of recruiting members. for members to log into the web site. John needs to establish identification codes (i) Can John use members' IP addresses assigned by their Internet Service Providers (ISP) for identification? Justify your answer. No, IP from ISP could be dynamic (change from time to time) An email address is a unique identification. (ii) John decides to use the email addresses of members for identification. Give one reason to support John's decision. Suggest one method for John to ensure that the email addresses provided by members are not fake. Peter can send an email to the email address with initial password for confirmation. (3 marks) (c) The web site also provides a service for registered members to play online chess games through the Internet. Is it necessary for John to keep track of the current IP addresses of the online players? Justify your answer. Yes, the current IP addresses for the players are required to maintain the communication dialog / keep track of records for security. (2 marks) 2006 – AS – CA #3 3. Web-based software is developed in a secondary school to support teaching and learning. A teacher, Mrs. Lee, gives online multiple-choice tests using this software. a) Is the web-based software application software or system software? Explain briefly. Application Software. It is designed for a specific task. b) Mrs. Lee organizes a multiple-choice test on the software for her students to take in a computer room. Suggest three software packages, which could perform functions A, B and C, as shown below. A B Allow student to answer Internet multiple-choice questions directly on web. A: c) BROWSER B: Web server C Host Keep multiple-choice multiple-choice tests and maintain questions in an web pages. item bank. C: Database(DBMS) Mrs. Lee also organizes a discussion forum on the software. What is the main advantage of this approach? It enhances the communications between teachers and students. (Other reasonable answer, such as ‘discussion’) 71 SOHO Networking and Internet Activites 2005 – AS – CA #5 5. David creates a web page with frames and animation. a) (i) David can successfully browse the animation in the web page on one computer but cannot browse it on another one. The web pages is only displayed as shown above. Give a possible reason for this. No suitable plug-ins for the animation is installed in the browser in the computer. (ii) Give one unsatisfactory aspect of the design of the above web page presentation, other than the animation. The content cannot be completely displayed on screen. David has to adjust the scroll bar to view the wording (HKEAA b) All rights reserved) at the bottom. When clicking the hyperlink ‘Contact Us’, an email program on the computer is launched and an email with David’s email address is created and ready to send. (i) Describe a kind of common web page design which can replace the above messaging method. The web page can include a form for writing messages with server-side scripts to transmit the messages to the server. (direct personal contact) (ii) Do you think that ‘Discussion Forum’ should replace ‘Contact Us’? Explain briefly. Yes, a discussion forum is more convenient for users to see responses of messages they have left. OR No, email is a better channel for private communication. 72 SOHO Networking and Internet Activites 2007 – AS – CA #2 2. Sam and May work in an office. Its network diagram is shown below: a) What is Device A? Justify your answer. (2 marks) router It connects the intranet at the office with the Internet. <- You should note that there are 3 different networks here, 10.0.1.0 and 10.0.2.0 and the Internet, you need to know that network is according to its IP address structure. b) The network administrator allows May to access to Web browser B, but does not allow Sam to do so. Briefly describe how the administrator can configure Device A to achieve this. (2 marks) The administrator configures the router to block Sam’s IP address (MAC) to access the network. / The administrator reconfigures the router to establish the router to establish two sub-networks and block Sam’s IP address to access the sub-network of the Web Server B. <- c) Explain, in terms of IP configuration, how web server B can be publicly accessed through the Internet. (2 marks) 10.X.X.X is a private network and the private IP address should be translated into a public IP address to access from outside (Port forwarding / NAT). 73 SOHO Networking and Internet Activites 2007 – AS – CA #3 3. a) Paul uses an e-mail client program to pen an overseas e-mail sent by Mary and finds that it contains a lot of unknown characters, as shown below: He changes a setting in the e-mail client program so that the content of the e-mail can display normally. Which setting has he changed? (1 mark) Language b) Paul uses the e-mail client program that supports POP3 e-mail service. (i) Give two configurations that must be set before enabling receiving e-mail. Username and password, POP3 server (ii) Name another kind of common e-mail service, other than POP3 e-mail service. SMTP In the syllabus, it states “Students should understand the differences between a mail client and web mail, and the protocols (POP, IMAP, SMTP, etc.) used in sending and retrieving emails.” 2008 – AS – CA #2 2. A school library network with a router, a switch and a wireless access point (AP) is built for students to connect to the Internet, as shown below: a) Components in the network are connected to either the switch or the AP. (i) Why should the web server and workstation be connected to the switch? This is a stable / fast connection (Increase effective bandwidth) (iI) Why should the visitors’ notebook computers be connected to the AP? 74 (2 marks) SOHO Networking and Internet Activites No connection port is needed. / Increase the mobility of computer (advantage of wireless connection) b) (i) Other than notebook computer, give a kind of mobile device that can be connected to the AP to access the Internet. PDA / Mobile phone / Tablet PC / UMPC/ ULCPC / MID <- Basically, it is unusual for someone to answer something like UMPC, ULCPC or MID, I cannot find ULCPC and MID in webopedia.com, so, the best answer is PDA or PDA phone or Tablet PC. Tablet PC is not popular anyway, but, a tablet PC is characterized by its touch screen technology, i.e. not keyboard or mouse required. (ii) When using a mobile device to access the Internet through the AP, two sets of information are needed, for network authentication and authorization respectively. What are the two sets of information? (3 marks) username and password/ MAC address (NIC) / SSID Encryption method (e.g. WPA, WPA2, WEP) <- Below shows a common AP setting interface: There are several points that we have to pay attention to, they include: 1. Why private IP is used? 2. What is SSID? 3. Why broadcast of SSID is not allowed? 4. What is WEP key setting? 5. Why to set obtain an IP automatically? 75 SOHO Networking and Internet Activites c) Some students cannot use the Internet service due to the configuration/limitation of the AP. Suggest two different types of issues that may lead to this connection problem. (2 marks) The coverage of the access point / exceed the maximum number of users/ Users are blocked / The compatibility of the network standard (802.11 / protocol / encryption method) 2008 – AS – CA #3 3. A router is used to connect two subnets in a café which provides Internet access. The network information is listed below: Subnet A: From 223.1.1.0 to 223.1.1.24 Subnet B: From 223.1.2.0 to 223.1.2.24 Router IP: 223.1.1.1 and 223.1.2.1 a) The following dialog box shows part of the network setting of a workstation in Subnet A. Fill in the information in the space provided. (3 marks) -> The suggested answer for this questions is: IP address: (any IP address between 223.1.1.2 and 223.1.1.24) Subnet Mask: 255.255.255.0 / 255.255.255.224 (other reasonable answers) Default Gateway: 223.1.1.1 But this question is badly designed. The range of a subnet should be according to its subnet mask. So, if the subnet mask is 255.255.255.0, then, the range of that subnet should range from 223.1.1.0 to 223.1.1.255, which is not aligned with the requirement of the question. So, next time, HKEAA may modify the question as: “Now, Peter is a account clerk in a company, his IP is 223.1.2.82, suppose 76 SOHO Networking and Internet Activites the subnet mask is 255.255.255.248, then what is the possible range of IP addresses in his network?” The answer would be first, identify the network address, it would be 223.1.2.80, so, it’s range is from 223.1.2.80 to 223.1.2.87. b) Give one reason why two subnets are used in the café. (2 marks) -> As mentioned before, whenever we come across questions like why or give reason on something, then, we should always have directions like 1. Safety 2. Speed / access mode 3. Compatibility 4. Reliability 5. Cost like manpower 6. Way of management like centralized or not Here, the answer gives “customers and staff in the two subnets for security purpose./ better traffic control.” So, obviously, if you follow the directions listed above, you can think of the answers yourself. 77 SOHO Networking and Internet Activites Keywords: Access Point Navigate Address book Network ID Anchor Network Client Software Aspect Ratio Network Server Software Bandwidth Optical fiber Blocking Packets Bps Peer-to-Peer Network Broadcasting Plug-in Browser port Buffer Protocol Client / Server Real IP Coaxial cable Resolution Codec RJ-45 Cookie routers Data Encryption Satellite Dial up Search Engine Domain SPAM DoS Denial of Service SSL DNS Domain Name Server Static IP Download Streaming Downstream Subnet Mask Dynamic IP Switches Ethernet Network TCP/IP Fiber Optic Trojan Horse FTP File Transfer Protocol Upload Filtering Upstream Forward a mail URL Gateway UTP Hack Video Conferencing Host Virtual IP Host ID Virus HTML WAN HTTP Web Authoring hubs Web Browser Hyperlink Web server ISP Local Area Network Web Surfing LAN Internet Service Provider Wireless LAN 78 Untwisted Pair Wide Area Network SOHO Networking and Internet Activites Appendix - Client Side programming and CSS JavaScript To create interactive operation in web pages, usually, we will use Scripting language. In the market, there are two main scripting languages in web page design, they are JavaScript and VBScript. JavaScript is the first to be promoted and is up to now the most popular scripting language in the market. Scripting language(小程式), it is usually referred as a kind of programming language which will has a relatively limited use. There are two methods to include JavaScript in a web page, they are: (i) Embed the script (ii) Link to an external script file As illustrated in the following figure, some of the script (programs) is embedded in the web page. (i) Also, an external script file (hp_first_20051101.js) is linked (ii) (i) (ii) Now, here comes a question: What is the advantage and disadvantage of using (i) over (ii)? 79 SOHO Networking and Internet Activites Advantage: Files needs not to be downloaded by two times, first HTML file and second the js file. Disadvantage: Several HTML can use one js file, i.e. reusable. If modification needed, it is easier if the script is in one js file instead of scattering all over several hundred HTML files. As you can see, there is a js file in the URL http://hk.yimg.com/i/home/js/hp_first_20051101.js so, when it is entered in the address of the browser, it will download the js file as shown in below: After opening the JS file in a web authoring tool (Dreamweaver), it shows As you can see, the scripting language is in plain text and hence is compatible in all platform. Also, it is not in 80 SOHO Networking and Internet Activites binary code, so, it only requires the browser (as the interpreter) to execute the program, these programs, we called “client-side programs”. CSS As you can see, a css file can be linked in a web page as shown below: 81 SOHO Networking and Internet Activites SOHO Networking Basics Author’s remarks A substantial amount of materials in this set of handout is adapted from Wikipedia and Guide to Networking Essentials (2nd edition) published by Course Technology. This set of materials is co-developed by Chung, C.F. Jeffrey and Alvin C. M. Kwan. What is Computer Networking? Computer networking involves connecting computer systems for the purpose of sharing information and resources. It requires a great deal of technology and there is a number of decisions to be made regarding the choices for physical connection as well as related communication software. What Does Computer Networking Offer? Some advantages of computer networking are as follows: It permits users to share information, e.g., through file sharing, as well as computer hardware, e.g., network printers. Tasks of distributed nature can be processed by networked computer systems by exchanging data and intermediate results among themselves. For example, Fedex tracks the courier items during their delivery. It helps improve human communication by reducing physical document flow and transposition error, e.g., through e-mail. Communication Overheads In addition to the extra software and hardware, data communications involve a number of overhead costs too. Such overheads exhibit in form of extra control information and processing time that are required to make the data communication feasible and reliable. Some overheads are listed below: Each computer/terminal/node in a network must be assigned with a unique address so that messages can be directed to the right destinations. This implies that every message has to be tagged with a destination node’s address which is stored in the header of a packet. Instead of transmitting entire message through the network in one shot, a message is divided into small pieces, often referred to as packets, before it is directed to the network so that a transmission error will only require the retransmission of the problematic packet instead of the entire message. Typically a sequence number is included in each packet header for the reconstruction of the original message. To ensure an error-free communication, messages are usually tagged with control information (e.g., checksum) for error detection and probably error recovery too. To avoid negotiating with the source host for a retransmission of a packet that encounters a transmission error, control information that support error recovery instead of error detection only is often included in the trailer of a packet. To reduce communication cost, messages are often compressed before transmission. Compressed messages are decompressed at the receiving end. For applications like e-commerce, data security is needed and thus messages are encrypted before transmission and decrypted at the other end. 82 SOHO Networking and Internet Activites For large computer networks, communication nodes may be linked together in more than one way (e.g., via different paths on the Internet). Thus, a decision must be made to choose which communication path (or route) to use. In practice, the decision is typically made by a kind of data communication equipment called router. The above points indicate the necessity of including additional control information to the message before transmission. Those control information may either be stored in the header or trailer of the data packet. For example, node address is typically stored in the header whereas checksum is typically stored in the trailer. Teaching remark One way to introduce the topic communication overheads is to use the analogy of posting a letter. The purpose of sending a letter is of course to bring a message across to the recipient. However we need to write the message down on a piece of paper (encoding), enclosing the letter with an envelope (like control information in data communication) with an address written on (recipient address to locate the address). The letter is to be carried forward to the recipient by a postman from the post office (which is an external party). A similar analogy is on moving to a new home. In this case, the idea of packing and unpacking belongings into boxes before and after the moving would be useful to illustrate the idea of fragmenting and reconstruction of the message before and after the transmission respectively. Protection film or foam rubber that wraps up stuff in the moving example is analogous to the inclusion of control information (in form of header or trailer) to help achieve a secured data transmission in a networked environment. Layered Nature of Network Communications (out of syllabus) Communicating computers need to comply with a set of communication protocols and standards or computer networking will not succeed. Thus some standard reference framework for computer networking is required. Nevertheless, as indicated in the last section, data communication among computers is a huge and complicated task and involves a number of subtasks. Teaching remarks A protocol is a convention that enables the connection, communication, and data transfer between two computing endpoints. A protocol can be defined as the rules governing the syntax, semantics, and synchronization of communication. Protocols can be found in daily life too. Handshaking is an example. Extending our right hands outwards (at the syntactic level) is how the handshaking protocol begins. The gesture is a sign for friendly greeting (at the semantic level). It is expected that the other party will extend their hands to grip on our hands as a consequence (at the synchronization level). A standard reference framework based on a monolithic architecture is not only difficult to be understood, it also entails a lot of practical concerns. In particular, small and even medium size companies will never be able to get into the market because they do not have enough capitals to tackle the diverse ranges of research 83 SOHO Networking and Internet Activites and development issues involved in computer networking. In order to avoid those problems, the Open Systems Interconnection Reference Model (OSI Model or OSI Reference Model for short) was proposed. It is a layered abstract description for communications and computer network protocol design, developed as part of the Open Systems Interconnect (OSI) initiative. The OSI seven layers model are depicted in Figure 1. Figure 1. The layered OSI model for computer networking. (Extracted from Wikipedia) The three lower layers define how data are transmitted along the networking media (e.g., cables) and equipment (e.g., switches and routers) whereas the upper four layers describe how data are received from the network and go through the host computer. The layered model offers the following advantages. It provides a reference framework for network designers and programmers to follow. Developing networking technology in a specific layer does not need to know the services to be provided by non-adjacent layers. This simplifies development efforts. It allows specialization as (even small and medium size) companies can focus their development effort in selected networking layer(s). The OSI Model Analogy (out of syllabus) Wikipedia gives a good analogy to explain the key ideas of the OSI Model (see Figure 2). 84 SOHO Networking and Internet Activites Figure 2. Letter communication analogy. Extracted from Wikipedia) The analogy is about the delivery of letter for the manager of a company to the manager of another company. Figure 2 is self-explanatory but there are a few points worth mentioning. From the managers’ viewpoint, they communicate through the letter. They don’t know and don’t care how the letter was delivered as long as the delivery is done. They only know that the letter is sent out for (or delivered to) them by their assistants. Similarly, the assistants do not know how the letter would be delivered but they know the secretaries will arrange the letter delivery for them. In general, the secretaries only care about the services that are available from their immediate subordinates (i.e., the secretaries) and the services that they need to provide to their bosses (i.e., the managers). This reflects precisely how layers in the OSI Model function. Only adjacent layers will talk to one another. In the analogy, every party (from the managers to the deliverymen) plays a part in the letter delivery process. This is also the same in the OSI Model. Each layer plays a part in ensuring a secured data transmission across the networking media. In the analogy, some parties may add extra things around the original message. For example, the letter is put into an envelope before mailing. This is the same in the OSI Model. Extra control data (usually stored as a part of the message header or trailer) are often introduced by the layers at the sender side 85 SOHO Networking and Internet Activites and removed by the corresponding layers at the receiver side. When considering data content, peer layers of communicating computers may be considered as communicating with one another using a “virtual” channel because the data content in the corresponding peer layers of the communicating computers are essentially the same. Figure 3. “Virtual” communication between peer layers of communicating computers. An Overview of the OSI Model (out of syllabus) Although the OSI Model gives a reference framework regarding what services that each of the seven layers are supposed to offer, the practitioners find it difficult to implement standards for the higher level layers (application, presentation, session and even part of the transport layers) to support ranges of application programs because the services provided by those layers could be rather different for various application programs. Compared to the lower level layers (physical, data link, network layers) which are associated with a popular set of standards, the degree of standardization in the higher level layers lags behind. Application Layer (out of syllabus) The application layer provides interfaces to permit applications to request and receive network services with the use of application programming interfaces (APIs). It handles general network access, flow control and error recovery at the application level such as dialogue design and incorrect data input handling. For example, if a user would like to use a file transfer program to download a file, the typical dialogue would be as follows: 1. invoke the file transfer program; 2. specify the remote machine to be connected to; 3. log in the remote machine using valid login details; 4. go to the folder or directory where the desired file resides; 5. select whether the file is to be transmitted in text mode or in binary mode; 86 SOHO Networking and Internet Activites 6. issue a command to download the file; 7. sign off from the remote machine; and 8. end the file transfer program. It is clear that each application program needs to have a dialogue design to fit its own need. With the APIs provided by the application layer, an application program can define the dialogues that it requires for different purposes. As to data input validation, the local machine can sometimes determine whether a data input is correct without communicating with the remote machine. For example, if the remote machine has not been logged on to, commands 4 and 6 (and probably 7 too) should not be accepted. Presentation Layer (out of syllabus) The presentation layer handles data format information for networked communications so that it can be understood by systems across the network, e.g., all integers are expressed in a 32-bit format. It manages protocol conversion, data compression and decompression, data encryption and decryption, character set issues, and graphics commands. An example of a presentation service would be the conversion of ASCII-coded text to Unicode-coded text. In brief, the presentation layer needs to ensure the data that it passes to the application layer is ready for the application to use and the data that it passes to the session layer are suitable for network transmission (e.g., compressed for reducing data traffic and encrypted for data security). Session Layer (out of syllabus) The session layer sets up, maintains, and ends ongoing sequences of communications (sessions) between end-user application processes across networks. It describes whether message is to be sent half-duplex or full-duplex and provides synchronization services between tasks on both ends of a connection, e.g., if a client requests for a web page from a web server, the web browser at the client side will wait until the requested page is received (or a timeout is detected). Transport Layer (out of syllabus) The transport layer provides transparent transfer of data between end users, thus relieving the upper layers from any concern with providing reliable and cost-effective data transfer. The transport layer controls the reliability of a given link. On the sender side, it fragments large protocol data units (PDUs) from the session layer into segments. The layer implements sufficient integrity controls (e.g., sequence number and checksum) and manages delivery mechanisms to allow for their error-free reassembly on the receiving end of a network transmission. For example, backup copies of data (i.e., PDU) are kept so that any data transmission problem encountered at lower layers that requires a PDU retransmission can be handled by the transport layer without bothering the upper layers. Transport layer provides the last chance for error recovery regarding any data error due to networking problem. The PDUs reconstructed from segments are assumed to be correct. Thus all integrity control information will be stripped off before those PDUs are passed to the upper layers. The layer is also responsible for creating several logical connections over the same physical network connection by 87 SOHO Networking and Internet Activites multiplexing. For example, in the Transport Control Protocol (TCP), each software element with the transport layer is given a transport address, usually is a combination of the network layer address and a 16-bit numeric value called port number (e.g., FTP uses port number 21 whereas HTTP uses port number 80). With the use of the TCP address that comprises of an IP address and a port number, data exchanged between multiple applications that run on the same pair of networked computers will not be mixed up. The best known example of the transport layer protocol is the Transport Control Protocol (TCP). Network Layer (out of syllabus) The network layer provides the functional and procedural means of transferring variable length data sequences called packets from a source to a destination via one or more networks while maintaining the quality of service requested by the transport layer. The layer breaks segment into packets and handles addressing messages for delivery. It translates logical network addresses (e.g., IP address) and names into their physical counterparts (e.g., network card’s medium access control or MAC address, or physical address) and vice versa. It decides how to route transmissions from sender to receiver, based on network conditions, quality of service (QoS) information, cost of alternative routes, and delivery priorities. It also performs flow control, segmentation/desegmentation, and error control functions. Routers operate at this layer. The layer permits packets from one kind of medium to traverse another kind of medium. Copy of segments (from the transport layer) may be stored temporarily for error recovery purpose). The best known example of the network layer protocol is the Internet Protocol (IP). Data Link Layer (out of syllabus) The data link layer manages access to the networking medium and ensures error-free delivery of data frames (derived from packets) from sender to receiver. Copy of each packet is temporarily kept for error recovery purpose. The layer provides the functional and procedural means to transfer data frames between network entities and to detect and possibly correct errors that may occur in the physical layer. The addressing scheme is physical which means that the addresses (medium access address or MAC) are hard-coded into the network cards at the time of manufacture. This is the layer at which bridges and switches operate. Connectivity is provided only among locally attached network nodes. Some functions of the data link layer may be implemented in a network interface card. Physical Layer (out of syllabus) The physical layer defines all the electrical and physical specifications for the communication devices. This includes the layout of pins, voltages, and cable specifications. Cables, hubs and repeaters are physical-layer devices. NIC also work at the physical layer. The major functions and services performed by the physical layer are: establishment and termination of a connection to a communications medium. participation in the process whereby the communication resources are effectively shared among multiple users. For example, contention resolution and flow control. 88 SOHO Networking and Internet Activites modulation, or conversion between the representation of digital data in user equipment and the corresponding signals transmitted over a communications channel. These are signals operating over the physical cabling -- copper and fibre optic, for example - or over a radio link. Teaching remark (out of syllabus) Don’t mix up physical layer and physical media. A physical layer specifies details of physical connections in a network but it does not include any physical media. Data Encapsulation and De-encapsulation When a host computer transmits data across a network to another device, the data are encapsulated with protocol information at each layer of the OSI model. Figure 4 shows how different protocol information (or control data) in form of headers and trailers are added or removed in different layers of the OSI model between the communicating computers. In general, relevant protocol information is inserted as a fragmented message is moved to the next lower layer and such information will be removed by the destination host as the bit stream at the physical layer moves up to the upper layers. Figure 4. Addition and removal of control data in different layers of the OSI Model between two communicating computers. Teaching remark A lecture-based presentation on how the OSI model works with English narration can be found here. Similar presentations on several other networking topics can be found at http://www.learntcpip.com/. Note that the presentations may not be suitable to be shown to students as they cover additional networking concepts and facts that are irrelevant to the ASCA and ALCS curricula. Teachers are advised to scrutinize the presentations before using them in their teaching. Data Transmission Across Packet Switched Network (Discussion on “circuit switching” is out of syllabus) In a large network or a network of networks, there is often more than one path or data link that a packet can traverse from a source host to a destination host. The OSI model does not define how packets are transmitted across a network. Instead it specifies decisions that a protocol needs to make when considering the issue. For example, must all packets of a message be following the same data link? The dominant 89 SOHO Networking and Internet Activites communications paradigm, packet switching, allows packets to be individually routed over different data links (see Figure 5). This contrasts with another paradigm, circuit switching, which sets up a dedicated data link between the source and destination nodes for their exclusive use for the duration of the communication. Figure 5. Data transmission across a packet switched network There are several deficiencies in a circuit switched network. 1. The overhead of setting up a dedicated link before any application data is transferred can be costly especially when the amount of data to be transferred is small. 2. When any network node in the dedicated data link malfunctions, a new end-to-end connection is needed to be established before any remaining data can be transmitted. 3. Any spare data transmission capability (which is more commonly known as bandwidth) that is not taken up by a data transfer in a circuit switched network will be wasted, e.g., when the source host is unable to transmit data to the network at a speed that reaches the network bandwidth. Although it may appear that packet switching is far better than circuit switching, such an understanding is not always correct because of the following reasons. 1. A routing decision is to be made for the transmission of each packet but a routing decision is made once only in a circuit switched network. 2. In packet switched networks, such as the Internet, each data packet is labeled with the complete destination address and routed individually. However circuit switched networks, such as the voice telephone network, allow large amounts of data be sent without continually repeating the complete destination address as a dedicated data link is used exclusively. 90 SOHO Networking and Internet Activites In general, packet switching can optimize the use of the network bandwidth (as it can be shared by multiple data transfers between multiple source and destination hosts) and increase robustness of communication (as data transfer can be conducted on different data links and any failure on a network node will have minimal impact to a packet switched network). However circuit switching is not of no value. It aims to achieve minimal data delay and thus a better quality of services (which is often defined by a maximal tolerable data delay). Such a property is critical to computer applications that require a smooth data transfer between the source and destination hosts, e.g., audio and video data. Applications of Small Office/Home Office (SOHO) Networking A SOHO network is a small office/home office local area network. A local area network (LAN) is a collection of computers and other networked devices that fit within the scope of a single physical network. LAN covers a small local area, like a home, office, or small group of buildings such as a university. Communication media are owned by the LAN owner. This contrasts to wide area network or WAN which is a computer network covering a wide geographical area, involving a vast array of computers, e.g. the Internet. SOHO networks generally are confined to a single room. Such networks generally connect communicating devices to a router, small switch, or hub through physical cables (in a wired network) or wirelessly (in a wireless network). Conceptually the networking technology and basic network components involved in SOHO networking are not much different from large networks. The major differences are in the scale and complexity. Generally SOHO networks are used to share information and hardware like files and printers as well as to share an Internet access connection. A SOHO network may also have a server, e.g., a web server, which needs to be accessed. SOHO networking facilitates a new way of work arrangement called telecommuting, telework or working from home (WFH). Employees enjoy flexibility in working location and hours (within limits). The motto is that “work is something you do, not something you travel to”. A successful telecommuting programme requires a management style which is based on results, i.e., “managing by objective”, and not on close scrutiny of individual employees, i.e., “managing by observation”. Wikipedia has the following description about the potential benefits of telecommuting. Telecommuting is seen as a solution to traffic congestion (due to single-car commuting) and the resulting urban air pollution and petroleum use. Initial investments in the network infrastructure and hardware are balanced by an increased productivity and overall greater well-being of telecommuting staff (more quality family time, less travel-related stress), which makes the arrangement attractive to companies, especially those who face large office overhead and other costs related to the need for a big central office (such as the need for extensive parking facilities). 91 SOHO Networking and Internet Activites The above excerpt indicates that the impact of networking technology is far beyond the technology arena. In fact, many large companies in the United States (of America) have successfully taken advantage of the networking technology to save their operational costs. One example is that many USA companies establish their telephone support services in India. When their clients make a phone enquiry to them, the calls are actually connected to their staff in India with the use of Internet phone technology. The labour cost in India is perhaps less than one-tenth of the America counterpart. A Computer Network Scenario To help explain concepts about SOHO networking, the following scenario is created (see Figure 6). Note that the computer network being described is a LAN instead of a SOHO network. The LAN is composed of three smaller LANs and a web server which are separated by a firewall (which will be introduced later). The network adopts the TCP/IP protocol and thus each of the network devices is allocated with an IP address. Note that some IP addresses are reserved for special purposes. For instance, some IP addresses are used for message broadcasting and some others support message multicasting to predefined groups of network devices. Figure 6. A computer network scenario. 92 SOHO Networking and Internet Activites The given network scenario describes the computer network of a small trading company. It has a sales department and an inventory section. The company is managed by a manager who has a personal assistant. All the parties mentioned above need to use computers to support their duties in the company. Considering the confidentiality issue, computers of the manager and his assistant are connected to a peer-to-peer subnetwork (which will be detailed later) which is separated from the other two subnetworks of the company network – one for the inventory section and another for the sales department. The subnetwork for the inventory section is a wireless network composed of wireless access points (which will be introduced later) and a combination of desktop and handheld computers. Some access points are installed in the warehouse to enable the inventory clerks to update the inventory database online during inventory checks. The last subnetwork is owned by the sales department. It is a client-server subnetwork (which will be detailed later). In order to save cost, a printer server is set up to allow users to share the network printer. Besides, instead of allocating one computer to each staff member in the department, a pool of computers is kept. To access a computer, a user needs to log in. All user files are kept in the file server instead of the local machines so that the sales staff does not need to remember on which computer systems that they have stored their file in the past. For promotion purpose, the company has set up its company website. All computers in the company are Internet enabled. Peer-to-Peer Network vs. Client-Server Network Server Computer A server computer or simply a server is a computer that provides a (remote) service to other computer(s) by some kind of network. As shown in Subnet A in Figure 6, the services can lead to sharing of information (e.g. file sharing), hardware (e.g., printer sharing) or other types of resource sharing (e.g., IP address sharing through the use of a DHCP server which will be elaborated later). Web services provided by a web server is another example on resource sharing (see top of Figure 6). Client Computer A client computer or simply a client is a computer that accesses a (remote) service on another computer by some kind of network. In Subnet A (in Figure 6), four computers can access the services of the DHCP, file and printer servers within the subnet and the services of its own web server (outside the subnet). Peer-to-Peer Network In a peer-to-peer network, any computer can function as either a client or a server, e.g. one computer shares its DVD-recorder while another shares its printer for one another. No one computer has any higher priority to access, or heightened responsibility to provide, shared resources on the network. The user access privilege for each computer resource in a peer-to-peer network is maintained separately. The advantages of peer-to-peer networking are: Easy to install and configure Needs no dedicated administrator Not dependent on a dedicated server (and thus no single point of failure) 93 SOHO Networking and Internet Activites Individual users control their own shared resources Needs no additional equipment or software beyond a suitable operating system, e.g., MS Windows XP Inexpensive to purchase and operate Works best for simple networks with a few users The disadvantages of peer-to-peer networking are: Network security applies only to a single resource at a time Users may be forced to use as many passwords as there are shared resources (unless some “centralized” coordination effort Each machine must be backed up individually to protect all shared data Access of a shared resource causes a reduced performance of the machine where the resource resides suffers No centralized organizational scheme to locate or control access to data Does not work well as the number of users grows or for complex networks Client-Server Network In a client-server network, user computers act as clients of dedicated server machines that handle network requests from their clients. As a server needs to respond to the requests of a number of clients, it usually requires a more powerful machine. The advantages of client-server networking are: Simplified network administration due to the use of centralized user accounts, security, and access controls More powerful equipment enables clients to have more efficient access to network resources Appropriate for networks with five or more users or any networks where resources are used heavily The disadvantages of client-server networking are: Server failure can result in a network unusable, or at least in loss of network resources Complex, special-purpose server software requires allocation of expert staff, which increases expenses Dedicated hardware and specialized software add to the cost Basic Network Components A number of network components are used in the computer network scenario given in Figure 6. They are client computers, server computers (e.g., web server, file server and printer server), dial-up and cable modems, hubs, switches, routers including the Internet Service Provider (ISP) (broadband) routers, gateways, and wireless access points. Other network components that are not explicitly shown in the diagram include network interface cards (NIC) and networking media, etc. There are also some network components which are omitted in the diagram such as repeaters and bridges. All those components will be introduced below. Networking Media 94 SOHO Networking and Internet Activites A networking medium, which may be tangible (e.g., cables in a wired network) and intangible (e.g., radio signal in a wireless network), is a medium across which network data can travel in the form of a physical signal, whether it is a type of electrical transmission or some sequence of light pulses. Examples of tangible media are coaxial cable, twisted pair cable, and fiber-optic cables. Examples of intangible media are infrared, microwave and radio wave. Details about networking media will be given later. Figure 7. A network cable. Network Interface Card A network interface card (NIC)or network adaptor establishes and manages the network connection of a network device. It translates parallel digital computer data into serial signals appropriate for transmission along the network medium and serial signals into parallel digital computer data for incoming network data. Figure 8. A network interface card. Teaching remark To test an NIC, issue a ping command to the loopback IP address 127.0.0.1 in a command window. Virtually any data written to a network that starts with the number 127 will be written to the output buffer of the NIC and then read in form the input buffer of the same NIC. If the NIC works properly, a screen output similar to the one below will be displayed. 95 SOHO Networking and Internet Activites Dial-up Modem Telephone lines are not suitable for carrying digital signal as it was designed for carrying voice which is analog in nature. A dial-up modem (a short form of modulator-demodulator) modulates digital signal from a source host to analog signal before it gets into the telephone network and analog signal is demodulated back to digital signal for the destination host at the other end. A dialup modem can be either internal (like a PCI card) or external (see Figure 9). Due to the slow data rate (i.e., bandwidth) of the telephone network, it is almost obsolete nowadays. Figure 9. A dial-up modem. A specific type of modem is called the Asymmetric Digital Subscriber Line (ADSL or DSL) modem. For most Internet users, the download data rate is far more important than the upload rate as most of their data traffics are of the download type. ADSL modems enable faster data transmission over copper telephone lines by supporting faster data flow in one direction than the other, i.e., asymmetrically. The basic design rationale is that there is likely to be more crosstalk (i.e., undesirable electrical interference) from other circuits at the digital subscriber line access multiplexer end (where the wires from many local loops are close together) than at the customer premises. Thus the upload signal is weakest at the noisiest part of the local loop, while the download signal is strongest at the noisiest part of the local loop. This explains why the download data rate is configured to be higher than the upload data rate. Cable Modem 96 SOHO Networking and Internet Activites A cable modem (see Figure 10) is a special type of modem that is designed to modulate a data signal over cable television infrastructure by taking advantage of unused bandwidth on a cable television network (e.g. i-CABLE of CableTV). It is primarily used to deliver broadband Internet access. Cable modems usually deliver speeds comparable to that of ADSL modems though the latter generally have better upload speeds. Users in a neighborhood share the available bandwidth provided by a single coaxial cable line. Therefore, connection speed can vary depending on how many people are using the service at the same time. Since cable networks tend to be spread over larger areas than ADSL services, more care should be taken to ensure good network performance. Figure 10. A cable modem. Hub A hub is a device for connecting multiple network devices together (see Figure 11), making them act as a single segment and providing bandwidth which is shared among all the connected devices. A hub typically provides four or more ports (through which data are sent and received) into which a plug or cable connects. Figure 11. A hub. Nowadays most hubs are active in the sense that they serve as a repeater too. A repeater is an electronic device that receives a weak or low-level signal, then amplifies, reshapes, retimes, or performs a combination of any of these functions on the received signal and finally retransmits it at a higher level or higher power, so that the signal can cover longer distances without degradation. Data signals are weakened or degraded as they traveled along the media due to energy loss. For example, data signals in form of electrical pulse lose energy, usually in form of heat, as they pass along a conductive wire. Such a phenomenon is known as signal attenuation. An attenuated signal may be too weak to be discerned and that is why repeaters are sometimes introduced in a computer networks. Teaching remark Hubs, repeaters and network cables work at the physical layer of OSI Model. 