Unit 1.3.3. Networks
Networks
editA network is simply a collection of connected computers and devices. These devices are known as nodes, and are most commonly computers, but can include printers, scanners and secondary storage devices. Each device must be connected to the network via a Network Interface Card (NIC) or equivalent circuitry which is built into their motherboards. Every device connected to the network must have a means of being uniquely identifiable, so that messages intended for that device reach it. Networks are incredibly common now, due to the desire to share data and communicate efficiently. A centralised location for data storage is ideal for users who all need access to the same data.
Private Networks
editEven with the modern day internet there are many organisations which still use their own private networks. The advantage of a private network is that it gives complete control to the owner. There is control over:
- Security - including data access rights
- Software provision
- Availability of the service
There are however large downsides to owning a private network; they require a team of specialist staff, particularly for a large private network, to maintain it as well as ensure its security. Due to the dependence on these networks their downtime must be kept to a minimum and various methods are used to ensure any risks are minimised:
- System redundancy - essential equipment is duplicated in the event of a hardware failure
- Backups - regular backups ensure a copy of stored data is always available
- Failover systems - these systems detect errors and anomalies and move processes over to an alternative system to avoid major errors
- Disaster Recovery Plan - A plan which provides procedures to be implemented in the event of a major disaster, to ensure the effects of the problem are minimised and solutions to the problem are applied.
Network Hardware
editThere are common hardware components used in a network, who's jobs are to generate, transmit and interpret the electrical signals of the network.
Network Interface Cards (NICs) (AKA Network Interface Controllers)
editThese circuits use Ethernet connections in order to transmit and receive data. Modern day computers mostly have NICs built directly into their motherboards.
MAC Addresses
editMAC Addresses are not strictly a hardware item, however they are allocated uniquely to network connected devices by a manufacturer. They are 48-bit identifiers, usually quoted in 6 pairs of hexadecimal numbers, for example 09:01:17:0E:21:B8 The first 3 octets identify the manufacturer of the equipment, and the rest are allocated in a unique method.
Routers
editA router provides a means of connecting networks. It receives data packets from one network and using the address provided by the packet, it forwards the packet on towards the correct network. Routers determine where to send packets according to a table of neighbouring networks or using an algorithm to determine the most efficient step for the packet. Each router knows which other routers are closest to it and by sharing information it allows the optimum route for a packet to be calculated. Smaller routers used in homes connect computers to the Internet Service Provider (ISP). Larger organisations and those who run the infrastructure of the internet, use very powerful and high speed routers which direct traffic accordingly.
Wireless Access Points
editMost modern networks have wireless access points. These enable wireless devices to connect to a network temporarily. Some organisations use a BYOD policy (Bring Your Own Device) which allows visitors to connect to the organisations network. This is the same method that is implemented in many public spaces, such as cafes or train stations. Connections can be made from approximately 100 metres away, which can cause concern over signal interception. There are various methods which are employed in order to try and circumvent attack:
- Hiding the SSID - The SSID (service set identifier) identifies a wireless access point. Hiding it prevents it being seen by other users.
- Encryption - Signals sent between the router and device can be encrypted by various standards, most common nowadays is WPA or WPA2/PSK (WiFi Protected Access), which uses single use cryptographic keys. WEP (wired equivalent privacy) is now easily intercept-able.
- Limited Access - Access points can be configured to accept communications only from certain MAC addresses, however this is impractical where many new devices are likely to connect.
Network Topologies
editPhysical Layouts
editBus
editThe bus network uses a common backbone, to which each device is connected. This network has a limited size as the backbone is typically made of copper and hence suffers from attenuation (weakening of the signal) over a distance, which can then lead to error transmission. If one component of the backbone fails, the whole network will also fail. They also require terminators at either end in order to prevent data reflection and increased data collisions.
Star
editA star network uses switches or hubs to connect device to (a) server(s). This is the most common layout as it allows easy addition of extra nodes, and is far more robust than a single backbone would be.
Ring
editA ring network connects each computer to another two computers. This aims to solve the issue of data collisions by sending data in a single direction. It does mean however that all data passes through all machines, which could be a security concern if the packets were to be inspected.
