Q.1.(a)Why flow control is used at both Data-Link layer and Transport Layer of OSI model? Also, compare the working of Sliding Window protocol of Data-Link layer and Transport layer
A.1. DATA LINK Layer - OSI Model
Data link layer is most reliable node to node delivery of data. It forms
frames from the packets that are received from network layer and gives it to
physical layer. It also synchronizes the information which is to be transmitted
over the data. Error controlling is easily done. The encoded data are then
passed to physical.
Error detection bits are used by the data link layer. It also corrects
the errors. Outgoing messages are assembled into frames. Then the system waits
for the acknowledgements to be received after the transmission. It is reliable
to send message.
Transport layer
The main aim of transport layer is to be
delivered the entire message from source to destination. Transport layer
ensures whole message arrives intact and in order, ensuring both error control
and flow control at the source to destination level. It decides if data
transmission should be on parallel path or single path
Transport layer breaks the message (data) into small units so that
they are handled more efficiently by the network layer and ensures that message
arrives in order by checking error and flow control.
Flow Control: When a data frame (Layer-2 data) is sent from one host to another
over a single medium, it is required that the sender and receiver should work at the same
speed. That is, sender sends at a speed on which the receiver can process and accept the
data. What if the speed (hardware/software) of the sender or receiver differs? If sender is
sending too fast the receiver may be overloaded, (swamped) and data may be lost.
Flow control is a good example of a protocol function that must be implemented
in several layers of the OSI architecture model. At the transport level flow control will
allow the transport protocol entity in a host to restrict the flow of data over a logical
connection from the transport protocol entity in another host. However, one of the
services of the network level is to prevent congestion. Thus the network level also uses
flow control to restrict the flow of network protocol data units (NPDUs).
Sliding Window
protocol
Frames have sequence number 0 to maximum 2n – 1 (n bit field).
At any moment, the sender maintains a list of sequence numbers it is permitted to send – these fall within the sending window. These are frames sent-but-no-ack and frames not-yet-sent.
When new packet from Network layer comes in to send, it is given highest no, and upper edge of window advanced by
Frames have sequence number 0 to maximum 2n – 1 (n bit field).
At any moment, the sender maintains a list of sequence numbers it is permitted to send – these fall within the sending window. These are frames sent-but-no-ack and frames not-yet-sent.
When new packet from Network layer comes in to send, it is given highest no, and upper edge of window advanced by
1. When ack comes in, lower edge of window advanced by 1.
Receiver has receiving window – the frames it is permitted to accept.
Sliding
window size 1. Sequence nos. 0 to 7.
(a) At start. Receiver waits
for 0.
(b) Sender sends 0.
(c) Receiver receives 0. Waits for 1.
(d) Sender got ack for 0. Hasn’t got 1 from its Network layer yet.
(b) Sender sends 0.
(c) Receiver receives 0. Waits for 1.
(d) Sender got ack for 0. Hasn’t got 1 from its Network layer yet.
Q.1.(b)Explain the various HTTP request methods using an
example of each.
A.1.(b)
The following sections explain each of the entities used in an HTTP request message.
Request-Line
The Request-Line begins with a method token, followed by the
Request-URI and the protocol version, and ending with CRLF. The elements are
separated by space SP characters.
Request-Line = Method SP Request-URI SP HTTP-Version CRLF
Request Method
The request method indicates the method to be performed on the resource identified by
the given Request-URI. The method is
case-sensitive and should always be mentioned in uppercase. The following table
lists all the supported methods in HTTP/1.1.
S.N.
|
Method
and Description
|
1
|
GET
The GET method is used to
retrieve information from the given server using a given URI. Requests using
GET should only retrieve data and should have no other effect on the data.
|
2
|
HEAD
Same as GET, but it transfers
the status line and the header section only.
|
3
|
POST
A POST request is used to
send data to the server, for example, customer information, file upload, etc.
using HTML forms.
|
4
|
PUT
Replaces all the current
representations of the target resource with the uploaded content.
|
5
|
DELETE
Removes all the current
representations of the target resource given by URI.
|
6
|
CONNECT
Establishes a tunnel to the
server identified by a given URI.
|
7
|
OPTIONS
Describe the communication
options for the target resource.