97 SOHO Networking and Internet Activites Switch A switch (see Figure 12) offers the link management that a hub can provide, with greater bandwidth and intelligence. Unlike hubs which are designed to connect network devices in a particular way (i.e., network topology), a switch can be “programmed” to support a variety of networking topologies. Figure 12. A switch. A switch can also be configured to organize groups of devices into virtual LANs to route transmission among one or more groups of selected attached devices. Data received by a hub is broadcast to all connected devices including any non-destination nodes through the hub’s port and it is up to those devices to decide whether they need to act on the received data. Switches are intelligent enough to identify and use only the port(s) to which the destination devices are connected. Thus, unlike a hub, a switch allows multiple data transmissions across a switch at the same time as long as the data transmissions do not involve the use of the same ports. This means that a switch can potentially support a larger bandwidth than a hub. Nowadays, switches are often used to replace network hubs and some people may refer a switch to as an intelligent hub. Teaching remark Switches work at the physical layer of OSI Model. Bridge (out of syllabus) A network bridge or bridge connects multiple segments of a local area network together. Unlike repeaters which work at the physical layer, bridges work along the data link layer of the OSI Model. The key advantage of bridges over repeaters is that bridges can filter traffic to ease congestion of network traffic. A bridge keeps a list of MAC addresses and the network segment of each address. When the bridge receives a data packet, it compares the packet’s source and destination addresses to its bridge table. If the two addresses are found to be on the same network segment, the bridge discards the data packet as there is no need to forward it to another network segment. Otherwise, the bridge sends the packet to all segments except the one that received the packet. As a bridge table will be examined for each data transfer, the speed of bridges is slower than that of repeaters. Router A router (see Figure 13) forwards data packet across different networks, if necessary, through a process known as routing until it reaches its destination. 98 SOHO Networking and Internet Activites Figure 13. A router. Teaching remark Routing work at the network layer of OSI Model. Wikipedia gives a brief description of routers (including Figure 14) as follows: In non-technical terms, a router acts as a junction between two networks to transfer data packets among them. A router is essentially different from a switch that connects devices to form a Local Area Network (LAN). One easy illustration for the different functions of routers and switches is to think of switches as neighborhood streets, and the router as the intersections with the street signs. Each house on the street has an address within a range on the block. In the same way, a switch connects various devices each with their own IP address(es) on a LAN. However, the switch knows nothing about IP addresses except its own management address. Routers connect networks together the way that onramps or major intersections connect streets to both highways and freeways, etc. The street signs at the intersection (routing table) show which way the packets need to flow. Figure 14. Routers are like intersections whereas switches are like streets. In the above diagram, the disc symbols represent routers whereas the rectangles represent switches. Other network devices are shown by their IP addresses only. As a router connects two networks together and thus it uses two IP addresses, one in each network. A router that connects clients to the Internet, usually provided by an Internet Service Provider (ISP), is called an edge router or ISP router. Wireless Access Point A wireless access point (WAP or AP) is a device that connects wireless communication devices together to 99 SOHO Networking and Internet Activites form a wireless network (see Figure 15). The WAP usually connects to a wired network, and can relay data between wireless devices and wired devices. Figure 15. A wireless access point. In SOHO networking, a wireless broadband router is often used instead of a WAP as most wireless broadband router is really three devices in one box. First, there is a WAP. Second, it serves as a hub to connect to several networking devices. Finally, the router function ties it all together and lets the whole network share a high-speed cable or DSL Internet connection. Gateway Gateways, also called protocol converters (see Figure 16), can operate at any layer of the OSI model. Typically, a gateway converts one protocol stack into another. It is much more complex than that of a router or switch. A gateway is commonly positioned at the common intersection between a LAN and a WAN (which is typically the Internet in a SOHO network). There the gateway commonly performs address translation (NAT), presenting all of the LAN traffic to the WAN as coming from the gateway’s WAN IP address and doing packet sorting and distribution of return WAN traffic to the local network. Figure 16. A gateway. Firewall A firewall aims at preventing any communications forbidden by the security policy. It can be implemented in a piece of hardware (see Figure 17) and/or software. It has the basic task of controlling traffic between different zones of trust. Typical zones of trust include the Internet (a zone with no trust) and an internal network (a zone with high trust). The goal is to provide controlled connectivity between zones of different trust levels through the enforcement of a security policy and connectivity model based on the least privilege principle (see Figure 18). Proper configuration of firewalls requires considerable understanding of network protocols and of computer security. Small mistakes can render a firewall worthless as a security tool. 100 SOHO Networking and Internet Activites Figure 17. Figure 18. A (hardware) firewall. Controlling traffic between different zones of trust with firewalls. The DMZ indicated in Figure 18 stands for a demilitarized zone. It is a network area (a subnet) that sits between an organization’s internal network and an external network such as the Internet. Connections from the internal and the external network to the DMZ are permitted, whereas connections from the DMZ are only permitted to the external network – hosts in the DMZ may not connect to the internal network. This allows the DMZ’s hosts to provide services to the external network while protecting the internal network in case intruders compromise a host in the DMZ. For someone on the external network who wants to illegally connect to the internal network, the DMZ is a dead end. The DMZ is typically used for connecting servers that need to be accessible from the outside world, such as e-mail, web and domain name servers. Internet Access Methods A network can access the Internet through a dedicated leased line or a usual phone line of the public telephone network (using a dial-up modem), or the cable TV network (using cable modem) or other ISP broadband networks (using ADSL modem, for instance). Broadband connections to the Internet through cable or ADSL modems support both wired and wireless networks. Table 1 gives the characteristics of various Internet access methods in terms of the equipment required, cost, data transfer rate, service reliability and number of users that the Internet access can support. Although it may sound reasonably to use a broadband Internet access instead of a leased line from a cost view point, the latter has the advantage of being more reliable due to the use of a dedicated line. For some time critical 101 SOHO Networking and Internet Activites applications which require a guarantee quality of service in the response time, there may be a point to stick to the seemingly more expensive leased line option. Modem dialup Leased line Broadband Cable or ADSL modem, Equipment Dialup modem, Modem, ISP router, required telephone lines telephone lines Category 5e/6 cable and/or optical fiber cable Monthly cost Data transfer rate Very low. Less than High. HKD$100 Typically costs HK$1000+ Low to high. HKD$100-1000+ per month Medium to fast. Fast to very fast. Slow, support up to 128Kbps (ISDN 56Kbps only connection) to 45Mbps (T3 connection) Typically 1.5Mps-1000Mbps Low. Internet Excellent as the Good. Data noise may Service connection can be connection is not occur occasionally due to reliability interrupted by shared with any other bandwidth sharing within incoming phone calls. people the same building. The bandwidth is The bandwidth is adequate for supporting adequate for supporting a dozens to a few few to a few dozens of hundreds of users. users. No. of users (rough Single user only. May consider it as a backup resource. estimate) Table 1. Characteristics of various Internet access methods in terms of equipment required, cost, data transfer rate, service reliability and number of supported users. Wired LAN vs. Wireless LAN Table 2 compares the characteristics of wired and wireless networks. Wired network Wireless network Equipment Network interface card (NIC) Wireless NIC (or WNIC) required Network cable Wireless Access Point Cost Lower Higher Data transfer rate 100-1,000Mbps (various Ethernet Supported up to 54Mbps (IEEE (for home use) implementations) 802.11g) Data security Not a serious concern Reliability An important issue (as data are broadcast over the air) Network reliability is good. Data Network reliability can be retransmission is rarely required. seriously affected by the 102 SOHO Networking and Internet Activites surrounding environment. Data retransmission is almost a norm. Mobility Little Good Restricted by network structure LAN (which is set during physical Interconnection network configuration) Table 2. No pre-defined network structure restriction Characteristics of wired network and wireless network. SOHO Networking Basics Author’s remarks Part of the materials in this set of handout is adapted from Wikipedia and Guide to Networking Essentials (2nd edition) published by Course Technology. This set of materials is co-developed by Chung, C.F. Jeffrey and Alvin C. M. Kwan. What is Internet Protocol? The Internet Protocol (IP) is a connectionless protocol (at the network layer of OSI Model) used by source and destination hosts for communicating data across a packet-switched inter-network. IP is well known as it is the network layer protocol adopted by the Internet. As a connectionless protocol, IP has the following characteristics: Data exchange occurs between source and destination hosts with no path setup – IP can immediately start sending packets each IP packet is individually routed through the network Send data across the network to its destination without guaranteeing receipt Higher layers handle packet sequencing and certain data integrity control issues IP packets in a connectionless communication are also referred to as datagrams. Figure 1 displays the structures of two IP packets that adopt two different transport layer protocols – User Datagram Protocol (UDP) and Transmission Control Protocol (TCP). Teaching remark UDP is a connectionless protocol but TCP is a connection oriented protocol. TCP requires a connection establishment before sending data and a connection termination on completion of sending data. More succinctly, TCP connections have three phases: (1) connection establishment; (2) data transfer, and (3) connection termination. 103 SOHO Networking and Internet Activites Figure 1. Structures of TCP packet and UDP packets. For implementing the Internet Protocol, a unique number must be assigned manually or by Dynamic Host Configuration Protocol (DHCP) server to every device in the network in order to allow them to identify each other. We called those unique numbers as IP address. Any participating device – including routers, client computers, servers, and printers – must have its own address. This allows information passed onwards on behalf of the sender to indicate where to send it next, and for the receiver of the information to know that it is the intended destination. Dynamic IP Allocation with Dynamic Host Configuration Protocol (DHCP) Assigning IP addresses to network devices statically have a number of drawbacks. Every newly added network device must be manually assigned with an unused IP address within the network. Network devices that are switched off still occupy IP addresses. Devices that are moved from a sub-network to another sub-network need to have their IP addresses altered. One way to reduce the above effort is to assign an IP address dynamically to each network device when it is turned on. That can be done with the use of dynamic host configuration protocol (DHCP), which is a client-server protocol that allows automatic IP addresses and subnet mask assignment to network devices. Wikipedia has the following description about the dynamic IP address allocation using DHCP A network administrator assigns a range of IP addresses to DHCP, and each client computer on the LAN has its TCP/IP software configured to request an IP address from the DHCP server when that client computer's network interface card starts up. Dynamic IP address allocation can resolve all the mentioned problems regarding the assignment of static IP address to network devices. Note that dynamic IP address allocation is not suitable for systems that require a static address, such as web servers. 104 SOHO Networking and Internet Activites IP Addressing IP Address Format (IPv4) IP address is a logical address of 32-bit long which is written as four numbers separated by 8-bit octets. Each number ranges from 0 to 255. Thus, the numbers used in IP addresses range from 0.0.0.0 to 255.255.255.255 in decimal form or 00000000.00000000.00000000.00000000 to 11111111.11111111.11111111.11111111 in binary form, though some of these values are reserved for specific purposes. An IP address has specified the particular network a host was attached to, and a rest field, which gave the address of the host within that network. IP Address Class Originally, the 32-bit IP address consisted of an 8-bit network number field which specified the particular network a host was attached to, and a rest field, which gave the address of the host within that network. These mean originally, the 32-bit IP address is designed for a few, large, networks and supported 28=256 networks only. This is definitively not enough for the modern Internet and LANs. In order to overcome the problem, the definition of the meaning of IP addresses was changed, to classify 5 different classes IP address and allow 3 different sizes of network and number of host supported. The five classes are Class A, Class B, Class C, Class D and Class E. The first three classes of IP addresses are used to large, medium, and small networks whereas the Classes D and E addresses are normally not used. The following table introduces you 5 different classes of IP address: n indicates a binary slot used for network ID. s indicates a binary slot used for host ID. x indicates a binary slot (without specified purpose). Class A (0.0.0.0 – 127.255.255.255) From: 0.0.0.0 = 00000000.00000000.00000000.00000000 To: 127.255.255.255 = 01111111.11111111.11111111.11111111 Pattern: 0nnnnnnn.ssssssss.ssssssss.ssssssss Class A IP addresses support large-sized networks and supports 167,77,214 hosts per network. Class B (128.0.0.0 – 191.255.255.255) From: 128.0.0.0 = 10000000.00000000.00000000.00000000 To: 191.255.255.255 = 10111111.11111111.11111111.11111111 Pattern: 10nnnnnn.nnnnnnnn.ssssssss.ssssssss Class B IP addresses support medium-sized networks and supports 65,534 hosts per network. 105 SOHO Networking and Internet Activites Class C (192.0.0.0 – 223.255.255.255) From: 192.0.0.0 = 11000000.00000000.00000000.00000000 To: 223.255.255.225 = 11011111.11111111.11111111.11111111 Pattern: 110nnnnn.nnnnnnnn.nnnnnnnn.ssssssss Class C IP addresses support small-sized networks and supports 254 hosts per network. We almost always use Class C in a SOHO network. Class D (224.0.0.0 – 239.255.255.255) (For multicast only) From: 224.0.0.0 = 11100000.00000000.00000000.00000000 To: 239.255.255.255 = 11101111.11111111.11111111.11111111 Pattern: 1110XXXX.XXXXXXXX.XXXXXXXX.XXXXXXXX Class D IP addresses will not be used normally. Class E (240.0.0.0 – 255.255.255.255) (Reserved for the future) From: 240.0.0.0 = 11110000.00000000.00000000.00000000 To: 255.255.255.255 = 11111111.11111111.11111111.11111111 Pattern: 1111XXXX.XXXXXXXX.XXXXXXXX.XXXXXXXX Class E IP addresses will not be used normally. Table 1. IP address classes. Such a change was enough to work in the short run, only. The principal problem was that most sites were too big for a “class C” network number, and received a “class B” number instead. With the rapid growth of the Internet, the available pool of class B addresses (basically 214, or about 16,000 total) was rapidly used up. Classful networking was replaced by Classless Inter-Domain Routing (CIDR), starting in about 1993, to solve this problem (and others). However the discussion of CIDR is beyond the scope of the ACSA and ALCS curricula. Special Address Ranges Some IP addresses are reserved for special uses. Table 2 gives some special address ranges. Addresses 0.0.0.0 0.255.255.255 10.0.0.0 10.255.255.255 CIDR Equivalent Purpose Class Total # of 0.0.0.0/8 Zero Addresses A 16,777,216 A 16,777,216 10.0.0.0/8 Private IP addresses 106 SOHO Networking and Internet Activites 127.0.0.0 127.255.255.255 169.254.0.0 169.254.255.255 172.16.0.0 172.31.255.255 192.0.2.0 192.0.2.255 192.88.99.0 192.88.99.255 192.168.0.0 192.168.255.255 198.18.0.0 198.19.255.255 224.0.0.0 239.255.255.255 240.0.0.0 255.255.255.255 127.0.0.0/8 169.254.0.0/16 172.16.0.0/12 192.0.2.0/24 192.88.99.0/24 192.168.0.0/16 198.18.0.0/15 Localhost Loopback Address Zeroconf Private IP addresses Documentation and Examples IPv6 to IPv4 relay Anycast Private IP addresses Network Device Benchmark A 16,777,216 B 65,536 B 1,048,576 C 256 C 256 C 65,536 C 131,072 224.0.0.0/4 Multicast D 268,435,456 240.0.0.0/4 Reserved E 268,435,456 Table 2. Special IP address ranges. It is important to note that there is a range of IP addresses reserved for private use within each of the Classes A, B and C. Those addresses are often used for network devices on a LAN. Subnet Sub-network (usually known as a subnet) is the “all ones” bit pattern that masks the network portion of an IP address in a classful network. Subnetting an IP network allows you to break down what appears (logically) to be a single large network into smaller ones. It was introduced to allow a single site to have a number of local area networks. It reduces the number of entries in the Internet-wide routing table (by hiding information about all the individual subnets inside a site). As a side benefit, it also resulted in reduced network overhead, 107 SOHO Networking and Internet Activites by dividing the parts which receive IP broadcasts. Note that only devices which have IP address within the same subnet can communicate with each other. You will need a router for communication between subnets. A subnet mask is created by setting high-order bits to one in a 32-bit binary number. A logical AND operation is done on a selected IP address and its subnet mask to compute the subnet number that the current network device resides. Only network devices of same subnets can communicate among themselves. Below are some examples regarding the use of subnet masks. Example 1: Example 2: Example 3: 108 SOHO Networking and Internet Activites Note that a subnet mask must be set to have successive ones followed by successive zeroes. Thus it is illegal to have a subnet mask of 255.255.255.1 but 255.255.255.128 is fine. Security Threats The First Security Threat – Virus Introduction A computer virus is a type of program that can replicate itself by making (possibly modified) copies of it. The main criterion for classifying a piece of executable code as a virus is that it spreads itself by means of “hosts”. A virus can only spread from one computer to another when its host is taken to the uninfected computer, for instance by a user sending it over a network or carrying it on a removable media. Additionally, viruses can spread to other computers by infecting files on a network file system or a file system that is accessed by another computer such as file server’s files. Viruses are sometimes confused with worms. A worm, however, can spread itself to other computers without needing to be transferred as part of a host. A virus is a type of program created by some programmers called “virus writers”. Virus writers can have various reasons for creating and spreading viruses. Viruses have been written as research projects, pranks, vandalism, to attack the products of specific companies, to distribute political messages, and to obtain financial gain from identity theft or spyware. Some virus writers consider their creations to be works of art, and see virus writing as a creative hobby. Therefore the damages causes by virus are mainly depending on the virus writer’s skill and wish. Virus can damage computer files and systems, steal information from you and even damage your computer hardware. Viruses can infect different types of hosts. The most common targets are executable files that contain application software or parts of the operating system. Viruses have also infected the executable boot sectors of floppy disks, script files of application programs, and documents that can contain macro scripts. 