Computer Network and Security
Definition of computer network: Interconnection of computer system to share information.
7.1. Network Connectivity: Data Communication Media
7.2. Network Topology, Network Addressing, IP Sub-netting
Computing device are connected in different topology such as tree, mesh, bus, hierarchical, graphical, and star. Star topology has one central device which will forward data directly to receiver if switch is central device. If hub is used then it broadcasts to all connected nodes. Just intended receiver will keep data other discard it. This has single point of failure.
Mesh topology has multiple paths to exchange information. It is expensive setup but solves the issue of star topology.
In tree topology any node can reach root node.
In bus topology, data is shared through common physical path. Thus, collision of data may occur and data packet is reached to all other receiver.
Network addressing: There are physical and logical address to create networking.
7.3. The OSI reference model:
OSI reference model is a basic model in networking describing in seven layers. Fully OSI reference model is not implemented yet. However, some the technology use portion of services provided by OSI to create new model for networking. Upper layer takes service from lower layer and lower layer provides service to upper layer. There is virtual communication between layers in sender and receiver.
Physical layer provides communication channel using any one of different media such as wired, wireless, satellite communication. It transmits encoded data.
Data link layer can be divided in two types sub-layers: link control layer and media access control layer. Link control layer is below Network layer and media access control (MAC) layer is below link control layer. Link control layer handles error control, flow control and framing. On the other hand, MAC layer handles in transmitting data on shared channel.
Error detection can be done in different methods such as parity bit, Cyclic Redundancy Checking (CRC) method. Even parity means addition of one extra bit in message where parity bit is 1 if there are odd 1’s in message bit and addition of 0 parity bit if even numbers of 1’s is in message bit.
CRC use common polynomial in both sender and receiver to detect error. In sender side, the remainder is added with message bit to create codeword. This codeword is transmitted and checked in receiver side. If remainder is 0 then received message is error-free otherwise it is not.
Hamming distance supports both error detection and correction of message. If message bit size is ‘m’ then redundant bit ‘r’ must satisfy as power of r with 2 must be equal or greater than m+r+1. Redundant bits places are in order of 1,2,4,8…
Flow control can be achieved using sliding window. Go-back-N ARQ, selective repeat ARQ are few techniques to implement flow control. Selective repeat is better than Go-back-N ARQ because sender re-transmits only non-acknowledge frame.
MAC address size is 48 bits which represented in HEX format and separated by colon (:).
ARP is Address Resolution Protocol to map IP address to MAC address and RARP is opposite to ARP.
Network layer use logical address for communication. Logical address are temporary in nature. A device can have different logical address in different time. IPv4 address length is of 32 bits and IPv6 address length is 128 bits. Dual, header translation, tunneling are methods used to make compatible for using both IPv4 and IPv6. In security aspect, IPv6 use IPsec protocol suite and doesn’t has fragmentation, checksum fields in its header which is used in IPv4.
CIDR and classful addressing are used to represent IP address. Subnet mask is used in conjunction with IP address to differentiate network address and host address of IP. Class A starts has 8 bit network with first right bit is 0, 24 bits are hosts address. Class B has 16 bit network and 16 bit host address with starting right bits as 01. Class C has 24 bit network address and 8 bit host address with starting right bits as 011.
Classless Inter-domain Routing, CIDR, represents VLSM by /x as x bits are network address part of IP address.
Sub-netting can be done to effectively manage network. It helps to reduce IP address wasting.
NAT is done to increase IPv4 address problem by transferring data from private network to public network. One single public IP can serve many internal device to forward data to internet backbone.
Routing is a system to choose best path to transfer packet between LANs and WANs. RIP, OSPF, BGP are some routing algorithm. RIP builds table connected with its neighbors. Infinity count problem may occur.
OSPF builds whole network table and “flood” of LSP occurs if network parameters are changed.
BGP is inter-autonomous system protocol used to forward packet in other network too. It is gateway protocol.
ISP may use static routing which is administers by technician to route packets. However dynamic routing are also used.
Transport Layer: A computing node can execute multiple program simultaneously. Network layer just delivers packets to node but not to the process. A node can have http, ftp, telnet, smtp process thus port address of 16 bit is used in addition of IP. This is called socket address. Common ports of telnet is 23, FTP has data and control port as 21 and 22 respectively, SMTP port is 25, Http port is 80. UDP port is 53. 67 port is of . SSL port is 22.
TCP and UDP are two protocol used in Transport layer. TCP is connection-oriented as channel creation, data transfer, and channel termination with acknowledgement of each packet and sequence number to orderly deliver packets to receiver. It consumes more bandwidth than UDP.
However, some application use UDP mostly in real-time application where orderly packet requirement and some loss of packet is acceptable.
Congestion control is also a work of transport layer. Open and closed loop congestion control. Open congestion control are acknowledgment, retransmission policy, … Closed congestion control are backpressure, choke packet, explicit and implicit congestion.
Leaky bucket and token are also used in congestion control as forwarding packet at maximum rate on leaky bucket. In token congestion, use of accumulate token to transmit that number of packet. Token is added at each clock if node is idle.
7.4. Common Network Protocols
7.5. Network Infrastructure
7.6. Remote Networking, Remote Access protocols, VLAN and VPN Technologies
7.7. Internet and WWW
WWW is a collection of webpages. Internet is a public infrastructure which supports to run WWW, VoIP, FTP, SMTP etc.
7.8. Firewall and Routers
Firewall is a set of rules created on premises of network entry/exit, at computing devices such as server/computer. Firewall can be found in hardware and software. Router can also have firewall capability. Router OS such as micro-tik router OS has firewall capacity.
7.9. Digital Certificate and Digital Signature
Digital signature use Asymmetric Cryptography and hashing technique especially to check and make authentication, non-repudiation and integrity of digital message. General steps used in digital signature is: sender compute hash value (message digest) of message text. This is encrypted with private key of sender to generate digital signature. Sender then send message text + digital signature to receiver using transmission medium. Receiver computes the hash value of received message text. Similarly, receiver decrypts the received digital signature using sender public key to generate hash value. If these two hash values computed at receiver are equivalent then the message is digitally verified. This whole process is called digital signature.
The digital certificate authenticate the owner of public key.
In Nepal, Electronic Transaction Act 2063, has provision on use of digital signature. Office of Controller of Certification (OCC) issues license to Certification Authority (CA). CA provides digital certificate to end users such as Radiant Infotech.