|
8
|
TRACE
Performs a message loop back
test along with the path to the target resource.
|
Request-URI
The Request-URI is a Uniform Resource Identifier and identifies
the resource upon which to apply the request. Following are the most commonly
used forms to specify an URI:
Request-URI = "*" | absoluteURI | abs_path | authority
S.N.
|
Method
and Description
|
1
|
The
asterisk * is used when an HTTP request does
not apply to a particular resource, but to the server itself, and is only
allowed when the method used does not necessarily apply to a resource. For
example:
OPTIONS * HTTP/1.1
|
2
|
The absoluteURI is used when an HTTP request is
being made to a proxy. The proxy is requested to forward the request or
service from a valid cache, and return the response. For example:
GET
http://www.w3.org/pub/WWW/TheProject.html HTTP/1.1
|
3
|
The most common form of Request-URI is
that used to identify a resource on an origin server or gateway. For example,
a client wishing to retrieve a resource directly from the origin server would
create a TCP connection to port 80 of the host "www.w3.org" and
send the following lines:
GET /pub/WWW/TheProject.html
HTTP/1.1
Host: www.w3.org
Note that the absolute path
cannot be empty; if none is present in the original URI, it MUST be given as
"/" (the server root).
|
Request Header Fields
We will study General-header and Entity-header in a separate
chapter when we will learn HTTP header fields. For now, let's check what
Request header fields are.
The request-header fields allow the client to pass additional
information about the request, and about the client itself, to the server.
These fields act as request modifiers.Here is a list of some important
Request-header fields that can be used based on the requirement:
·
Accept-Charset
·
Accept-Encoding
·
Accept-Language
·
Authorization
·
Expect
Q.1.(c)How a domain name is mapped to its equivalent network
address? Explain using an example.
A.1.(c)
Configuring Domain Name System (DNS) servers
You can use the Berkeley Internet Name Domain
(BIND) service to create and maintain a distributed host name and address
database for computers on your network. BIND Version 9 is currently supported.
If you use BIND, you need not
update every computer's /etc/hosts file each time you add a computer to the
network. Instead, a Domain Name System (DNS) server adds the new computer to
its host name database and answers queries from DNS clients on the local
network and (if connected) outside networks or the Internet.Your system is configured by default to use the network hosts file /etc/hosts found on each computer. You may want to configure and use DNS instead if:
- Your network is large (over ten computers) and
regularly adds and deletes hosts.
- Your network is connected to the Internet. For
example, you will usually need to configure DNS for convenience if you use
a Web browser.
In previous releases,
configuring a DNS name server required you to edit the DNS configuration and
other database files. This required you to have a thorough knowledge of the
format of these files and how they interact with one another. UnixWare includes
the DNS Manager which provides a
graphical administrative interface that you can use to create and maintain the
DNS configuration files.
The complementary Client Manager allows you to configure a system as a
client of DNS name service.For more information about administering name servers, see ``BIND 9 Administrator's Guide'' and the references in ``For more about DNS''.
How DNS works
DNS uses a
client/server architecture to maintain and distribute host names and IP
addresses on networks ranging from small local area networks to the entire
Internet. Under DNS, the Internet consists of a
hierarchy of domains. This hierarchy, referred to as the ``domain name space'',
is organized as an inverted tree radiating from a single root, much like a UNIX
filesystem:
Domain name space
The ``root domain'', ``.'',
is the base of the tree. Final attempts to resolve names to IP addresses take
place here if lower-level servers do not have the requested data. The root
domain is usually omitted from domain names. For example, ``volga.rivers.mynet.com.''
is usually written as ``volga.rivers.mynet.com'', that is, without the
trailing ``.''. Usually this doesn't affect looking up IP addresses,
however the ``.'' is usually vital when configuring DNS data.
A ``domain'' is a subset of the
domain name space. The mynet.com and acme.com domains share the com portion of their domain name because
they both lie within the com domain. Thus all domains are
effectively part of the root domain.
A ``subdomain'' or ``child domain'' is a domain
that branches off another. For example, in the diagram rivers.mynet.com, seas.mynet.com and lakes.mynet.com are subdomains.
Q.1.(d)Suppose the class B network uses 20 out of 32 bits to define
a network address. How many Class B Network are possible
in this case?