109 SOHO Networking and Internet Activites Additionally, viruses can infect files in ways other than simply inserting a copy of their code into the code of the host program. For example, a virus can overwrite its host with the virus code, or it can use a trick to ensure that the virus program is executed when the user wants to execute the (unmodified) host program. Viruses have existed for many different operating systems, including MS-DOS, Mac OS and even Linux; however, the vast majority of viruses affect Microsoft Windows. Replication Strategies In order to replicate itself, a virus must be permitted to execute code and write to memory. For this reason, many viruses attach themselves to executable files that may be part of legitimate programs. If a user tries to start an infected program, the virus’ code may be executed first. Viruses can be divided into two types, on the basis of their behaviours when they get executed. Non-resident viruses immediately search for other hosts that can be infected, infect these targets, and finally transfer control to the application program they infected. Resident viruses do not search for hosts when they are started. Instead, a resident virus loads itself into memory on execution and transfers control to the host program. The virus stays active in the background and infects new hosts when those files are accessed by other programs or the operating system itself. Nonresident viruses can be thought of as consisting of a finder module and a replication module. The finder module is responsible for finding new files to infect. For each new executable file the finder module encounters, it calls the replication module to infect that file. Here is a sample of viruses replicate task: 1. Locate an unchecked executable file 2. Check if the executable file has already been infected (if it is, return to the finder module of the virus) 3. Append the virus code to the executable file 4. Save the executable’s starting point 5. Change the executable’s starting point so that it points to the start location of the newly copied virus code 6. Save the old start location to the virus in a way so that the virus branches to that location right after its execution. 7. Save the changes to the executable file 8. Close the infected file 9. Return to the finder so that it can find new files for the virus to infect. Resident viruses contain a replication module that is similar to the one that is employed by non-resident viruses. However, this module is not called by a finder module. Instead, the virus loads the replication module into memory when it is executed and ensures that this module is executed each time the operating system is called to perform a certain operation. For example, the replication module can get called each time the operating system executes a file. In this case, the virus infects every suitable program that is executed on the computer. 110 SOHO Networking and Internet Activites Avoiding Detection (out of syllabus) In order to avoid detection by users, some viruses employ different kinds of obfuscation. Some old viruses, especially on the MS-DOS platform, make sure that the "last modified" date of a host file stays the same when the file is infected by the virus. This approach does not fool anti-virus software, however. Some viruses can infect files without increasing their sizes or damaging the files. They accomplish this by overwriting unused areas of executable files. These are called cavity viruses. For example the CIH virus, or Chernobyl Virus, infects Portable Executable files. Because those files had many empty gaps, the virus, which was 1 KB in length, did not add to the size of the file. Recent viruses avoid any kind of detection attempt by attempting to kill the tasks associated with the virus scanner before it can detect them. Here are some other methods to avoid detection by users or antivirus program: 1. Stealth – Some viruses try to trick anti-virus software by intercepting its requests to the operating system. The virus can then return an uninfected version of the file to the anti-virus software, so that it seems that the file is “clean”. 2. Self-modification – Most modern antivirus programs try to find virus-patterns inside ordinary programs by scanning them for called virus signatures. Some viruses employ techniques that make detection by means of signatures difficult or impossible. These viruses modify their code on each infection. That is, each infected file contains a different variant of the virus. 3. Encryption with a variable key – A more advanced method is the use of simple encryption to encode the virus. In this case, a virus scanner cannot directly detect the virus using signatures. Fortunately, virus scanner can still detect the decrypting module, which makes indirect detection of the virus possible. 4. Polymorphic code – Polymorphic code was the first technique that posed a serious threat to virus scanners. Just like regular encrypted viruses, a polymorphic virus infects files with an encrypted copy of itself, which is decoded by a decryption module. In the case of polymorphic viruses however, this decryption module is also modified on each infection. Solution – Anti-virus Software To protect our system from virus, we must install anti-virus software to our system. Anti-virus software consists of computer programs that attempt to identify, thwart and eliminate computer viruses and other malicious software. To accomplish this, anti-virus software typically uses two different techniques: 1. Examining (scanning) the contents of the computer’s memory (its RAM, and boot sector) and the files stored on fixed or removable drives (hard drives, floppy drives), to look for known viruses matching definitions (e.g. virus signatures) in a virus dictionary 2. Identifying suspicious behaviours from any computer program which might indicate infection. Such analysis may include data captures, port monitoring and other methods. 111 SOHO Networking and Internet Activites Some anti-virus software can also warn a user if a file is likely to contain a virus based on the file type; some antivirus vendors also claim the effective use of other types of heuristic analysis. Some anti-virus programs are also able to scan opened files in addition to sent and received emails “on the fly” in a similar manner. This practice is known as “on-access scanning”. Anti-virus software does not change the underlying capability of host software to transmit viruses. There have been attempts to do this but adoption of such anti-virus solutions can void the warranty for the host software. Users must therefore update their software regularly to patch security holes. Anti-virus software also needs to be regularly updated in order to gain knowledge about the latest threats and hoaxes. Anti-virus software examples include Norton Antivirus, McAfee and Sophos. The Second Security Threat – Worm Introduction A computer worm is a self-replicating computer program, similar to a computer virus. A virus attaches itself to, and becomes part of, another executable program; however, a worm is self-contained and does not need to be part of another program to propagate itself. They are often designed to exploit the file transmission capabilities found on many computers. In addition to replication, a worm may be designed to do a number of things, such as delete files on a host system or send documents via email. More recent worms may be multi-headed and carry other executables as a payload. However, even in the absence of such a payload, a worm can cause havoc just with the network traffic generated by its reproduction. Advanced worm, for example Mydoom, can even cause a noticeable worldwide Internet slowdown at the peak of its spread. Replication Strategies In order to replicate itself, worm always install a backdoor in the infected computer, as was done by Mydoom. These zombie computers are used by spam senders for sending junk email or to cloak their website’s address. Spammers, person who sends “junk” e-mail messages, are thought to pay for the creation of such worms, and worm writers have been caught selling lists of IP addresses of infected machines, others try to blackmail companies with threatened denial-of-service (DoS) attacks. The backdoors can also be exploited by other worms, such as Doomjuice, which spreads using the backdoor opened by Mydoom. Worm Example – Mydoom Mydoom, also known as Novarg, Mimail.R and Shimgapi, is a computer worm affecting Microsoft Windows. It was first sighted on January 26, 2004. It became the fastest spreading email worm ever as of January 2004. Mydoom is primarily transmitted via e-mail, appearing as a transmission error, with subject lines including "Error," "Mail Delivery System," "Test" or "Mail Transaction Failed" in different languages, including English and French. The mail contains an attachment that, if executed, resends the worm to email addresses found in local files such as a user’s address book. Mydoom also installs a backdoor on port 3127/tcp on the subverted PC to allow remote control by hackers and establishes a denial of service attack against the website of the controversial company SCO Group, timed to commence 1 February 2004. Solution Some commonly adopted measures to stop worms from spreading are as follows: 112 SOHO Networking and Internet Activites Anti-virus software – Anti-virus software can effectively identify, thwart and eliminate computer worms. Please refer to previous section for more information. Patch – Worm make use of bugs to spread. Operating System such as Windows needs to be regularly patched in order to gain knowledge and fix the latest bugs. Firewall – Firewall is a piece of hardware and/or software which functions in a networked environment to prevent some communications forbidden by the security policy. Firewall is also called a packet filter which means it does not allow packets to pass through the firewall unless they match the rules. The firewall administrator may define the rules; or default built-in rules may apply. A more permissive setup could allow any packet to pass the filter as long as it does not match one or more “negative-rules”, or “deny rules”. Modern firewalls can filter traffic based on many packet attributes like source IP address, source port, destination IP address or port, destination service like WWW or FTP. They can filter based on protocols, domain name of the source, and many other attributes. Therefore, we can filter all the network packets and traffics which we don’t want including the network packets created by worm. Hence we can successfully block worm, Trojan horse, back door, unauthorised assess and DoS attack. Examples of firewall are Norton Internet Security, ZoneAlarm. The Third Security Threat –Trojan Horse Introduction Trojan horse, also known as Trojan, is a malicious program that is disguised as legitimate software. The term is derived from the classical myth of the Trojan horse. In the siege of Troy, the Greeks left a large wooden horse outside the city. The Trojans were convinced that it was a gift, and moved the horse to a place within the city walls. It turned out that the horse was hollow, containing Greek soldiers who opened the city gates of Troy at night, making it possible for the Greek army to pillage the city. Trojan horse programs work in a similar way: they may look useful or interesting (or at the very least harmless) to an unsuspecting user, but are actually harmful when executed. Trojan horse programs cannot replicate themselves, in contrast to some other types of security threats, like viruses or worms. A Trojan horse can be deliberately attached to otherwise useful software by a cracker, or it can be spread by tricking users into believing that it is a useful program. Trojan Horses often contain spying functions, such as a packet sniffer, or backdoor functions that allow a computer, unknown to the owner, to be remotely controlled from the network by hackers, creating a “zombie computer”, resulting in data loss, data stolen and system damage. 113 SOHO Networking and Internet Activites It’s basic difference from computer viruses is that a Trojan horse is technically a normal computer program and does not possess the means to spread itself. Originally Trojan horses were not designed to spread themselves. They relied on fooling people to allow the program to perform actions that they would otherwise not have voluntarily performed. Trojans of recent times also contain functions and strategies that enable their spreading. This moves them closer to the definition of computer viruses, and it becomes difficult to clearly distinguish such mixed programs between Trojan horses and viruses. Replication Strategies As mentioned, Trojan horse programs cannot replicate themselves. So how a computer can be infected? Here are some examples: Websites: You can be infected by visiting a rogue website. Internet Explorer is most often targeted by makers of Trojans and other pests. Even using a secure web browser, such as Mozilla's Firefox or Opera, if Java is enabled, your computer has the potential of receiving a Trojan horse. Instant message: Many get infected through files sent through various messengers. This is due to an extreme lack of security in some instant messengers, such of MSN messenger. E-mail: Attachments on e-mail messages may contain Trojans. Trojan Horse Example - Sub7 Sub7, or SubSeven, is the name of a popular Trojan or backdoor program. It is mainly used by script kiddies for causing mischief, such as hiding the computer cursor, changing system settings or loading up pornographic websites. However, it can also be used for more serious criminal applications, such as stealing credit card details with a keystroke logger. Sub7 is usually stopped by antivirus software and a firewall, and with popular operating systems providing these features built in, it may become less of a computer security problem. In common with other backdoor programs, Sub7 is distributed with a server and a client. The server is the program that victims must be enticed to run in order to infect their machines, and the client is the program with a GUI that the cracker runs on his own machine to control the server. Sub7 allows crackers to set a password on the server, theoretically so that once a machine is owned; no other crackers can take control of it. However, the Sub7 server also has a master password, allowing anyone who knows the master password to take over the machine. In older versions, the master password is now known to be 14438136782715101980 but this does not work on the most recent version. Solution Anti-virus software – Anti-virus software can effectively identify, thwart and eliminate computer Trojan horse. Firewall – can filter all the network packets and traffics which we don’t want including the network packets created by worm. Hence we can successfully block worm, Trojan horse, back door, unauthorised assess and DoS attack. Precautions – Trojan horses can be protected against through end user awareness. If a user does not open unusual attachments that arrive unexpectedly, any unopened Trojan horses will not affect the 114 SOHO Networking and Internet Activites computer. This is true even if you know the sender or recognize the source’s address. Even if one expects an attachment, scanning it with updated antivirus software before opening it is prudent. Files downloaded from file-sharing services such as BT are particularly suspicious, because (P2P) file-sharing services are regularly used to spread Trojan horse programs. The Fourth Security Threat – Spyware Introduction Spyware covers a broad category of malicious software designed to intercept or take partial control of a computer’s operation without the informed consent of that machine’s owner or legitimate user. While the term taken literally suggests software that secretly monitors the user, it has come to refer more broadly to software that subverts the computer’s operation for the benefit of a third party. Spyware differs from viruses and worms in that it does not usually self-replicate. Like many recent viruses, however, spyware - by design - exploits infected computers for commercial gain. Typical tactics furthering this goal include delivery of unsolicited pop-up advertisements; theft of personal information which including financial information such as credit card numbers, monitoring of web-browsing activity for marketing purposes; or routing of HTTP requests to advertising sites. Replication Strategies As mentioned, spyware programs cannot replicate themselves. Instead, spyware gets on a system through deception of the user or through exploitation of software vulnerabilities. The most direct route by which spyware can get on a computer involves the user installing it. However, users are unlikely to install software if they know that it may disrupt their working environment and compromise their privacy. So many spyware programs deceive the user, either by piggybacking on a piece of desirable software, or by tricking the user to do something that installs the software without realizing it. For example, Bonzi Buddy, a spyware program targeted at children, claims that: He will explore the Internet with you as your very own friend and sidekick! He can talk, walk, joke, browse, search, e-mail, and download like no other friend you've ever had! He even has the ability to compare prices on the products you love and help you save money! Best of all, he's FREE! Spyware can also come bundled with shareware or other downloadable software, as well as music CDs. The user downloads a program such as a music program or a file-trading and installs it; the installer additionally installs the spyware. Although the desirable software itself may do no harm, the bundled spyware does. In some cases, spyware authors have paid shareware authors to bundle spyware with their software. In other cases, spyware authors have repackaged desirable software with installers that add spyware. A third way of distributing spyware involves tricking users by manipulating security features designed to prevent unwanted installations. The security features of the design of the Internet Explorer web browser militate against allowing Web sites to initiate an unwanted download. Instead, a user action, such as clicking on a link, must normally trigger a download. However, links can prove deceptive: for instance, a pop-up ad may appear like a standard Windows dialog box. The box contains a message such as "Would you like to optimize your Internet access?" with links which look like buttons reading “Yes” and “No”. No matter which “button” the user presses, a download starts, placing the spyware on the user’s system. 115 SOHO Networking and Internet Activites Spyware Example - Bonzi Buddy Figure 1. Bonzi Buddy’s user interface. Bonzi Buddy is an on-screen software agent from BONZI Software. It is a well-known example of spyware, with computer speed, privacy and ease of use all affected by installing the program. When someone installs Bonzi Buddy, his or her homepage gets set to www.bonzi.com. Solution - Anti-spyware programs Many programmers and commercial firms have released products designed to remove or block spyware. Anti-spyware programs can combat spyware in two ways: real-time protection, which prevents spyware from being installed and scanning and removal of spyware. Scanning and removal is usually simpler, and so many more programs have become available which do so. The program inspects the contents of the Windows registry, the operating system files, and installed programs, and removes files and entries which match a list of known spyware components. Real-time protection from spyware works identically to real-time anti-virus protection: the software scans incoming network data and disk files at download time, and blocks the activity of components known to represent spyware. In some cases, it may also intercept attempts to install start-up items or to modify browser settings. Anti-spyware program needs to be regularly updated in order to gain knowledge about the latest spywares. An anti-spyware program example is Lavasoft's Ad-Aware. The Fifth Security Threat –Unauthorised Access Introduction Through its authorization service, an operating system protects computer resources by only allowing resource consumers that have been granted authority to use them. Examples of resources are individual files or data items, computer programs, computer devices and functionality provided by computer applications. Examples of consumers are computer users, computer programs and other devices on the computer. So why do we need authorization to access various sorts of resources? Simply put, we may not want expensive computer resources, such as colour laser printers, being accessed by everyone. We do not want 116 SOHO Networking and Internet Activites our intranet which contains internal information be accessed by public and we do not want our students be allowed to install software in the school network, etc. Solution – Access and User Right Control Access and user right control includes authentication, authorization and audit. Those means can be implemented through the use of biometric scans, metal locks, digital signatures, encryption, and monitoring (by humans and automated systems), etc. Authorization may be implemented using role based access control, access control lists. Role-Based Access Control (RBAC) is an approach to restricting system access to authorized users. Within an organization, roles are created for various job functions. The permission to perform certain operations or permissions are assigned to specific roles. Members of staff, or other system users, are assigned particular roles, and through those role assignments acquire the permissions to perform particular system functions. Since users are not assigned permissions directly, but only acquire them through their role(s), management of individual user rights becomes a matter of simply assigning the appropriate roles to the user (see Figure 2), which simplifies common operations such as adding a user, or changing a user's department. Figure 2. Example of role based access control. Access control list (ACL) is a list used to enforce privilege separation. It is a means of determining the appropriate access rights to a given object depending on certain aspects of the process that is making the request, principally the process’s user identity. The list is a data structure, usually a table, containing entries that specify individual user or group rights to specific system objects, such as a program, a process, a file or a directory. Each accessible object contains an identifier to its ACL. The privileges or permissions determine specific access rights to the object, such as read from, write to or execute an object. Figure 3 shows the access control list for a file (“bob.gif”) in MS Windows. 