-
Star topology
-
Ring topology
-
Bus topology
The Extent of Networks
editLAN
editLAN - Local Area Network. This network exists in a limited and defined location. This could be a campus, a classroom or a single office building. A key feature of a LAN is the infrastructure running it is owned by the organisation/property owner, who is therefore responsible for its maintenance.
WAN
editWAN - Wide Area Network. These networks cover a large geographical area, often consisting of interconnected LANs spread across multiple sites. The internet can be considered as a WAN, but they are often used where a private link is needed with branches in different places.
SAN
editSAN - Storage Area Network - This is a dedicated storage network used for large scale data storage in data-centres. They are incredibly efficient as the servers used consolidate all their storage devices to make up an array of disks of great capacity and very high performance.
MAN
editMAN - Metropolitan Area Network - These networks provide WAN services within a city.
PAN
editPAN - Personal Area Network - These link personal devices, such as a phone, Bluetooth headphones, tablets and other common devices.
Organising Networks
editThere are two main network models - client-server and peer-to-peer:
Client-Server
editA client server network uses the model where an entity (in this case the client) requests the services of another entity (the server). It is the most common network model, as it separates out functions and therefore a more efficient way of managing resources. It works on two separate "classes" of computer, where the server is a machine providing services to a client. Typically the servers are large and powerful but tend to only serve one purpose, whereas the client machines are less powerful but more general purpose. The server also houses all the security functions, such as usernames, passwords and access rights.
Peer-to-Peer
editIn this type of network, every computer has equal status. Each computer can act as a client or a server, depending on the circumstances of the time. There is no centralised control system, meaning the model can be cheaper to implement, and benefits such as server-less file sharing are made possible. Torrenting is a popular use of peer-to-peer, as well as the online currency BitCoin.
Layering
editComplex problems, such as those in network communication, can use layering as a means to simplify the problem. A typical network laying system such as this could be implemented:
Application Layer
editThis layer is concerned with collecting and disseminating data across a network. This can be human users or remote devices. This layer needs to work out the nature of the data being collected and how it needs to be used e.g. human readable formats or formatting for another device.
Network Layer
editThis layer is concerned with how the data is transmitted around the network.This includes the nodes, the topology in use and how to best get the information from source to recipient.
Physical Layer
editThis is the medium of the network, which could be optical fibre, copper cable, coaxial cable or even a wireless connection.
The Open Systems Interconnection (OSI) Model
editThis is an openly available model provided by ISO (the International Standards Organisation) and consists of seven layers, using abstraction to easily see each component of the network:
Layer 7 - Application
editThis is the layer closest to the user. It collects or delivers data and passes it to and from the presentation layer.
Layer 6 - Presentation
editThis layer deals with any conversions between data as it is sent over the network, and data as needed by applications. This layer may handle encryption and decryption operations.
Layer 5 - Session
editThis handles the starting, managing and termination of connection sessions. It provides simplex, half duplex and full duplex operations.
Layer 4 - Transport
editThis is concerned with keeping track of the segments of a network, checking for successful transmission and packetisation.
Layer 3 - Network
editThis layer handles the transmission of data packets and their routing
Layer 2 - Data Link
editThis controls access, error detection and correction within the model.
Layer 1 - Physical
editThis is concerned with the physical connection between devices, and the transmission media.
Protocol - An agreed set of rules for communication between two computers. This is agreed between computers during the handshake period. Protocols have logical and physical components. The logical components tend to consist of the types of error checking used (such as parity or check digit) or the bit rate, while the physical components govern how the data is transmitted, such as the type of wires connecting the computers (parallel or serial), the WiFi frequency, the modulation used or the type of routing. Because the first set of protocols to be decided are physical, then logical, the protocols can be layered, meaning one is built upon the other. This means changes can be made to a single layer without modifying the rest of the protocol. This in turn allows protocols to be standardised.
The TCP/IP Stack
editThis is a complete set of many protocols covering data transmission across a network. It consists of four layers:
Application
editThis layer handles the production, communication and reception of data. The applications must produce data that is usable by the applications requiring it e.g. A remote sensor must produce the correct data for the analysis program. (This is layers 7–5 in OSI) HTTP (Hypertext Transfer Protocol) and FTP (File Transfer Protocol) operate at this level.
Transport
editThis layer deals with the establishment and termination of connections between network entities. It ensures the reliable flow of data across the network.