A.1.(d) Class B subnets
In my last Daily Drill Down, we borrowed bits
from the host portion of a Class C network address. Class C network addresses
only have eight bits to manipulate into subnets. However, a Class B has 16 bits
to play with. This will allow more subnets with more hosts per subnet than a
Class C network ever could.
Table 1 lists all of the possible Class B subnets:
Table 1 lists all of the possible Class B subnets:
Table 1
|
|||
Mask
|
Binary
|
Subnets
|
Hosts
per subnet
|
255.255.128.0
|
10000000.00000000
|
2
|
32,766
|
255.255.192.0
|
11000000.00000000
|
2
|
16,382
|
255.255.224.0
|
11100000.00000000
|
6
|
8,190
|
255.255.240.0
|
11110000.00000000
|
14
|
4,094
|
255.255.248.0
|
11111000.00000000
|
30
|
2,046
|
255.255.252.0
|
11111100.00000000
|
62
|
1,022
|
255.255.254.0
|
11111110.00000000
|
126
|
510
|
255.255.255.0
|
11111111.00000000
|
254
|
254
|
255.255.255.128
|
11111111.10000000
|
510
|
126
|
255.255.255.192
|
11111111.11000000
|
1022
|
62
|
255.255.255.224
|
11111111.11100000
|
2,046
|
30
|
255.255.255.240
|
11111111.11110000
|
4,094
|
14
|
255.255.255.248
|
11111111.11111000
|
8,190
|
6
|
255.255.255.252
|
11111111.11111100
|
16,382
|
2
|
All possible Class B subnets
There are quite a few more masks we can use with a Class B network address than we can with a Class C network address. Remember that this is not harder than subnetting with Class C, but it can get confusing if you don’t pay attention to where the subnet bits and host bits are in a mask.
Q.2. (a) List and describe all elementary socket systems calls and data transfer calls.
A.2.(a)
The elementary list of the calls used in socket programming for system calls and data
transfer calls.
1. socket() creates an endpoint for communication and returns a descriptor.
#include <sys/types.h>
#include <sys/socket.h>
int socket(int domain, int type, int protocol);
2. accept()used with connection-based socket types
SOCK_STREAM,SOCK_SEQPACKET).
#include <sys/types.h>
#include <sys/socket.h>
int accept(int sockfd, struct sockaddr *addr, socklen_t *addrlen);
3. bind() gives the socket sockfd the local
address my_addr. my_addr is addrlen bytes long.
#include <sys/types.h>
#include <sys/socket.h>
int bind(int sockfd, const struct sockaddr *my_addr ", socklen_t " addrlen );
4. connect()connects the socket referred to by the file descriptor sockfd to the
address specified by serv_addr.
#include <sys/types.h>
#include <sys/socket.h>
int connect(int sockfd,
const struct sockaddr *serv_addr,
socklen_t addrlen);
5. fcntl() performs one of the operations described below on the open file
descriptor fd. The operation is determined by cmd.
#include <unistd.h>
#include <fcntl.h>
int fcntl(int fd, int cmd);
int fcntl(int fd, int cmd, long arg);
int fcntl(int fd, int cmd, struct flock *lock);
6. getpeername() returns the name of the peer connected to socket s.
#include <sys/socket.h>
int getpeername(int s, struct sockaddr *name, socklen_t *namelen);
7. listen() call applies only to sockets of type SOCK_STREAM or
SOCK_SEQPACKET.
#include <sys/socket.h>
int listen(int sockfd, int backlog);
8. read() attempts to read up to count bytes from file descriptor fd into the buffer
starting at buf.
#include <unistd.h>
size_t read(int fd, void *buf, size_t count);
9. recv() call is normally used only on a connected socket (see connect(2)) and is
identical torecvfrom() with a NULL from parameter.
#include <sys/types.h>
#include <sys/socket.h>
ssize_t recv(int s, void *buf, size_t len, int flags);
ssize_t recvfrom(int s, void *buf, size_t len, int flags,
struct sockaddr *from, socklen_t *fromlen);
ssize_t recvmsg(int s, struct msghdr *msg, int flags);
10. send() call may be used only when the socket is in a connected state (so
that the intended recipient is known).