117 SOHO Networking and Internet Activites Figure 3. Example of access control list. The difference between ACL and RBAC is that RBAC is used in traditional discretionary access control systems in that it assigns permissions to specific operations with meaning in the organization, rather than to low level system objects. The assignment of permission to perform a particular operation is meaningful, because the operations are fine grained and themselves have meaning within the application. Authentication concerns ways to ensure users are who they say they are and who attempts to perform functions in a system is in fact the user who is authorized to do so. If a computer system is supposed to be used only by those authorized users, it must be able to detect and exclude any unauthorized usage. Access to the computer system is usually controlled by an authentication procedure to establish with some degree of confidence the identity of the user, thence granting those privileges as may be authorized to that identity. To accomplish this, authentication, such as user login, biometric scans and digital signatures must be implemented. User login – users using their own login name, password and even biometric scans such as finger print to login into the system and identify themselves. Hence suitable authorization and permission will be granted depends on their identity. Digital signatures – is a type of method for authenticating digital information analogous to ordinary physical signatures on paper, but implemented using techniques from the field of public-key cryptography. A digital signature method generally defines two complementary algorithms, one for signing and the other for verification, and the output of the signing process is also called a digital signature. Digital signature’s 118 SOHO Networking and Internet Activites public-key cryptosystems allow anybody to identify themselves and sending message using the public key. A signature allows the recipient of a message to be confident that the sender is indeed who he or she claims to be. Hence suitable authorization and permission will be granted depends on their identity. The public-key cryptography which digital signature is using is a form of cryptography which generally allows users to communicate securely without having prior access to a shared secret key, by using a pair of cryptographic keys, designated as public key and private key, which are related mathematically. In public key cryptography, the private key is generally kept secret, while the public key may be widely distributed. In a sense, one key “locks” a lock; while the other is required to unlock it. It should not be possible to deduce the private key of a pair given the public key. The most obvious value of a public key encryption system is confidentiality; a message which a sender encrypts using the recipient’s public key can only be decrypted by the recipient’s paired private key. Public-key digital signature algorithms can be used for sender authentication. For instance, a user can encrypt a message with his own private key before sending it. If another user can successfully decrypt it using the corresponding public key, this provides assurance that the first user (and no other) sent it. These characteristics are useful for many other applications, like digital cash, password-authenticated key agreement, multi-party key agreement, etc. Audit – audit trail is a record of transactions or communications related to a single person, account or other entity (see Figure 4). It shows who has accessed a computer system and what operations he or she has performed during a given period of time. To keep an audit trail, we can make use of the audit function provided by the operating system or some audit software. The Sixth Security Threat – Interception Introduction Interception means someone intercept the network packet in the middle of the network during the packet transmitting process. The one who intercepted the packet can read, delete or even retransmit after editing the message in the packet or the packet itself. This is a serious threat to data security. To accomplish interception, we can make use of some software programs or computer hardware called sniffer. They can intercept and log traffic passing over a computer network. As data stream back and forth over the network, the sniffer captures each packet and eventually decodes and analyzes its content according to the corresponding specifications. Besides wired sniffer, we also have wireless sniffer. A wireless sniffer captures the packets sent from a computer through the computer’s wireless network card to an access point or another computer. It captures these packets as raw data with the packet information header. 119 SOHO Networking and Internet Activites Figure 4. Example of audit trail. Sniffer Example - Ace Password Sniffer Ace Password Sniffer is a powerful password sniffer and password monitoring utility. Ace Password Sniffer can listen on LAN and capture passwords of any network user. Currently Ace Password Sniffer can monitor and capture passwords through FTP, POP3, HTTP, SMTP, and Telnet, etc. Figure 5 gives a snapshot of the running of the software. WEP is part of the IEEE 802.11 standard ratified in September 1999. WEP uses the stream cipher RC4 (see http://en.wikipedia.org/wiki/RC4_cipher for an introduction of RC4) for confidentiality and the CRC-32 checksum for integrity. Note that in 2001, a research revealed the encryption key in RC4 could be discovered by analyzing large number of messages encrypted with this key. This in turn becomes a potential weakness in WEP. A more secured scheme for encrypting data transmitted over a radio network is wi-fi protected access (WPA and WPA2). For wired network, we can use IP security (IPSec). IPSec is a set of cryptographic protocols for securing Internet Protocol (IP) communications by encrypting and/or authenticating all IP packets. There are two IPSec components, they are Encapsulating Security Payload (ESP) which provides authentication, data confidentiality and message integrity, and Authentication Header (AH) which provides authentication and message integrity, but does not offer confidentiality. Originally AH was only used for integrity and ESP was used only for encryption; authentication functionality was added subsequently to ESP. To achieve additional security, we can use Virtual Private Network (VPN). VPN use tunnelling protocols to provide the necessary confidentiality (preventing snooping), sender authentication (preventing identity spoofing), and message integrity (preventing message alteration) to achieve the privacy intended. When properly chosen, implemented, and used, such techniques can provide secure communications over unsecured networks. Because such choice, implementation and use are not trivial, there are insecure VPN schemes on the market. One secure VPN implementation uses Layer 2 Tunnelling Protocol and IPSec together (L2TP/IPSec). So far, no one can intercept the transmitting data packet in a L2TP/IPSec VPN connection. 120 SOHO Networking and Internet Activites Figure 5. Password sniffer. Solution – IPSec, VPN and WEP (technical details are out-of-syllabus) To avoid data being eavesdropped during transmission, data can be encrypted before transmission so that any intercepted data cannot be interpreted easily. For wireless radio network like IEEE-802.11g, we may use Wired Equivalent Privacy (WEP), one of the schemes to achieve a secure wireless networks in a certain degree. WEP was intended to provide comparable confidentiality to a traditional wired network, hence the name. VPN How many times have you been at a friends house or at work and said 'Gosh, I wish I could get at that file on my hard drive at home'. With a broadband Internet connection and a shiny new 'VPN Router', you can connect to your home network over the Internet from anywhere on the planet SECURELY. Our goal will be to establish an IPSec VPN connection from somewhere on the Internet to your home network. In addition, the remote computer will be able to mount network file shares (and printers too!) located on the home network. 121 SOHO Networking and Internet Activites Most of the consumer level VPN routers operate just about the same way because they all licensed the same IPSec code. The only differences are the number of simultaneous 'VPN Tunnels' they support and how many different 'VPN Profiles' they support at once. They also have the same performance levels - 500kbps to 700kbps max IPSec throughput. A 'VPN Tunnel' is simply an IPSec VPN connection in this case. Each remote computer connecting to your home network is one VPN Tunnel. A 'VPN Profile' is a set of parameters that define how your router will connect to other VPN end points. Some routers support multiple profiles making it easy to use for connecting to your work Intranet 'and' using it to dial into from the road. Configuration Overview In this example, we will be working with two computers and a VPN Router. Throughout the screen shots and the rest of the article, I will refer to the following IP address. Please write them down or print them for reference, it will help you understand the rest of the article. Home WAN IP: 24.60.60.100 (from your ISP) Home LAN Router IP: 192.168.100.1 Home LAN IP Network: 192.168.100.0: Subnet 255.255.255.0 Computer on Home LAN: 192.168.100.2 Remote (friends) computer on the Internet: 24.60.60.200 http://www.homenethelp.com/vpn/router-config.asp 122 SOHO Networking and Internet Activites Introduction to Disaster Recovery "He didn't backup the data, so our team lost last week's work" Have you ever heard or experienced of that? Although disaster rarely happens, once it does the price is always higher than what you thought. Try to image your personal computer suddenly broke down and you lost all of your teaching materials, PowerPoint and worksheets for which you have spent weeks or even months to prepare. The trouble is severe. Now imagine the serious of the trouble if a computer network breaks down. In order for you and your organization to effectively protect your resources from potential disaster, you should invest in implementing a disaster recovery plan to minimize data loss and allow data recovery even disaster happened. Disaster recovery is the ability of an infrastructure or system to restart operations after a disaster. Disaster recovery is used both in the context of data loss prevention and data recovery. There are two primary metrics to demonstrate recoverability following failure: Recovery Point Objective (RPO) is the point in time that the restarted infrastructure will reflect. Essentially, this is the roll-back that will be experienced as a result of the recovery. Reducing RPO requires increasing synchronicity of data replication. Recovery Time Objective (RTO) is the amount of time that will pass before an infrastructure is available. Reducing RTO requires data to be online and available at a failover site. Disaster Examples Before a disaster recovery plan is created, we must understand what kinds of disaster we will face and how to solve these problems. Here are some examples. Physical damage A wide variety of failures can cause physical damage to storage media. CD-ROMs can have their metallic substrate or dye layer scratched off; hard disks can suffer any of several mechanical failures, such as head crashes and failed motors; and tapes can simply break. Physical damage often causes some data loss, and in many cases damages the logical structures of the file system. This causes logical damage that must be dealt with before any files can be used again. Most physical damages cannot be repaired by end users. For example, opening a hard disk in a normal environment can allow dust to settle on the surface, causing further damage to the platters. End users generally do not have the right tools or technical expertise to make these sorts of repairs. Logical damage Far more common than physical damage is logical damage to a file system. Logical damage is primarily caused by power outages that prevent file system structures from being completely written to the storage medium, but problems with hardware and drivers, as well as system crashes, can have the same effect. The result is that the file system is left in an inconsistent state. This can cause a variety of problems, such as drives reporting negative amounts of free space, system crashes, or an actual loss of data. Various 123 SOHO Networking and Internet Activites programs exist to correct these inconsistencies, and most operating systems come with at least one rudimentary repair tool for their native file systems. Linux, for instance, comes with the fsck utility, and Microsoft Windows provides chkdsk. Third-party utilities are also available, and some can produce superior results by rescuing data even when the disk cannot be recognized by the operating system’s repair utility. Two main techniques are used by these repair programs. The first, consistency checking, involves scanning the logical structure of the disk and checking to make sure that it is consistent with its specification. The second technique for file system repair is to assume very little about the state of the file system to be analyzed and to rebuild the file system from scratch using any hints that any undamaged file system structures might provide. This strategy involves scanning the entire drive and making note of all file system structures and possible file boundaries, then trying to match what was located to the specifications of a working file system. Some third-party programs use this technique, which is notably slower than consistency checking. It can, however, rescue data even when the logical structures are almost completely destroyed. This technique generally does not repair the underlying file system, but merely allows for data to be extracted from it to another storage device. Creating Disaster Recovery Plan As mentioned, disaster recovery should include data loss prevention and data recovery. In the following paragraphs, some important techniques for data loss prevention and data recovery will be highlighted. Data Loss Prevention Technique 1 – Using Uninterruptible Power Supply (UPS) At power failures, disk controller may report file system structures have been saved to the disk when it has not actually occurred. This can often occur if the drive stores data in its write cache at the point of failure, resulting in a file system in an inconsistent state such that the journal itself is damaged or incomplete. One solution to this problem is using disk controllers equipped with a battery backup so that the waiting data can be written when power is restored. Finally, the entire system can be equipped with a battery backup that may make it possible to keep the system on in such situations, or at least to give enough time to shut down properly. This battery backup is called “Uninterruptible Power Supply (UPS)”. UPS, is a device or system that maintains a continuous supply of electric power to certain essential equipment that must not be shut down unexpectedly. The equipment is inserted between a primary power source and the equipment to be protected for the purpose of eliminating the effects of a temporary power outage and transient anomalies. They are generally associated with telecommunications equipment, computer systems, and other facilities such as airport landing systems and air traffic control systems where even brief commercial power interruptions could cause injuries or fatalities, serious business disruption or data loss. In order to prevent blackouts, UPS will use a process called load shedding. This reduces the amount of 124 SOHO Networking and Internet Activites power being sent to the consumers but does not eliminate it entirely. This drop in voltage is also sometimes called a voltage sag or a brownout. UPS will also protect equipment upon the occurrence of a brownout by using its internal batteries to correct the drop in voltage. The single biggest event that brought attention to the need for UPS power backup units was the big power blackout of 2003 in the north-eastern US and eastern Canada. There are nine standard power problems that a UPS may encounter. They are as follows: 1. Power failure. 2. Power sag (under voltage for up to a few seconds). 3. Power surge (over voltage for up to a few seconds). 4. Brownout (long term under voltage for minutes or days). 5. Long term over voltage for minutes or days. 6. Line noise superimposed on the power waveform. 7. Frequency variation of the power waveform. 8. Switching transient (under voltage or over voltage for up to a few nanoseconds). 9. Harmonic multiples of power frequency superimposed on the power waveform. Technique 2 – Using Redundant Array of Independent Disks (RAID) RAID is a system of using multiple hard drives for sharing or replicating data among the drives. Depending on the version chosen, the benefit of RAID is one or more of increased data integrity, fault-tolerance, throughput or capacity compared to single drives. Its key advantage is the ability to combine multiple low-cost devices into an array that offered greater capacity, reliability, or speed, or a combination of these things, than was affordably available in a single device. RAID specification suggested a number of prototype “RAID levels”, or combinations of disks. Each has theoretical advantages and disadvantages. The most common as well as provide functionality to prevent data loss and fault-tolerance one are RAID 1 and RAID 5. A simple animation that illustrates how a RAID system delivers its fault-tolerance behavior http://www.adtron.com/expertise/activeraid.html. RAID 1 Figure 1. RAID 1 configuration. 125 can be found at SOHO Networking and Internet Activites RAID 1 creates an exact copy (or mirror) of a set of data on two or more disks. This is useful when write performance is more important than minimizing the storage capacity used for redundancy. The array can only be as big as the smallest member disk, however. A classic RAID 1 mirrored pair contains two identical disks, which increases reliability over a single disk, but it is possible to have more than two disks. Since each member can be addressed independently if the other fails, reliability increases with the number of disks in the array. To truly get the full redundancy benefits of RAID 1, independent disk controllers are recommended, one for each disk. Some refer to this practice as splitting or duplexing. When reading, both disks can be accessed independently. Thus the average seek time is reduced. The transfer rate would be almost doubled as data can be accessed in parallel. In general, the more disks are used in the array, the better the performance of the disk array. The only limit is how many disks can be connected to the controller and its maximum transfer speed. RAID 1 has many administrative advantages. For instance, in some 365*24 environments, it is possible to “Split the Mirror”: make one disk inactive, do a backup of that disk, and then “rebuild” the mirror. This requires that the application supports recovery from the image of data on the disk at the point of the mirror split. This procedure is less critical in the presence of the “snapshot” feature of some file systems, in which some space is reserved for changes, presenting a static point-in-time view of the file system. Alternatively, a set of disks can be kept in much the same way as traditional backup tapes are. RAID 5 Figure 2. RAID 5 configuration. RAID 5 uses block-level striping with parity data distributed across all member disks. RAID 5 has achieved popularity due to its low cost of redundancy. Generally RAID-5 is implemented with hardware support for parity calculations. Every time a data block is written on a disk in an array, a parity block is generated within the same stripe. A block is often composed of many consecutive sectors on a disk. A series of blocks from each of the disks in an array is collectively called a “stripe”. If another block, or some portion of a block, is written on 126 SOHO Networking and Internet Activites that same stripe the parity block is recalculated and rewritten. The disk used for the parity block is staggered from one stripe to the next, hence the term “distributed parity blocks”. RAID-5 writes are expensive in terms of disk operations and traffic between the disks and the controller. The parity blocks are not read on data reads, since this would be unnecessary overhead and would diminish performance. The parity blocks are read, however, when a read of a data sector results in a cyclic redundancy check (CRC) error. In this case, the sector in the same relative position within each of the remaining data blocks in the stripe and within the parity block in the stripe are used to reconstruct the errant sector. The CRC error is logged down but this would not hinder the operations of the computer system. Likewise, should a disk fail in the array, the parity blocks from the surviving disks are combined mathematically with the data blocks from the surviving disks to reconstruct the data on the failed drive “on the fly”. This is sometimes called Interim Data Recovery Mode. The operating system knows that a disk drive has failed and it notifies the administrator that a drive needs replacement; applications running on the computer are unaware of the failure. Reading and writing to the drive array continues seamlessly, though with some performance degradation. In RAID 5, where there is a single parity block per stripe, the failure of a second drive results in total data loss. The maximum number of drives in a RAID-5 redundancy group is theoretically unlimited, but it is common practice to limit the number of drives. The tradeoffs of larger redundancy groups are greater probability of a simultaneous double disk failure, the increased time to rebuild a redundancy group, and the greater probability of encountering an unrecoverable sector during RAID reconstruction. In a RAID 5 group, the mean time between failures (MTBF) can become lower than that of a single disk. This happens when the likelihood of a second disk failing out of (N-1) dependent disks, within the time it takes to detect, replace and recreate a first failed disk, becomes larger than the likelihood of a single disk failing. RAID-5 implementations suffer from poor performance when faced with a workload which includes many writes that are smaller than the capacity of a single stripe because parity must be updated on each write, requiring read-modify-write sequences for both the data block and the parity block. More complex implementations often include non-volatile write back cache to reduce the performance impact of incremental parity updates. In the event of a system failure while there are active writes, the parity of a stripe may become inconsistent with the data. If this is not detected and repaired before a disk or block fails, data loss may ensue as incorrect parity will be used to reconstruct the missing block in that stripe. This potential vulnerability is sometimes known as the “write hole”. Battery-backed cache and other techniques are commonly used to reduce the window of vulnerability of this occurring. Data Recovery Technique – Using Backup 127 SOHO Networking and Internet Activites Backup means copying of data for the purpose of having an additional copy of an original source. If the original data is damaged or lost, the data may be copied back from that source, a process which is known as data recovery or data restore. The “data” in question can be either data as such, or stored program code, both of which are treated the same by the backup software. Backups differ from an archive in that the data is necessarily duplicated, instead of simply moved. Backups are most often made from hard disk based production systems to large capacity magnetic tape, hard disk storage, or optical write-once read-many (WORM) disk media like CD-R, DVD-R and similar formats. As broadband access becomes more widespread, network and remote backups are gaining in popularity. There are quite a few companies (found by Google Keyword Search) offering Internet-based backup. During the period 1975–95, most personal/home computer users associated backup mostly with copying floppy disks. However, recent drop in hard disk prices, and its number one position as the most reliable re-writeable media, makes it one of the most practical backup media. To plan for Backup, several strategies should be considered: 1. A backup should be easy to do. 2. A backup should be automated and rely on as little human interaction as possible. 