Network
editThis layer provides links to transmit data-grams across different networks. It directs data-grams from one router to another. This is the level where IP works.
Physical
editThis layer is concerned with transmitting data-grams to the local physical network - it is designed to move the data independently of the hardware, so it can operate over any transmission media, such as copper, fibre or WiFi.
IP Addressing & DNS
editIP Addressing
editWhen making use of the TCP/IP stack, each device across the network is assigned a unique IP address. The current version in use is IPv4, which uses a 32 bit number to identify devices, e.g. 192.167.1.254. They are groups of 4 bytes (an octet). The newest version, IPv6, uses 8 groups of hexadecimal numbers and is displayed in a similar way to a MAC address. IP addresses can be permanently assigned to a device, although this is uncommon. They are usually dynamically assigned as devices need them, and the addresses are then released at the end of the session. This is controlled by a DHCP (Dynamic Host Configuration Protocol). Networks will often setup their own internal subnet.
DNS
editThe DNS is the Domain Name System, and it is a system for naming resources on a network. It is a hierarchical system, and is used on private networks as well as across the internet. Different devices on a TCP/IP network can be named using this system, so they all have unique names. TLD's (top level domains) are to the far right of the name (such as com, uk, net or edu) then the name moves down in the domain chain moving left. Each different part of the domain name is separated by a dot, for example www.wikibooks.org.uk - "uk" is the TLD, then "org" is the second level domain, followed by "wikibooks" as the third level. The furthest name to the left is the host name, which is the name of the computer where the resource is originally received from.
This system is designed to allow people to remember user-friendly names, such as google or bing, rather than needing to remember the IP address of the server they are looking for. When you enter the URL (uniform resource locator) of a website into a browser, the URL is sent to a DNS server, which looks up the user-friendly name and finds its IP address. If it find it is will replace the URL with the IP address and connect the devices. If not, if will forward the URL to other DNS servers in an attempt to find the desired IP address.
Packet and Circuit Switching
editCircuit Switching
editCircuit switching provides a single physical connection between two devices, similar to how telephone systems used to work. An operator would connect two people directly to each other, and nobody else could use that line during the communication. This is the principle behind circuit switching, although the operator is replaced by an electro-mechanical valve, or in more modern days transistors were used. This method of switching is a poor use of resources, as it can require multiple cables which are expensive and take up large amounts of space. There are three processes in a circuit-switching session - connection establishment, data transfer and then connection release. It is an acceptable technology when a long-lasting data stream may be in use.
Packet Switching
editThis is a far more common method than circuit switching. Data to be transmitted is broken up into packets, each containing all the information required to direct them to the correct recipient, and then reassemble them. Packets can be sent via different routes depending on connection availabilities, and this allows for a more efficient use of the network.
Network Security
editAuthentication
editThe users of a network are usually required to identify themselves by entering a user ID and password. This is often easy to obtain by potential hackers, as they are usually written down as people cannot remember them. A brute force attack can also be used in an attempt to try out every possible combination of passwords. To circumvent this problem, modern security systems often as for another means of identification, such as a card, a phone or an extra security PIN. Sometimes captchas are used, which are readable by humans but not machines, ensuring a human is logging in rather than an automated machine.
Firewalls
editThe purpose of a firewall is to control the traffic flowing in and out of a network. It can be hardware or software based, and sometimes is a combination of both. It can be setup to block individual website addresses or specific computers. Rules can also be applied so that specific words or other bit streams are filtered out. Packet filtering will inspect packets as they pass through the firewall, and can reject them if they match a pattern. This works at the 3 lowest levels of the OSI model. Other systems can retain packets to determine if they are part of an existing transmission or the start of a new message.
Proxies
editProxies are able to act as firewalls, and are computers situated between one network and a remote resource. If a user requests a service from the network, it is first passed to the proxy, before the proxy server then performs the request on the behalf of the network user. If the resource is banned the request can be rejected, There is never any direct contact between user and resource, as the proxy acts as a "middle man".
Encryption
editThis is a method of concealing information in such a way that no-one other than the intended recipient is able to read it. It is used massively in networking due to the risk of data interception. Large keys are typically used in network transmission, ranging from 64 bits all the way up to 192 bits. Encryption is also a critical part of VPNs (Virtual Private Networks), as the infrastructure is shared with multiple users.