#include <sys/types.h>
#include <sys/socket.h>
ssize_t send(int s, const void *buf, size_t len, int flags);
ssize_t sendto(int s, const void *buf, size_t len, int flags, const struct sockaddr *to, socklen_t
tolen);
ssize_t sendmsg(int s, const struct msghdr *msg, int flags);
11. select() and pselect() allow a program to monitor multiple file
descriptors, waiting until one or more of the file descriptors become "ready" for
some class of I/O operation
12. write() writes up to count bytes to the file referenced by the file
descriptor fd from the buffer starting at buf.
#include <unistd.h>
ssize_t write(int fd, const void *buf, size_t count);
13. shutdown() call causes all or part of a full-duplex connection on the
socket associated withs to be shut down.
#include <sys/socket.h>
int shutdown(int s, int how);
Q.2.(b) Write a connection-oriented client and server algorithm (using socket system calls) where client program interact with the Server as given below:
(i) A client machine begins by sending a request to calculate a factorial of a number; the server sends back a confirmation of the service (if server is having any method for calculating factorial) to the respective client.
A.2.(b) (i)
a client server program to calculate factorial of a no .
The client will pass the no to the server whose factorial is to be calculated.
Now the problem that i am encountering is that no matter what value i am passing to client(variable msg in client program), the output i am getting is 48 . Here is my program.
The client will pass the no to the server whose factorial is to be calculated.
Now the problem that i am encountering is that no matter what value i am passing to client(variable msg in client program), the output i am getting is 48 . Here is my program.
// client.java
import java.net.*;
import java.io.*;
public class client
{
public static void main(String args[])
{
try
{
Socket s = new Socket("localhost",2222);
InputStream is=s.getInputStream();
InputStreamReader isr= new InputStreamReader(is);
BufferedReader br=new BufferedReader(isr);
OutputStream os=s.getOutputStream();
PrintWriter pw= new PrintWriter(os,true);
int msg=6;
pw.println(msg);
msg=br.read();
System.out.println("factorial="+msg);
s.close();
}
catch (Exception e)
{
e.printStackTrace();
}
}
}
//server.java
import java.net.*;
import java.io.*;
public class server
{
public static void main(String args[])
{
try
{
ServerSocket ss =new ServerSocket(2222);
System.out.println("Server is started");
while(true)
{
Socket s=ss.accept();
System.out.print("Connection request Received");
InputStream is=s.getInputStream();
InputStreamReader isr= new InputStreamReader(is);
BufferedReader br=new BufferedReader(isr);
OutputStream os=s.getOutputStream();
PrintWriter pw= new PrintWriter(os,true);
int no=br.read();
int fact=1,i=0;
while(no>i)
{
fact=fact*no;
no--;
}
pw.println(fact);
s.close();
}
}
catch(Exception e)
{
e.printStackTrace();
}
}
}
Q.2.(b)(ii)If Server confirmation is positive, client sends a number and server replies as the factorial of that number to the client.
1. Make Use of Java Socket Programming
2. It starts a server which will be always running listening to a port 25000 (Server.java)
3. Client (Client.java) sends a number (message) to the server
4. Server receives this number and multiplies it by 2
5. Server (Server.java) sends back the result (message) to the client (Client.java)
6. In case the number sent by the client was not a proper number, server (Server.java) sends back the message “Please send a proper number” to the client (Client.java)
Note: Please run Server.java because server should be ready before client sends the message to it.
Server.java
import java.io.BufferedReader;
import java.io.BufferedWriter;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.io.OutputStreamWriter;
import java.net.ServerSocket;
import java.net.Socket;
public class Server
{
private static Socket socket;
public static void main(String[] args)
{
try
{
int port = 25000;
ServerSocket serverSocket = new ServerSocket(port);
System.out.println("Server Started and listening to the port 25000");
//Server is running always. This is done using this while(true) loop
while(true)
{
//Reading the message from the client
socket = serverSocket.accept();
InputStream is = socket.getInputStream();
InputStreamReader isr = new InputStreamReader(is);
BufferedReader br = new BufferedReader(isr);
String number = br.readLine();
System.out.println("Message received from client is "+number);
//Multiplying the number by 2 and forming the return message
String returnMessage;
try
{
int numberInIntFormat = Integer.parseInt(number);
int returnValue = numberInIntFormat*2;
returnMessage = String.valueOf(returnValue) + "\n";
}
catch(NumberFormatException e)
{
//Input was not a number. Sending proper message back to client.
returnMessage = "Please send a proper number\n";
}
//Sending the response back to the client.