3. Backups should be made regularly. 4. A backup should rely on standard, well-established formats. 5. A backup should not use compression. Uncompressed data is easier to recover if the backup media is damaged or corrupted. 6. A backup should be able to run without interrupting normal work. 7. Rely on standard formats. 8. If a backup spans multiple volumes, recovery should not rely on all volumes being readable or present. 9. If you use certain medium to do your backup on, you also need to have a drive available that can read it. 10. Backup media needs to be read from time to time, to make sure the data is still readable. Also, the data needs to be copied to a new medium if it's about to disappear. Will you be able to read a CD-R in 10 years' time? 11. Each of the different media has benefits and drawbacks. Also consider the cost per gigabyte when comparing different solutions. 12. Proper backup relies on at least two copies, stored on different media, kept at different locations. 13. In the case of a disaster, no one will be able to think clearly, and act accordingly. For this reason, checklists need to exist that outline what to do. 14. Staff needs proper training in what to do in case of disaster occurred. To perform backup, you should use some backup software to help such as ntbackup in Windows XP environment (see Figure 3). 128 SOHO Networking and Internet Activites Figure 3. ntbackup – a data backup and recovery tool in Windows XP. To perform network backup, which means backup data to network backup server through the network, you should set up your client computers and network backup server with proper IP and subnet mask. 129 SOHO Networking and Internet Activites Networking (Advance Level) Theory by itself Packets (Frames) Data in the LAN (Ethernet LAN) or the Internet is in the form of packets, it is encapsulated as below: Data in an Ethernet is constructed as the above. IP Packet Structure All IP packets are structured the same way - an IP header followed by a variable-length data field. A summary of the contents of the internet header follows: The header has to be at least 20 bytes Version: 4 bits The Version field indicates the format of the internet header. There are two commonly used version, they are IPv4 and IPv6. This document describes version 4 (IPv4). The main difference of IPv4 and IPv6 is that IPv4 uses 32bits to represent an address where IPv6 uses 128bit to represent an address. IHL: 4 bits Internet Header Length is the length of the internet header in 32 bit words, and thus points to the beginning of the data. Note that the minimum value for a correct header is 5. 130 SOHO Networking and Internet Activites Type of Service: 8 bits The Type of Service provides an indication of the abstract parameters of the quality of service desired. These parameters are to be used to guide the selection of the actual service parameters when transmitting a datagram through a particular network. Several networks offer service precedence, which somehow treats high precedence traffic as more important than other traffic (generally by accepting only traffic above a certain precedence at time of high load). The major choice is a three way tradeoff between low-delay, high-reliability, and high-throughput. Bits 0-2: Precedence. Bit 3: 0 = Normal Delay, 1 = Low Delay. Bit 4: 0 = Normal Throughput, 1 = High Throughput. Bit 5: 0 = Normal Relibility, 1 = High Relibility. Bit 6-7: Reserved for Future Use. Precedence 111 - Network Control 011 - Flash 110 - Internetwork Control 010 - Immediate 101 - CRITIC/ECP 001 - Priority 100 - Flash Override 000 - Routine A defined Quality of Service may be required for certain types of network traffic, for example: streaming multimedia may require guaranteed throughput IP telephony or Voice over IP (VOIP) may require strict limits on jitter and delay Total Length: 16 bits Total Length is the length of the datagram, measured in octets (8 bits), including internet header and data. This field allows the length of a datagram to be up to 65,535 octets. Such long datagrams are impractical for most hosts and networks. All hosts must be prepared to accept datagrams of up to 576 octets (whether they arrive whole or in fragments). It is recommended that hosts only send datagrams larger than 576 octets if they have assurance that the destination is prepared to accept the larger datagrams. The number 576 is selected to allow a reasonable sized data block to be transmitted in addition to the required header information. For example, this size allows a data block of 512 octets plus 64 header octets to fit in a datagram. The maximal internet header is 60 octets, and a typical internet header is 20 octets, allowing a margin for headers of higher level protocols. 131 SOHO Networking and Internet Activites Identification: 16 bits An identifying value assigned by the sender to aid in assembling the fragments of a datagram. Flags: 3 bits Various Control Flags. Bit 0: reserved, must be zero Bit 1: (DF) 0 = May Fragment, 1 = Don't Fragment. Bit 2: (MF) 0 = Last Fragment, 1 = More Fragments. Fragment Offset: 13 bits This field indicates where in the datagram this fragment belongs. The fragment offset is measured in units of 8 octets (64 bits). The first fragment has offset zero. Time to Live: 8 bits This field indicates the maximum time the datagram is allowed to remain in the internet system. If this field contains the value zero, then the datagram must be destroyed. This field is modified in internet header processing. The time is measured in units of seconds, but since every module (hop, say router) that processes a datagram must decrease the TTL by at least one even if it process the datagram in less than a second, the TTL must be thought of only as an upper bound on the time a datagram may exist. The intention is to cause undeliverable datagrams to be discarded, and to bound the maximum datagram lifetime. Protocol: 8 bits This field indicates the next level protocol used in the data portion of the internet datagram. The values for various protocols are specified in "Assigned Numbers" . Header Checksum: 16 bits A checksum on the header only. Since some header fields change (e.g., time to live), this is recomputed and verified at each point that the internet header is processed. The checksum algorithm is: The checksum field is the 16 bit one's complement of the one's complement sum of all 16 bit words in the header. For purposes of computing the checksum, the value of the checksum field is zero. This is a simple to compute checksum and experimental evidence indicates it is adequate, but it is provisional and may be replaced by a CRC procedure, depending on further experience. 132 SOHO Networking and Internet Activites Source Address: 32 bits The source address. See section 3.2. Destination Address: 32 bits The destination address. See section 3.2. NAT Short for Network Address Translation, an Internet standard that enables a local-area network (LAN) to use one set of IP addresses for internal traffic and a second set of addresses for external traffic. A NAT box located where the LAN meets the Internet makes all necessary IP address translations. NAT serves three main purposes: Provides a type of firewall by hiding internal IP addresses Enables a company to use more internal IP addresses. Since they're used internally only, there's no possibility of conflict with IP addresses used by other companies and organizations. Allows a company to combine multiple ISDN connections into a single Internet connection. Static NAT A type of NAT in which a private IP address is mapped to a public IP address, where the public address is always the same IP address (i.e., it has a static address). This allows an internal host, such as a Web server, to have an unregistered (private) IP address and still be reachable over the Internet. Dynamic NAT A type of NAT in which a private IP address is mapped to a public IP address drawing from a pool of registered (public) IP addresses. Typically, the NAT router in a network will keep a table of registered IP addresses, and when a private IP address requests access to the Internet, the router chooses an IP address from the table that is not at the time being used by another private IP address. Dynamic NAT helps to secure a network as it masks the internal configuration of a private network and makes it difficult for someone outside the network to monitor individual usage patterns. Another advantage of dynamic NAT is that it allows a private network to use private IP addresses that are invalid on the Internet but useful as internal addresses. 133 SOHO Networking and Internet Activites Dynamic NAT with overloading: Given there is just one unique IP address (real IP, not the virtual IP in the LAN) connected to the Internet and a group of clients computers behind the NAT router, it will use the feature called overloading to make the Internet connection sharing works. When the client computer wants to make an outbound connection, e.g. a web server outside of the LAN, of course it has its own IP address and its local port number, when the packet passes through the NAT router, it then will store the IP address and the corresponding port number into its Address Translation Table and replace it with the unique outgoing IP address with another port number. It is illustrated in the following table: Source Source Computer's Computer's IP Address Port A 192.168.32.10 400 215.37.32.203 1 B 192.168.32.13 50 215.37.32.203 2 C 192.168.32.15 3750 215.37.32.203 3 D 192.168.32.18 206 215.37.32.203 4 Source Computer NAT Router's IP Address NAT Router's Assigned Port Number Look at this table to see how the computers on a stub domain might appear to external networks. As you can see, the NAT router stores the IP address and port number of each computer in the address translation table. It then replaces the IP address with it's own registered IP address and the port number corresponding to the location, in the table, of the entry for that packet's source computer. So any external 134 SOHO Networking and Internet Activites network sees the NAT router's IP address and the port number assigned by the router as the source-computer information on each packet. Now, the sender of the packet will no longer be the real sender but the NAT router and the receiver will have no idea it is the router or the computer or has it applied the technique "NAT" or not. When a packet comes back from the destination computer, the router checks the destination port on the packet. It then looks in the address translation table to see which computer the packet belongs to. It changes the destination address and destination port to the ones saved in the address translation table and sends it to that computer. The computer receives the packet from the router. The process repeats as long as the computer is communicating with the external system. Since the NAT router now has the computer's source address and source port saved to the address translation table, it will continue to use that same port number for the duration of the connection. A timer is reset each time the router accesses an entry in the table. If the entry is not accessed again before the timer expires, the entry is removed from the table. The number of simultaneous translations that a router will support are determined mainly by the amount of DRAM (Dynamic Random Access Memory) it has. But since a typical entry in the address-translation table only takes about 160 bytes, a router with 4 MB of DRAM could theoretically process 26,214 simultaneous translations, which is more than enough for most applications. 135 SOHO Networking and Internet Activites ROUTING To effectively routes packets in packet switching networks like the Internet, routers should have constructed a routing table that stores the cost (here, the more the cost, the slower the network) to different routers (nodes). Distance Vector Algorithm (DV algorithm, Also known as Dijkstra's Algorithm) The forward search algorithm can be described informally thus: C(i,n) is the cost of the least cost path from i to n l(i,n) is the link cost from i to n for each node i for all other nodes set C(i,n) to L(i,n) repeat find a node w (not yet considered by the algorithm) such that C(i,w) is a minimum for all unconsidered nodes for each node n other than i and w do if C(i,w)+L(w,n) < C(i,n) then C(i,n) = C(i,w)+L(w,n) path(i,n) = path(i,w)+path(w,n) endif end do add the node w to the set of nodes considered so far until all nodes considered Here's an example of a simple network showing how the forward search algorithm may be used. Now, we are going to construct the routing table in Node 1 (node, usually means a device with an IP address, here, it is a router.) So, with respect to node 1, the cost to other node is shown in the following routing table. Node 1 2 3 4 5 6 7 Cost 0 2 Infinite 5 Infinite Infinite Infinite 136 SOHO Networking and Internet Activites By default, node 1 to node 1 is set to have a cost 0. Since node 3, 5, 6 and 7 do not connect to node 1 directly, so, their costs have been set to be infinite. However, since node 3 is connected to node 4 and node 2, so, with respect to node 1, the cost of node 3 would be either Node 1 -> Node 2 -> Node 3 (which has a cost 2+5=7) OR Node 1 -> Node 4 -> Node 3 (which has a cost 5+2=7) OR Node 1 -> Node 2 -> Node 4 -> Node 3 (which has a cost 2+1+2=5) So, with respect to Node 1, the cost of Node 3 now would be 5. Also, the cost to Node 4 would be changed into 3. So, the table changed into Node 1 2 3 4 5 6 7 Cost 0 2 5 3 Infinite Infinite Infinite Route 1-1 1-2 1-2-4-3 1-2-4 / / / Similarly, Forward Search Algorithm will give a routing table as below to show the cost to different nodes with respect to Node 1. Of course, to ease the loading, we would utilize those low cost routes. Node 2 3 4 5 6 7 Least cost path 2 5 3 5 6 6 Route 1-2 1-2-4-3 1-2-4 1-2-4-5 1-2-4-5-6 1-2-7 In using this algorithm, we need to assume the network itself is very consistent, i.e. the cost of each node does not change for a long period of time, however, in the real world, it is not really possible. To overcome this problem, in a specific period of time, it sends its table to its neighbor routers (not to all routers) and receives the routing table of each of its neighbors. Based on the information in its neighbors' routing tables, it updates its own. Apart from the above imperfection, this algorithm in fact will produce an infinite looping flaw, i.e. after constructing a routing table for Node 1, the cost to different nodes will be referred in Node 2, and hence, it may changed the cost of some other nodes with respect to Node 2 (because the least cost node has to be chosen), and then, it will again affect the cost in the routing table in Node 1 and so on. We call this problem “Count to infinity” As the network size grows, the number of routers in the network increases. Consequently, the size of routing tables increases, as well, and routers can't handle network traffic as efficiently. We use hierarchical routing to overcome this problem. Let's examine this subject with an example: We use DV algorithms to find best routes between nodes. In the situation depicted below, every node of the network has to save a routing table with 17 records. Here is a typical graph and routing table for A: 137 SOHO Networking and Internet Activites Destination Line Weight A --- --- B B 1 C C 1 D B 2 E B 3 F B 3 G B 4 H B 5 I C 5 J C 6 K C 5 L C 4 M C 4 N C 3 O C 4 P C 2 Q C 3 Network graph and A's routing table In hierarchical routing, routers are classified in groups known as regions. Each router has only the information about the routers in its own region and has no information about routers in other regions. So routers just save one record in their table for every other region. In this example, we have classified our network into five regions (see below). 138 SOHO Networking and Internet Activites Destination Line Weight A --- --- B B 1 C C 1 Region 2 B 2 Region 3 C 2 Region 4 C 3 Region 5 C 4 Hierarchical routing If A wants to send packets to any router in region 2 (D, E, F or G), it sends them to B, and so on. As you can see, in this type of routing, the tables can be summarized, so network efficiency improves. The above example shows two-level hierarchical routing. We can also use three- or four-level hierarchical routing. In three-level hierarchical routing, the network is classified into a number of clusters. Each cluster is made up of a number of regions, and each region contains a number or routers. Hierarchical routing is widely used in Internet routing and makes use of several routing protocols. The following article describes how Microsoft Win2003 server works with routing table. The routing table is built automatically, based on the current TCP/IP configuration of your computer. Each route occupies a single line in the displayed table. Your computer searches the routing table for an entry that most closely matches the destination IP address. Description Default route Network destination 0.0.0.0 139 Netmask Gateway Interface Metric 0.0.0.0 10.0.0.1 10.0.0.169 30 SOHO Networking and Internet Activites Description Network destination Netmask Gateway Interface Metric 127.0.0.1 1 Loopback network 127.0.0.0 255.0.0.0 127.0.0.1 Local network 10.0.0.0 255.0.0.0 10.0.0.169 10.0.0.169 30 Local IP address 10.0.0.169 255.255.255.255 127.0.0.1 127.0.0.1 30 (1?) Multicast addresses 224.0.0.0 240.0.0.0 10.0.0.169 10.0.0.169 30 Limited broadcast 255.255.255.255 255.255.255.255 10.0.0.169 10.0.0.169 1 address Your computer uses the default route if no other host or network route matches the destination address included in an IP datagram. The default route typically forwards an IP datagram (for which there is no matching or explicit local route) to a default gateway address for a router on the local subnet. In the above example, the default route forwards the datagram to a router with a gateway address of 10.0.0.1. Because the router that corresponds to the default gateway contains information about the network IDs of the other IP subnets within the larger TCP/IP internet, it forwards the datagram to other routers until the datagram is eventually delivered to an IP router that is connected to the specified destination host or subnet within the larger network. Network destination The network destination is used with the netmask to match the destination IP address. The network destination can range from 0.0.0.0 for the default route through 255.255.255.255 for the limited broadcast, which is a special broadcast address to all hosts on the same network segment. Netmask The netmask is the subnet mask that is applied to the destination IP address when matching it to the value in the network destination. When netmask is written in binary, a "1" must match and a "0" need not match. For example, a default route uses a 0.0.0.0 netmask that translates to the binary value 0.0.0.0, so bits need not match. A host route--a route that matches an IP address--uses a 255.255.255.255 netmask that translates to the binary value 11111111.11111111.11111111.11111111, so all of the bits must match. Gateway (閘口, 對外的窗口) 140 SOHO Networking and Internet Activites The gateway address is the IP address that the local host uses to forward IP datagrams to other IP networks. This is either the IP address of a local network adapter or the IP address of an IP router (such as a default gateway router) on the local network segment. Interface (對外的身份) The interface is the IP address that is configured on the local computer for the local network adapter that is used when an IP datagram is forwarded on the network. Metric A metric indicates the cost of using a route, which is typically the number of hops to the IP destination. Anything on the local subnet is one hop, and each router crossed after that is an additional hop. If there are multiple routes to the same destination with different metrics, the route with the lowest metric is selected. Classless Inter-Domain Routing (CIDR) IP addresses were originally separated into two parts: the network address (which identified a whole network or subnet), and the host address (which identified a particular machine's connection or interface to that network). This division was used to control how traffic was routed in and among IP networks. Historically, the IP address space was divided into three main 'classes of network', where each class had a fixed size network address. The class, and hence the length of the network address and the number of hosts on the network, could always be determined from the most significant bits of the IP address. Without any way of specifying a prefix length or a subnet mask, routing protocols necessarily used the class of the IP address specified in route advertisements to determine the size of the routing prefixes to be set up in the routing tables. e.g. The prefix bit for class A is 0, class B is 01 and class C is 001, and the number of hosts of class C is 256. As the experimental TCP/IP network expanded into the Internet during the 1980s, the need for more flexible addressing schemes became increasingly apparent. This led to the successive development of subnetting and CIDR. Because the old class distinctions are ignored, the new system was called classless routing. 