OutputStream os = socket.getOutputStream();
OutputStreamWriter osw = new OutputStreamWriter(os);
BufferedWriter bw = new BufferedWriter(osw);
bw.write(returnMessage);
System.out.println("Message sent to the client is "+returnMessage);
bw.flush();
}
}
catch (Exception e)
{
e.printStackTrace();
}
finally
{
try
{
socket.close();
}
catch(Exception e){}
}
}
}
Client.java
import java.io.BufferedReader;
import java.io.BufferedWriter;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.io.OutputStreamWriter;
import java.net.InetAddress;
import java.net.Socket;
public class Client
{
private static Socket socket;
public static void main(String args[])
{
try
{
String host = "localhost";
int port = 25000;
InetAddress address = InetAddress.getByName(host);
socket = new Socket(address, port);
//Send the message to the server
OutputStream os = socket.getOutputStream();
OutputStreamWriter osw = new OutputStreamWriter(os);
BufferedWriter bw = new BufferedWriter(osw);
String number = "2";
String sendMessage = number + "\n";
bw.write(sendMessage);
bw.flush();
System.out.println("Message sent to the server : "+sendMessage);
//Get the return message from the server
InputStream is = socket.getInputStream();
InputStreamReader isr = new InputStreamReader(is);
BufferedReader br = new BufferedReader(isr);
String message = br.readLine();
System.out.println("Message received from the server : " +message);
}
catch (Exception exception)
{
exception.printStackTrace();
}
finally
{
//Closing the socket
try
{
socket.close();
}
catch(Exception e)
{
e.printStackTrace();
}
}
}
}
Q.3. (a) Compare the security features, reliability approaches and delivery mechanisms of IPv4 and IPv6.
A.3.(a)
IPv6 (Internet Protocol Version 6) is also called IPng (Internet Protocol next generation) and it is the newest version of the Internet Protocol (IP) reviewed in the IETF standards committees to replace the current version of IPv4 (Internet Protocol Version 4).
The official name of IPng is IPv6, where IP stands for Internet Protocol and v6 stands for version 6. Internet Protocol Version 6 (IPv6) is the successor to Internet Protocol Version 4 (IPv4). IPv6 was designed as an evolutionary upgrade to the Internet Protocol and will, in fact, coexist with the older IPv4 for some time. IPv6 is designed to allow the Internet to grow steadily, both in terms of the number of hosts connected and the total amount of data traffic transmitted.
Important features those are not available in IPv4.
IPv6 (Internet Protocol Version 6) is also called IPng (Internet Protocol next generation) and it is the newest version of the Internet Protocol (IP) reviewed in the IETF standards committees to replace the current version of IPv4 (Internet Protocol Version 4).
IPv6 is the successor to Internet Protocol Version 4 (IPv4). It was designed as an evolutionary upgrade to the Internet Protocol and will, in fact, coexist with the older IPv4 for some time. IPv6 is designed to allow the Internet to grow steadily, both in terms of the number of hosts connected and the total amount of data traffic transmitted.
IPv6 is often referred to as the “next generation” Internet standard and has been under development now since the mid-1990s. IPv6 was born out of concern that the demand for IP addresses would exceed the available supply.
While increasing the pool of addresses is one of the most often-talked about benefit of IPv6, there are other important technological changes in IPv6 that will improve the IP protocol:
– No more NAT (Network Address Translation)
– Auto-configuration
– No more private address collisions
– Better multicast routing
– Simpler header format
– Simplified, more efficient routing
– True quality of service (QoS), also called “flow labeling”
– Built-in authentication and privacy support
– Flexible options and extensions
– Easier administration (say good-bye to DHCP)
Q.3.(b) Why do LANs tend to use broadcast networks? Why not
use networks consisting of multiplexers and switches.