141 SOHO Networking and Internet Activites CIDR is principally a bitwise, prefix-based standard for the interpretation of IP addresses. It facilitates routing by allowing blocks of addresses to be grouped together into single routing table entries. These groups, commonly called CIDR blocks, share an initial sequence of bits in the binary representation of their IP addresses. IPv4 CIDR blocks are identified using a syntax similar to that of IPv4 addresses: a four-part dotted-decimal address, followed by a slash, then a number from 0 to 32: A.B.C.D/N. The dotted decimal portion is interpreted, like an IPv4 address, as a 32-bit binary number that has been broken into four 8-bit bytes. The number following the slash is the prefix length, the number of shared initial bits, counting from the left-hand side of the address. When speaking in abstract terms, the dotted-decimal portion is sometimes omitted, thus a /20 is a CIDR block with an unspecified 20-bit prefix. How router works A router acts as a junction (gateway) between two or more networks to transfer data packets among them. A router is different from a switch. A switch connects devices to form a Local area network (LAN). In order to route packets, a router communicates with other routers using routing protocols and using this information creates and maintains a routing table. The routing table stores the best routes to certain network destinations, the "routing metrics" associated with those routes, and the path to the next hop router. Routing differs from bridging in its assumption that address-structures imply similar addresses located within the local network, thus allowing a single routing-table entry to represent the route to a group of addresses. Therefore, routing outperforms bridging in large networks, and it has become the dominant form of path-discovery on the Internet. There are different types of routers. E.g. NAT router, home use router, wireless routers etc. 142 SOHO Networking and Internet Activites How switch works Switches maintain a list (called a translation table) that maps individual MAC addresses (remember not IP address) on the network to the physical ports on the switch. This enables it to only send data out of the physical port where the recipient computer is located, instead of indiscriminately broadcasting the data out of all ports like a hub (yeah, hub broadcast but not switch). The advantage of this method is that data is only routed to the computer that the data is specifically destined for. There are two kinds of switches, cut-through switch and store and forward switch: Cut-through switches read the MAC address as soon as a packet is detected by the switch. After storing the 6 bytes that make up the address information, they immediately begin sending the packet to the destination node, even as the rest of the packet is coming into the switch. A switch using store-and-forward will save the entire packet to the buffer and check it for CRC (cyclic redundancy check, a common technique for detecting data transmission errors) errors or other problems before sending. If the packet has an error, it is discarded. Otherwise, the switch looks up the MAC address and sends the packet on to the destination node. Many switches combine the two methods, using cut-through until a certain error level is reached and then changing over to store-and-forward. Very few switches are strictly cut-through, since this provides no error correction. Port forwarding Port forwarding (sometimes referred to as tunneling) is the act of forwarding a network port from one network node to another. This technique can allow an external user to reach a port on a private IP address (inside a LAN) from the outside via a NAT-enabled router. For example For all HTTP request (port 80), a NAT router is set to referred to an IP address 10.129.64.50 (it is in fact a web server of the domain). So, whenever an HTTP request from a client computer, i.e. by indicating http://www.abc.com/, originally, the DNS will resolve to give the IP address of the router (which is the real IP address) and of course, the virtual IP address 10.129.64.50 cannot be indicated by the DNS, however, when the packets come to the router, since it is a port 80 message, so, it will automatically redirected to the corresponding web server.) 143 SOHO Networking and Internet Activites Common Questions: 1. What is the use of the command “Ping” in computer networking? “Ping” is a command that sends a number of packets from a computer to another node (it can be a PC or a network device like a router) to test its connection. By using interval timing and response rate, ping estimates the round-trip time and packet loss rate between hosts. 2. Some people will argue that if they are using a router at home, then, it can provide a much more secure environment to the user, do you agree, explain please. If you are using a router which provides NAT functions (By default, most of the routers will have this function), then, the outsiders, theoretically, cannot invade your computer system because now you are using a virtual IP address. It is because NAT enables multiple computers to access to the Internet over a single high-speed link. NAT also typically has the effect of preventing connections from being established inbound into your computer, whilst permitting connections out. Getting a router in your home improves the security of a home LAN; some people consider that they don't need a firewall if they have a router. 3. What is the usual way for a firewall to block unauthorized access? Usually, there are several ways to a firewall to block and allow access from the Internet. Block port, it can block a specific range of ports either it is inbound connection or outbound connection. Inbound connection, a computer with an IP address 212.33.44.55 with port number 1234 send a HTTP request to our web server (IP address is 218.33.55.66). Outbound connection, a computer is going to make a connection with a remote computer, it is called outbound connection. Block IP address, it can block a range or a specific IP address. E.g. block IP address ranging from 212.33.44.1 to 212.33.45.100. 144 SOHO Networking and Internet Activites Block domain, it can block a specific domain. E.g. block abc.com.hk To allow connection, we can set up the firewall so that it can 4. allow ports. establish “Trusted IPs”. establish “Trusted domain”. How many ports can be opened by a computer? 216=65536 5. For the OSI model, which layers belong to “Application Sets” and which layers belong to “Transport Sets”? In OSI model, layer 1 to 4 (Layer 1: physical layer, Layer 2: Data Link layer, Layer 3: Network layer, Layer 4: Transport Layer ) are grouped to call “Transport Sets” because they are responsible for the transportation of the data (packets). Layer 5 to 7 are grouped to call “Application Sets”. (Layer 5: Session Layer, Layer 6: Presentation Layer; Layer 7: Application Layer) 6. In OSI model, which layer is responsible for the interaction with the OS? Application layer 7. In OSI model, which layer does TCP belong to? Transport layer 8. In OSI model, which layer does IP belongs to? Network layer 9. In OSI model, which layer does router belongs to? Network layer 10. In OSI model, which layer does switch belongs to? Data link layer 11. What is the Internet belongs to? Packet switching or circuit switching? What is the advantage? Packet switching. It can efficiently utilize the bandwidth of the Internet because if it is circuit switching (as voice telephone network), the connection is made and no other user is allowed to use the routes, so, lots of its bandwidth is wasted. 145 SOHO Networking and Internet Activites Computer Concept on Wireless LAN Sometimes we called it WiFi, a technology based on 1EEE 802.11. In the market, there are several standards devices available, their simple comparisons are listed below: Maximum transmission rate Effective Range 802.11a 10 Metres 54 Mbit/s 802.11b 30 Meters 11 Mbit/s 802.11g 30 Meters 54 Mbit/s Of course, there will be other standards, the above are some commonly used standard in the market. A simple wireless LAN (WLAN) is configured as below: As you can see in the above figure, it shows an AP (Access Point, a wireless router) provides wireless connection services to 3 notebook computers. It is wired in a LAN that is monitored by a domain server. In the LAN, it has router to provide connection to the Internet. In view of the above configuration, you should ask yourself several questions: 1. What should be used as the backbone? Usually UTP or Fiber optics. 2. How an AP provides wireless connection? It uses electromagnetic wave (RF, Radio Frequency) as the medium to transmit and receive signals, different standards, like 802.11a, 802.11b, etc will use different range of frequency and hence different penetrating(穿透性) power. 3. How a notebook computer can receive signals from the AP? Notebook computer should have some adaptors. 4. How is a wireless router different from an ordinary router? Antenna included. Antenna is used to magnify the signals. 146 SOHO Networking and Internet Activites To get signals from a wireless LAN, computers should have wireless adaptors. Examples are shown below: PCI adaptor PCMCIA adaptor USB 2.0 adaptor PC PC PC Notebook Computer Notebook Computer Notebook Computer Practical consideration of Wireless LAN It is impossible for an AP to cover the whole if it’s size is considerable. To solve it, several AP should be installed. It is shown below: A B C D E So, obviously, laptop A will receive signals from device D and laptop C will receive signals from device E. However, laptop B can receive signals from either D or E. Which one would you guess, D or E? The answer is: It depends on the signal strength of the AP. If the laptop B receives a stronger signal from device D, then it would use D. 147 SOHO Networking and Internet Activites Practical usage Internet café Wireless LAN in an organization What is the difference in setting in Internet café and a WLAN in an organization? Internet café allows all users to get access in the LAN, however, in an organization, only authorized persons are allowed to get access to the LAN. The problem is how it can differentiate which one is authorized and which one is not. The answer is SSID (service set identifier). SSID - Service Set Identifier, it is a 32-character unique identifier attached to the header of packets sent over a WLAN that acts as a password when a mobile device (PDA, Laptop) tries to connect to the network. The SSID differentiates one WLAN from another, so all access points and all devices attempting to connect to a specific WLAN must use the same SSID. A device will not be permitted to join the network unless it can provide the unique SSID. An SSID is also referred to as a network name because essentially it is a name that identifies a wireless network. Since it is weak by itself in security, data encryption (WEP or WPA, the latter is supposed to be more secure) should be deployed to strengthen the securities. SSID – Setting example: Note: Data encryption is not being set in the above example. And so, it can be easily cracked by some tools. Example is shown below: 148 SOHO Networking and Internet Activites Hotspot A terminology that describes an area that provides Internet connection to the public is called “hotspot”. Internet café is an example of hotspot. Other wireless technology Bluetooth GSM 3G Advantages and disadvantages of using wireless LAN? (It is important in examination!) Advantages Low cost because no cabling needed. Mobility and relocation. Wireless adaptor is built in feature in most notebook computers. More and more hotspots available in cities. Disadvantages Power consumption is still high for battery. Securities concern, even though it is correctly configured, it is still breakable. 149 SOHO Networking and Internet Activites Access Points typically default to an open (encryption-free) mode. Novice users may not be aware the danger. Limited range Interference between different APs. Since it is important in the exam, please memorize them!!! Keywords: Adaptor Penetrating power Antenna PCI AP Access Point PCMCIA Effective range RF Hotspot Signal strength IEEE 802.11 SSID Simple revision questions: 1. What is the unit in measuring the transmission rate of a wireless router? M bps 2. What are used as the measures to secure a wireless LAN? SSID, WEP, WPA 3. 802.11g is fast in data transmission, so, what will you comment if a 802.11g wireless router is being used to view a video, say 2.0 M bps? The maximum transmission rate is 54 Mbps which depends on the environment (obstacles, distance, etc) So, the ordinary speed would be only half of it, i.e. 25 Mbps. Also, this speed is being shared with other users in the same LAN. i.e. if there are too many people, say, 20 persons, the speed may not be enough. 150 SOHO Networking and Internet Activites Integrated Exercise 01 David is a senior coordinator in an international company, he has to use email to communicate with his subordinates and his clients. a) What kind of protocols will be used in sending and retrieving email? SMTP, Small Mail Transfer Protocol POP, Post Office Potocol b) For the following email features, briefly describe in what way they can help David communicating effectively with his subordinates and his clients? (i) carbon copy (cc) (ii) blind carbon copy (cc) (iii) hard bounce (iv) forward (v) redirect (i) cc is used to send the email to a group of people other than the receiver alon. (ii) bcc is used to send the email to a group of people secretly which does not let the receiver know. (iii) hard bounce is used to send a message back to the sender which indicates that the mail has not been sent successfully to the assigned receiver. (iv) forward can be used to forward a received email to other people, i.e. share the email. (v) redirect can be used to redirect all the received email to a newly assigned email account. It is useful when you want to centralize the emails into one frequently used email account. c) Apart from the features appears in part (b), can you think of other features? Name four of them. reply to all, filters, address book, email signature, attachment (any four) d) There may be some problems accompanied by using email, name two of them. Phishing SPAM 151 SOHO Networking and Internet Activites Integrated Exercise 02 David is a software engineer in a web design and web hosting company. His company can help their clients to register the domain names of their companies. David developed an application for the clients to logon to his company’s computer system through Internet. The client can logon the system by using the URL “telnet://clients.webdesign.com.hk/admin/logon.cgi:1010”. a) Dissolve the URL. Protocol: telnet Registered Domain: webdesign.com.hk (Domain name: clients.webdesign.com.hk) Resources: admin/logon.cgi Port number: 1010 Since Blog is very popular nowadays, David developed an interface together with some templates for his potential clients to create their Blogs. Blog needs to use RSS to share their contents. b) Is RSS a kind of HTML, if not, what is it? What is the main use of RSS? RSS is not a kind of HTML, it is a kind of XML (Extensible Markup Language) RSS is mainly used for subscription of contents by others. This company provides web hosting services, so, there is a main server that provides storage for the web pages of their clients. There are two grades of clients, they are “general grade” and “premium grade”, general clients will have 500M Byte storage and premium clients will have 2G Byte storage. This server has three 72G Byte hard disks and run on RAID 5 mode. c) (i) Describe what is RAID 5 mode? A file is striped into 2 or more hard disks and one of the hard disk is used to store the party data such that the data in the other hard disk can be retrieved the redundancy hard disk. (ii) Can this server support 50 premium member and 80 general members? The minimum storage = 50*2 + 80*0.5 = 140G RAID 5 mode can give maximum 72*2 = 144G storage, since OS will occupy around 3G, so, 1G for temporary storage is not enough, so, it cannot support this number of clients. (iii) Apart from the server computer, name two other hardware peripherals that should be installed to provide a stable environment for the server. UPS Firewall (Web hosting company) 152 SOHO Networking and Internet Activites David wants to setup a wireless LAN in the office. Here is the drawing of the office. Internet connection Wall Plate Supervisor’s A Room B Manager’s Room Desks for the staffs C E d) D Which zone, A, B, C, D or E, should these devices be put? Zone e) Clients Servers Access Point Cabled Router / A C B Now, David has to decide to adopt a technology to implement this wireless LAN, should he choose Bluetooth, 802.11b or 802.11g? Briefly explain please. We will not use Bluetooth, it is because Bluetooth is designed for short distance usage.The effective length for Bluetooth is 10 meters. We will choose 802.11g, it is because it has a long effective length, say, 100 meter with high speed Transfer rate (54M bps) f) David uses a technology called NAT to sharing the Internet connection in his office. Briefly describe what it is. Network address translation (NAT) involves re-writing the source and/or destination addresses of IP packets as they pass through a router or firewall by making use of different port number. g) Do David needs to provide different IP to different clients(web hosting) ? No need. <End of Integrated Exercise 02 (Internet)> 153 SOHO Networking and Internet Activites Integrated Exercise 03 Mary works in one of the local offices of a big organization as a clerk. a) She has to type a lot of documents everyday. Occasionally, she needs to work on the company accounts by performing some calculations. Besides, she has to communicate with colleagues in other offices. (4 marks) (i) Suggest how she can use IT in accomplishing these tasks. She can use a word processor to prepare the documents; use a spreadsheet program for calculations; and send electronic mails to colleagues for communication. (ii) Her company is going to setup a system to sell product through the Internet. However, usually, customers do not have enough confidence to the small scaled company like hers. What would be the usual practical way to do a safe transaction online? The transaction can be done through trustworthy 3rd party online payment company like paypal. b) To enable e-commerce as mentioned in part (a), a web site has been established. A customer has to register to become a member before doing any transaction. The registration is done by a online form which is shown below: ( 6 marks) The following shows the corresponding HTML codes: 10 <form name="form1" action="register.php" method="GET"> 20 UserName: <input type="text" name="username"><br> 30 Sex:<input type="radio" name=”sex” value=”M”> Male 40 <input type="radio" value=”F”> Female <br> 50 Age: <input type="text" name="age"><br> 60 Password: <input type="password" name="password"><br> 70 Re-enter Password: <input type="password" name="re_password"><br> 80 <input type="submit" value="submit"> 90 </form> (i) Which two lines should be modified? And how should be modified? Line 10, method = “Post” Line 40, input type=”radio” name=”sex” value=”F” (ii) Why age is not a good choice? 154 SOHO Networking and Internet Activites It is because age will keep changing regularly, we should use date of birth instead. (iii) Suggest a suitable validation check for the field “sex”. Completeness check (iii) The webpage is in fact encoded by Unicode (shown in below), If the user has used ‘Traditional Chinese’ as the coding, what will happen? The web page will not change much because the content is using ASCII code. OR The web page will give lots of meaningless characters the web page contains not only English characters (i.e. ASCII characters) (iv) After successful registration, a user ID is generated by the system. The structure of the user ID is as follows: X1 X2 X3 X4 X5 Check digit If the first letter (X1) would be an English letter varies from ‘A’ to ‘Z’ and the others are digits varies from ‘0’ to ‘9’. Then, what is the maximum number of members allowed in this system? =26x10x10x10 = 26000 <End of Integrated Exercise 03 (Internet)> 155 SOHO Networking and Internet Activites Integrated Exercise 04 2. The following shows the layout of antivirus software, PC-cillin. Answer the following questions according to the layout. a) In the usual setting, anti-virus software like PC-cillin will run on the background automatically during the time of booting without manual action taken by the users. What is the reason for that? What other software will do the similar operation? (2 marks) No manual action required because it can safeguard the system even though the users forgot to activate the anti-virus program. Firewall will perform similarly. b) “Scan Now” is an option to scan and check all the files in the computer system whether there is any files get infected. Since obviously the computer system is under the protection of the anti-virus software, then, why this option “Scan Now” required? (2 marks) Computer virus will not take any action unless human intervention happens. That means computer files will contain some viruses even though it is under the protection of anti-virus program only if this infected file has not been executed. This option enable no virus has been hidden in the computer system. c) Briefly describe what the function of the option “Update Now” is. (2 marks) Virus signature: Virus signature is similar to the fingerprint of an offender. When the antivirus software company receives a new type of virus, it will extract a small and unique segment of binary code from the virus program which can represent the virus type. It forms the basis of identifying the viruses by the antivirus software. d) What is the function of ‘Quarantine’? (1 mark) 156 SOHO Networking and Internet Activites It isolates the suspected infected files. e) This anti-virus program PC-cillin provided a shareware version for the users to try the software. (7 marks) (i) Some people argued that since it does not need to have a license to use the shareware, so, this program is not copyrighted. Do you agree? No, the company has the copyright. (ii) To get the free download of this software, a user has to sign up as a member of the company. In the registration form, it shows an image which contains a distorted word string. The user is requested to fill in the string into the registration form. (See the figure below.) Explain what the reason to require a user to enter this code is. To avoid other computers using some programs to get the membership automatically. i.e. To make sure that a membership can be applied by human beings. (iii) If your membership has been successfully applied, the system would send you a confirmation email to your email account. In the confirmation email, there is a hyperlink which requires you to click on it to activate your membership account. The hyperlink is shown below: http://www.pc-cillin.com/confirm.php?acc=2617&code=31882657 Explain what would happen when this hyperlink is being clicked? This hyperlink will send a two data ‘acc’ and ‘code’ to a program called ‘confirm.php’ resided in the server of the web site www.pc-cillin.com. This server side program will contact with the database of the members and update the membership. (iv) At last, you can login the system of the web site www.pc-cillin.com. Before you enter your username and password, a warning message has been popped up, it shows: “You are going to enter a secured network of which the data will be encrypted by a secured key (256 bits, SSL)”. One of friend told you that 256 bits data encryption enable to support 256 different keys so it is very secured. What is your comment? Give a brief explanation to the popped up statement. 