IPv6 (Internet Protocol Version 6) is also called IPng (Internet Protocol next generation) and it is the newest version of the Internet Protocol (IP) reviewed in the IETF standards committees to replace the current version of IPv4 (Internet Protocol Version 4).
IPv6 is the successor to Internet Protocol Version 4 (IPv4). It was designed as an evolutionary upgrade to the Internet Protocol and will, in fact, coexist with the older IPv4 for some time. IPv6 is designed to allow the Internet to grow steadily, both in terms of the number of hosts connected and the total amount of data traffic transmitted.
IPv6 is often referred to as the “next generation” Internet standard and has been under development now since the mid-1990s. IPv6 was born out of concern that the demand for IP addresses would exceed the available supply.
While increasing the pool of addresses is one of the most often-talked about benefit of IPv6, there are other important technological changes in IPv6 that will improve the IP protocol:
– Auto-configuration
– No more private address collisions
– Better multicast routing
– Simpler header format
– Simplified, more efficient routing
– True quality of service (QoS), also called “flow labeling”
– Built-in authentication and privacy support
– Flexible options and extensions
– Easier administration (say good-bye to DHCP)
A.3.(b)
Q.3.(c) Identify the Address Class of the following IP addresses:
(a) 255.255.190.0
(b) 216.111.52.12
(c) 150.156.10.10
(d) 92.2.1.1
A.3.(c)
(a). 00
As we know the IP Address are divide into 4 parts, i.e- mmm.nnn.ooo.ppp
The first (mmm) part is called first octet of the ip address, and 2nd (nnn) part is called
second octet, 3rd (ooo) is called third octet, and last 4th (ppp) part is called fourth octet
of the further IP Addresses.
We, can identify the class of any specific IP with the help of only first octet of the IP
Address, which range should be :
IP Address Classes
Hierarchical IP Addressing Scheme
8 bits 8 bits 8 bits 8 bits
Class A Network Host Host Host
Class B Network Network Host Host
Class C Network Network Network Host
Class D Multicast
Class E Research
Here, we can see the different ranges show the different classes, so if we put out IP
address in this format, then we can get this answer easily.
(a) 255.255.190.0 (Class E)
(b) 216.111.52.12 (Class C)
(c) 150.156.10.10 (Class B)
(d) 92.2.1.1 (Class A)
Q.3.(d) Why would an application use UDP instead of TCP? Also, explain how can TCP handle urgent data?
A.3.(d)
The User Datagram Protocol (UDP) is a transport layer protocol for use with the IP
network layer protocol. It provides a best-effort datagram service to an end system (IP
host). UDP provides no guarantee for delivery and no protection from duplication, but
the simplicity of UDP reduces overhead from the protocol and can be adequate for
some applications.
A computer may send UDP packets without first establishing a connection to a
recipient. The computer completes the appropriate fields in the UDP header (PCI) andforwards the data together with the header for transmission by the IP network layer.
Typically, use UDP in applications where speed is more critical than reliability. For
example, it may be better to use UDP in an application sending data from a fast
acquisition where it is acceptable to lose some data points. You can also use UDP to
broadcast to any machine(s) listening to the server.
In general:
TCP is for high-reliability data transmissions
UDP is for low-overhead transmissions
How TCP handle urgent data: When an interactive hits the DEL or CTRL-C key to
break-off a remote computation that has already begun, the sending application puts
some control information in the data stream and gives it to TCP along with the URGENT
flag. This even causes TCP to stop accumulating data and transmit everything it has for
that connection immediately. The receiving application is interrupted so it can stop
whatever it was doing so that it can read the data stream to find the urgent data.
Q.4.(a)Assume you are chief network administrator of a company. This company is having its offices in different cities. Each office is having more than 50 machines and a server. These servers and network of all offices are further controlled and managed by the main server. Discuss the security issues and threats in such network. Make a chart to explain the available solutions for each issue/threat.
A.4.(a)Like if we are talking about the WAN network, means the same networks connected
through any medium (wired or wireless) we have to notice one thing specially, that,
whenever the attackers, are assume the catalogue on the networks, they want to know
about the security questions.. for the hacking process, or something like that...
Here we should make a sense on it, that if we have the WAN network, around the
different cities, then we will defiantly make the assumption for them, like they have
securely appointed the firewall on every single computers, in the whole network.
Whether offering Internet access to patrons or providing an online catalogue, steps
must be taken to implement effective network security to protect our resources. With a
proper technology plan in place, you should have already addressed many of the issues
surrounding network security. Our purpose here is to provide insight for the particular
issues regarding network security, including:
Understanding networking concepts
Identifying vulnerabilities on our network
Creating security policies and selecting and configuring a firewall
Importance :
The good neighbor policy. Our mistakes can be someone else’s headaches. If
our network is insecure and someone takes control of one of our computers,
they can use that machine to launch denial of service attacks on innocent third
parties. They can also flood the Web with spam.
Patron privacy. Obviously, patron records are of paramount importance. Trust
between the library and its clients can be irreparably harmed if these records are
compromised.
Money and time. Tracking down a virus or a worm and eliminating it from our
network is frustrating and time-consuming. You often have to rebuild our
machines from the ground up, reinstalling the operating system and software
and restoring data from backup tapes. Lax security can lead to weeks of wasted
time spent patching our network and fixing the wreckage.
Actions, what we can take on it:
Create a network diagram. One of the most useful exercises for understanding our
library’s security situation is creating a network diagram. A network diagram consists
of symbols representing our hardware (PCs, servers, switches, routers, printers, etc.)
and the connections between them. The diagram should also include some information
about the model and configuration of each piece of hardware (e.g., name, IP address,
function, etc.). For network connections, list the speed and protocol of each link.
Understand our situation. A network diagram goes hand-in-hand with an
assessment and evaluation of everything that happens on our network. Who uses our
network? What types of hardware and software do they use? What kind of Internet
connection does our library have? Do we host our own Web site, our own email server,
our own OPAC? Do we allow patrons to connect to our network with their own
computers and peripheral devices? Is our staff network separated from the public
network? What types of security policies, procedures and equipment do we already
have in place?
Review your technology plan. Review this document, if available, to determine the
network services you’re currently providing and the plans for your network’s future.
Train your IT staff or hire a consultant. We must make sure that either our IT staff
receive appropriate training when it comes to network security or look for outside IT
support that can offer the necessary knowledge to secure our network.
Remember the 80/20 rule. Focus on protecting the high-impact, high-risk areas of
our network.
(b) Describe the activities to be performed at every layer in the
TCP/IP model when information flows from layer to another
layer.
A.4.(b)
Communications between computers on a network is done through protocol suits. The most widely used and most widely available protocol suite is TCP/IP protocol suite. A protocol suit consists of a layered architecture where each layer depicts some functionality which can be carried out by a protocol. Each layer usually has more than one protocol options to carry out the responsibility that the layer adheres to. TCP/IP is normally considered to be a 4 layer system. The 4 layers are as follows :
- Application layer
- Transport layer
- Network layer
- Data link layer
1. Application layer
This is the top layer of TCP/IP protocol suite. This layer includes applications or processes that use transport layer protocols to deliver the data to destination computers.
At each layer there are certain protocol options to carry out the task designated to that particular layer. So, application layer also has various protocols that applications use to communicate with the second layer, the transport layer. Some of the popular application layer protocols are :
- HTTP (Hypertext transfer protocol)
- FTP (File transfer protocol)
- SMTP (Simple mail transfer protocol)
- SNMP (Simple network management protocol) etc
2. Transport Layer
This layer provides backbone to data flow between two hosts. This layer receives data from the application layer above it. There are many protocols that work at this layer but the two most commonly used protocols at transport layer are TCP and UDP.
TCP is used where a reliable connection is required while UDP is used in case of unreliable connections.
TCP divides the data(coming from the application layer) into proper sized chunks and then passes these chunks onto the network. It acknowledges received packets, waits for the acknowledgments of the packets it sent and sets timeout to resend the packets if acknowledgements are not received in time. The term ‘reliable connection’ is used where it is not desired to loose any information that is being transferred over the network through this connection. So, the protocol used for this type of connection must provide the mechanism to achieve this desired characteristic. For example, while downloading a file, it is not desired to loose any information(bytes) as it may lead to corruption of downloaded content.