256 bits data encryption not only 256 different keys, it supports 2256 different keys. This data encryption uses asymmetric key infrastructure which it sends a public key to the users to encrypt the data, the encrypted data is then sent through the Internet to the web server. The encrypted data cannot be decrypted except the private key in the web server. <End of Integrated Exercise 04 (Internet)> 157 SOHO Networking and Internet Activites SOHO Revision Exercise 01 1. Which of the following is a class B IP addresses? Justify your answer. a) (i) 23.66.77.88.112 (ii) 132.65.88.3 (iii) 221.98.102.43 (1 mark) (ii) is a class B IP address. It is because the leading 2 bits for part (ii) is 10 ( 10000100.X.X.X), so, it is a class B IP address. b) How many bits are used for the subnet mask for a class B network (1 mark) 16 bits c) What is the maximum number of hosts that a class C network support. (2 marks) 28 or 256 d) What does it mean if a network is described as 192.168.128.0/24? What is the difference between 192.168.128.0/24 and 192.168.128.0/20? It means it uses 20 bits for the subnet mask. Its available IP addresses ranges from 192.168.128.0 to 192.168.128.255. For 192.168.128.0/20, its IP addresses ranges from 192.168.128.0 to 192.168.255.255. 2. A server uses RAID technology to secure its system. a) It uses RAID 5 technology and it works with 4 hard disks (with each 200GB). What is the maximum storage in GB that it can use to store data? Justify your answer. (2 marks) It can use at the maximum 3x200GB = 600GB storage. It is because one of the hard disk is used for the parity checking for the recoveries, that is, it is redundant. So, the storage available is 600GB instead of 800GB. b) It uses RAID 0 technology and it works with 2 hard disks (with each 200GB). What is the maximum storage in GB that it can use to store data? Justify your answer. (2 marks) It can use at the maximum 2x200GB = 400GB storage. Since files will be divided into two separate parts and then they will be delivered into different hard disks. c) It uses RAID 1 technology and it works with 2 hard disks (with each 200GB). What is the maximum storage in GB that it can use to store data? Justify your answer. 158 (2 marks) SOHO Networking and Internet Activites It can use at the maximum 1x200GB = 200GB storage. Since files will be imaged into two hard disks. That is, an exactly the same files will be copied into another hard disks for the sack of data recoveries. c) It uses RAID 1 technology and it works with 2 hard disks (with each 200GB). What is the maximum storage in GB that it can use to store data? Justify your answer. (2 marks) It can use at the maximum 1x200GB = 200GB storage. Since files will be imaged into two hard disks. That is, an exactly the same files will be copied into another hard disks for the sack of data recoveries. 3. Wireless network is widely used nowadays, but data security is always a matter to be concerned. a) Suggest a suitable method to avoid important data being captured by hackers. State a problem it raises by this method. (2 marks) Data encryption should be used. Usually, authorized users are given a special key. This key would be used for data encryption by symmetric key system, i.e. the same key would be used for both the encryption and decryption. The problem of this method is that like the password for the gate of a building, it is very easy for users to disclose this secret key to other users. Also, when you to change the key, it is troublesome to notify to all other authorized users. b) Suggest a suitable method to avoid unauthorized users to get access to the network. (2 marks) The physical address (MAC address) of the wireless NIC of the authorized users should be recorded and registered so that they are allowed to get access to the network, for those whose MAC addresses are not registered will not be allowed to get access to the network. c) As a school, we want to let the students uses the wireless network at the school, however, we don’t want to the students to use the wireless network after school, what would you suggest. (2 marks) We can set the AP (Access Point) such that it will work only at a specific time zone, e.g. from 8:00 a.m. to 5:00 p.m. so that users cannot use the wireless network after school. 159 SOHO Networking and Internet Activites 4. To secure the LAN for the attack from the Internet, a firewall would be installed between the LAN and the Internet. LAN a) File Server The Internet DM Zone PC1 PC2 PC3 Firewall PC4 PC5 PC6 PC7 A DM Zone (Demilitarized Zone) will be arranged between the Intranet and the Internet. Describe what kinds of devices will be installed in this area. (2 marks) Devices that have to be connected the public from the Internet. E.g. Web server, mail server. E.g. Inevitably, web servers has to be opened to the public (Internet) However, we want to secure the LAN, so, just part of the network, i.e. DMZ is opened but not all the LAN. b) Describe what are the main characteristics of the DM Zone? Why it can improve the security of the LAN? (2 marks) It allows connections from the PC in the LAN to the PC / servers in the DMZ. Also, the public can access to the DM Zone. However, connection from the DMZ to the PC in the LAN is not allowed. This can strengthen the securities as hackers cannot access the LAN by controlling the PC in the DM Zone. c) There are many different kinds of servers in the network, what is the main difference between a web server and a file server? (2 marks) Web server is used to process and then deliver web pages to the clients, also, it is opened to the public. File server is used to manage the network, e.g. user account setting, right setting. It’s accessibility is limited within a LAN. d) To send a file from PC1 to PC6, we can use FTP. However, To send a file from PC1 to PC3, should we use FTP? Why? (2 marks) We should not use FTP. For FTP is used to transfer file through the Internet. It will consume a lot data for the overhead (data checking) so that it will diminish the efficiency, therefore, for transferring data inside a LAN, we should not use FTP. 160 SOHO Networking and Internet Activites e) Why do the staffs of the company would save the documents into the file server instead of the local computers like PC1, PC2 or PC3? (2 marks) Files can be centralized so that the most up-to-date files can be kept in the server. So, we can share the files easily. Also, the files in the file server will be backup frequently which will strengthen the files protection. 5. To enable e-commerce through the Internet, data encryption / data decryption were adopted. There are two kinds of methodologies. They are, symmetric key infrastructure and asymmetric keys infrastructure. Describe briefly how these technologies can help the following scenarios. a) A bank provides e-banking services to the users such that the clients can access the web site of the bank through the Internet and performing jobs like checking the account and transfer some money from account A to account B. (3 marks) Asymmetric keys should be used. When a user want to access the web site of the bank through the Internet, the server of the bank will distribute a public key to the users. This key is public so every user can get the same key, this key is used only for data encryption, this encrypted data cannot be decrypted by this key. The encrypted data can only be decrypted by a private key which is stored in the web server of the bank. So, when the encrypted data can be transferred safely from the users to the server through the Internet.. b) A client ordered a pair of earrings from an e-auction company by using digital signature. (3 marks) The emphasis of digital signature is that the sender is the digital signature owner. In digital signature, a smart HKID card and a card reader should be installed / (usually) a program is installed in the users computer. There is a private key (from the program installed or from the smart card) to encrypt the data. So, when a user ordered anything online, the order data is encrypted. The encrypted data cannot be decrypted except for its public key (which can be obtained from the post office). By using this asymmetric key infrastructure, ordered data can be proved if it is sent by the owner. <End of SOHO Revision Exercise 01> 161 SOHO Networking and Internet Activites SOHO Revision Exercise 02 Peter is responsible for setting up a LAN for a small company. There are a number of tasks for him to perform: 1. Setup a Client/Server network that has a file server and a printer shared in the network. 2. Setup a web server so that the public can browse the web pages of the company. 3. Setup a mail server so that the staff and other business partners can communicate. 4. Setup a firewall to enforce the network securities. 5. Enable a service so that the staff can access to the LAN of the office in a safe way. With the information above, answer the following questions: a) What are the strengths of client/server network over peer-to-peer network? What is the difference between individual user right and group user right under a domain? How these two authority system facilitate the network management? Since users has to logon the domain / system in order to gain access to the network, so, different user right can be assigned to different users. Individual user rights are assigned according to a particular user. Group user rights are assigned according to a particular group. This practice can facilitate the network management because a person should be able to access to certain resources based on his working group (e.g. IT folder for I.T. group or Maths folder for Maths group) or based solely on his own account. i.e. When a person changed from IT department to Maths department, all the network administrator have to do is to assign the group policy Maths to him and delete his IT group policy. b) State the reasons why hardware like switches and routers are required in the above scenarios? In a network, there would have a number of computers. Switches are needed to connect all the computers in the same network, i.e. network under the same LAN. A router is needed also because a LAN is going to connect to the Internet. To a LAN, the Internet is another network, so, a router is needed to enable communication between different networks. c) What is the role of file server in the above network? Is there any hardware requirement for a file server? A file server is used to (1) Share network resources like hard disk spaces. (2) Assign users policies (individual user or group users) (3) Distribute IP addresses (4) Control the domain structure (5) System logging and event logging The utmost requirement of a file server is stability. So, the hardware requirement of a file server is: 162 SOHO Networking and Internet Activites Data recovery concern: The system should be run under RAID-1 or RAID-5 technology. Backup concern: There should be backup system like FULL backup by magnetic tape. Electricity supply concern: UPS should be installed to avoid system crash because of sudden short of electricity supply. d) What kind of printer will you suggest in this scenario? State how a printer can be shared in a network. Multifunctional printer will be suggested in this SOHO, it is because it can provide several functions like fax, photocopy, printer and scanner in just one machine. But if you want to have a heavy duty printer, you should choose laser printer because it is the fastest in printing. A printer can be shared in the same network if (1) it is connected to a PC and this PC shared this printer in the same network. (2) the printer is connected to a print server (it is a small machine box), this print server has its own MAC address and hence can be assigned an IP address, so, computers in the same network can access to the printer through this print server. (3) Connect to a network printer. This printer has its own IP address and hence can be shared in a network without the help of any PC. e) State the procedure required to host a web site (i) in the company. (ii) in web hosting company (i) For hosting web site in the company (1) Install the web server software (2) Register a domain name (3) Get a fixed IP address from ISP (4) Map the domain name into the fixed IP address which is done by the ISP (5) Set the appropriate firewall setting, e.g. Open the HTTP port (port number 80) so that the public can get access to the web server. (ii) For hosting web site in web hosting company f) (1) Register a domain name which is usually done by the web hosting company (2) Rent the service for the web hosting What are the advantages for hosting web sites by (i) self-development (i.e. hosting web server in the company) and (ii) web hosting company. 163 SOHO Networking and Internet Activites (i) Self-development (1) Unlimited storage (2) Fast and easy of updating information (3) choice of server-side programs is more, e.g. php, aspx, cgi, etc. (4) no limit to the throughput (ii) Web hosting company g) (1) No experts needed to setup a website (2) Initial investment cost is low (3) Better securities protection by some experts. (4) Upload speed usually is faster If the registered domain name of this company is “abc.com.hk” and peterchan is peter’s user account under the domain, what would be the email address for peter? It may probably (but not necessarily) be peterchan@abc.com.hk h) What are the advantages and disadvantages of web based email over dedicated email account? Advantages: (1) mails can be sent and received anytime anywhere (2) no special (non-free) software needed (3) unlike dedicated mail software, usually, it will not be attacked by virus Disadvantages: (1) usually, no data encryptions provided, it is very inconvenient for some business activities. (2) usually, no POP3 services provided, i.e. you will not be notified a new mail even you are online. i) (3) unlike dedicated mail software, it does not support newsgroup (4) unlike dedicated mail software, it does not support digital certificate What is a firewall? Firewall is a device (it may be software based or hardware based) that can block or allow connection between LAN and the Internet. We can set rules to allow or block services according to (i) Port number (ii) Particular range of IP addresses (iii) Particular domains j) For the above information, there is one security concern that has been missed. What is it and how is it prevented? Computer virus attacks should be concerned. Anti-virus software should be installed 164 SOHO Networking and Internet Activites to in proxy server, the client computer and the file server to protect the system. k) What is your suggestion to “Enable a service so that the staff can access to the LAN of the office in a safe way”? A VPN server should be setup. All data transmitted will be encrypted with a private key and then, this data will pass through the Internet. The receiver will have the same private key to decrypt the data. In this way, data will be secured. l) Sketch a diagram for the above network. Switch Firewall Router (DMZ), web, mail server…… Internet Keywords in this revision exercise: Individual user right Group user right Group policy Switches Distribute IP address System logging Event logging RAID-1, RAID-5 FULL backup magnetic tape UPS Multifunctional printer fax photocopy scanner heavy duty print server MAC address Map domain name HTTP Port Server-side program throughput dedicated mail software POP3 services digital certificate Proxy server VPN server Private key DMZ <End of SOHO Revision Exercise 02> 165 SOHO Networking and Internet Activites SOHO Revision Exercise 03 1. Peter is an I.T. professional, his boss asked him to form a network in the office. He suggested a client-server network to his boss. Below shows the simplified diagram for his suggestion. a) If the boss does not want to form a client / server network. Is there any other suggestion? What are they? And what are the differences? (2 marks) We can choose to use peer-to-peer network. The difference between client server and peer to peer network is that client server requires user and password logon system which enable higher security to the network. b) What is the topology it is using? (1 mark) It is using a bus topology. c) Apart from the network, new computers should be purchased. Peter proposed two kinds of computers to his boss. The following are the comparison of the two proposed computers: Computer A Computer B CPU 3.2 G Hz, 4MB L2 Cache 2.8 G Hz, 4MB L2 Cache RAM 2x1GB, 533M Hz 2x2GB, 400M Hz, ECC Hard disk 2x200 GB, 10000 rpm, 8MB 3x200 GB, 10000 rpm, 8MB Optical Device DVD RW DVD ROM Extra features 256MB 3D Display Card RAID5 enabled Why should he propose two different kinds of computer to his boss? State with explanation one main difference between these two computers. (2 marks) The network requires two different kinds of computers. One is a common desktop PC and the other one is a server computer. Obviously, computer A is for desktop PC and computer is for the server. The main concern of the server would be stability, so, it should be run in the RAID5 environment. RAID 5 enable the data protection even though one of the hard disk is crashed during the time of processing. 166 SOHO Networking and Internet Activites d) In the above diagram, the printer is connected to the server and is being shared in the network. That is other desktop PC can connect to the printer in the LAN, that means the printer can receive the print job from the desktop PC in the LAN. (7 marks) (i) Usually, the printer works fine, however, sometimes, the other desktop PC cannot connect to the printer in some occasions. Suggest a situation that why it happens like this and also suggest a solution for it. A printer cannot be shared in this network if the server is not switched on. (It is because this printer is shared through the server.) To avoid this problem, a network printer (or a printer with a print server, i.e. a printer with an IP address) should be installed instead of a ordinary printer. (ii) To select a suitable printer, we need to focus on the requirement of the office. There are in fact 3 different printers required in the office. 1) A shared printer in the LAN for ordinary document. This printer should be able to handle heavy duty. That is, it can finish a lot of print jobs in short time. 2) A printer for the design department. This printer should produce high quality color printouts for various sizes. 3) A printer for the boss, this printer is being restricted for the boss use only. He would require it to print some confidential documents, also, it would scan some images for himself and most importantly, it can receive some faxes. Suggest suitable printers for each case. Point out what would be the useful measurement for the printer in the cases of (1) and (2). For case 1, a laser printer (mono or color) is recommended. The useful measurement would be ppm (i.e. Page Per Minute), the higher the faster. / The buffer would be the useful measurement, the greater the buffer, the more printer it can handle. For case 2, a plotter is recommended. The useful measurement would be dpi (dot per inch). For case 3, a all-in-one printer is recommended. e) Apart from hardware, software like operating system should be installed. State what kinds of OS should be installed in the server. What kind of OS would be needed for PDA? Network Operating System (NOS) Mobile Operating System <End of SOHO Revision Exercise 03> 167 (2 marks) SOHO Networking and Internet Activites SOHO Revision Exercise 04 1. The above diagram shows a network configuration of a company. There are 8 computers in the internal network (LAN). These PCs in the internal network can be assigned real IPs or virtual IPs. a) (i) Give one possible real IP address (class C) for PC 1. (1 mark) 218.34.128.63 (ii) Give one possible virtual IP address (Class C) for PC 1. (1 mark) 192.168.1.1 b) Give one advantage and one disadvantage of using real IP address for the computers in the internal network. (2 marks) Advantage: It is easier for setting up some application to connect the internal PC with the external network. Disadvantage: It is easier for the hackers to attack the internal PC in the network. c) Name the devices A, B and C. (2 marks) A: Switch B: Router C: Firewall d) Which device would usually have more than one IP address? Give the reason why it should have more than one IP address? (2 marks) Router One IP is for internal network and the other one is for the external network. e) If a web server is going to be added in this network, which device should this server be connected to? Device A, B or C? Why? (2 marks) 168 SOHO Networking and Internet Activites Device C / the firewall. It should be connected to the DMZ of the firewall to reduce the risk of intrusion from the external network. 2. The following shows some hardware and their quantities: Hardware Quantity ADSL modem 1 Wireless Router X A server 1 PC 5 Laptop 3 UTP Y Wireless adapter Z You are a staff for a company and are assigned to form a network with the above hardware. The requirement of the network is that all the computers should be able to connect to the server and connect to the Internet. (It is assumed that all the PC has installed a network card, but the laptop computer has no network card installed) a) To successfully setup this network, what should be the number of X, Y and Z? (2 marks) X: 1 Y: 6 Z: 3 b) Sketch the diagram for this network. You should label each device clearly. (2 marks) c) To save money, the company chooses to use open source program for the office automation. What is open source program and why can it save money? (1 mark) Open source program would provide the source program code to the public and allow the others to use and to modify the program code without any 169 SOHO Networking and Internet Activites charge. d) For the OS, the company has to buy some OS licenses. What kinds of and how many licenses should the company buy? (2 marks) For the server, we should buy a server license, for the PCs and the laptops, we should buy desktop OS. So, altogether we should buy 9 licenses. 3. David is a staff in a company, his department has 25 staff and there are altogether 10 PCs installed in this department and they are opened to the staff so that they can share to use these 10 computers. Also, there is a file server installed in the company but it is not opened to for other users to use. It is mainly used for the users to store files and data. The network for this department is 10.129.77.128/28. a) Unlike at home, David has to provide username and password to get the right to use the computer in the office. Why there should be such difference? (2 marks) At home, he can set the access mode such that no username and password required to get the access. However, at the office, because the computers are shared among the staff, so, each staff should have a different username for logging onto the system / domain. b) Apart from files storage, what is another important function that a file server provides? (1 mark) It is always assigned to perform as a DHCP server, i.e. distribute IP addresses. / Domain Controller. To authorize the user rights. c) Now, the company provides each staff an individual computer for their daily duties, what would you suggest? (2 mark) Because there are 25 staffs, so, the network should support at least 25 computers, however, as the IP address for this network is 10.129.77.128/28, i.e. 28 bits for the subnet mask, only 4 bits are left for the host. i.e. it can at most support 16 hosts in this network, i.e. it is not enough for this network. <End of SOHO Revision Exercise 04> 170 SOHO Networking and Internet Activites New notes: What will be downloaded from a web server if you type a URL in a browser as follows: http://www.yll.edu.hk/index.htm 171