UDP provides a comparatively simpler but unreliable service by sending packets from one host to another. UDP does not take any extra measures to ensure that the data sent is received by the target host or not. The term ‘unreliable connection’ are used where loss of some information does not hamper the task being fulfilled through this connection. For example while streaming a video, loss of few bytes of information due to some reason is acceptable as this does not harm the user experience much.
3. Network Layer
This layer is also known as Internet layer. The main purpose of this layer is to organize or handle the movement of data on network. By movement of data, we generally mean routing of data over the network. The main protocol used at this layer is IP. While ICMP(used by popular ‘ping’ command) and IGMP are also used at this layer.
4. Data Link Layer
This layer is also known as network interface layer. This layer normally consists of device drivers in the OS and the network interface card attached to the system. Both the device drivers and the network interface card take care of the communication details with the media being used to transfer the data over the network. In most of the cases, this media is in the form of cables. Some of the famous protocols that are used at this layer include ARP(Address resolution protocol), PPP(Point to point protocol) etc.
TCP/IP CONCEPT EXAMPLE
One thing which is worth taking note is that the interaction between two computers over the network through TCP/IP protocol suite takes place in the form of a client server architecture.
Client requests for a service while the server processes the request for client.
Now, since we have discussed the underlying layers which help that data flow from host to target over a network. Lets take a very simple example to make the concept more clear.
(c) The size of the option field of an IP diagram is 20 bytes.
What is the value of HLEN field in binary?
A.4.(c)he HLEN value is 5, which means the total number of bytes in header is 5*4 or 20 bytes ( for no Options)
The size of the option field given is 20 bytes, hence the total number of bytes in header should be 40 bytes= (20(option )+ header length (5*4))
When the header length is 20 bytes, then value of HLEN is 5 (5*4 = 20).
In binary form:
(20)10 = (00010100)2
Q.4. (d) Write short notes on following:
A.4.(d) (i) ICMP.
The Internet Control Message Protocol (ICMP) [RFC792] protocol is classic example of a client server application. The ICMP server executes on all IP end system computers and all IP intermediate systems (i.e routers). The protocol is used to report problems with delivery of IP datagrams within an IP network. It can be sued to show when a particular End System (ES) is not responding, when an IP network is not reachable, when a node is overloaded, when an error occurs in the IP header information, etc. The protocol is also frequently used by Internet managers to verify correct operations of End Systems (ES)and to check that routers are correctly routing packets to the specified destination address.
ICMP messages generated by router R1, in response to message sent by H0 to H1 and forwarded by R0. This message could, for instance be generated if the MTU of the link between R0 and R1 was smaller than size of the IP packet, and the packet had the Don't Fragment (DF) bit set in the IP packet header. The ICMP message is returned to H0, since this is the source address specified in the IP packet that suffered the problem. A modern version of Path MTU Discovery provides a mechanism to verify the Path MTU [RFC4821].
An ICMP message consisting of 4 bytes of PCI and an optional message payload.
The format of an ICMP message is shown above. The 8-bit type code identifies the types of message. This is followed by at least the first 28 bytes of the packet that resulted in generation of the error message (i.e. the network-layer header and first 8 bytes of transport header). This payload is, for instance used by a sender that receives the ICMP message to perform Path MTU Discovery so that it may determine IP destination address of the packet that resulted in the error. Longer payloads are also encouraged (which can help better identify the reason why the ICMP message was generated and which program generated the original packet).
The figure below shows the encapsulation of ICMP over an Ethernet LAN using an IP network layer header, and a MAC link layer header and trailer containing the 32-bit checksum:
A.4. (ii) IP Encapsulation
In the chapter describing the OSI Reference Model, I looked at several ways that protocols at various layers in a networking protocol stack interact with each other. One of the most important concepts in inter-protocol operation is that of encapsulation. Most data originates within the higher layers of the OSI model. The protocols at these layers pass the data down to lower layers for transmission, usually in the form of discrete messages. Upon receipt, each lower-level protocol takes the entire contents of the message received and encapsulates it into its own message format, adding a header and possibly a footer that contain important control information. Encapsulation is explained in general terms in a separate topic.
A good analogy for how encapsulation works is a comparison to sending a letter enclosed in an envelope. You might write a letter and put it in a white envelope with a name and address, but if you gave it to a courier for overnight delivery, they would take that envelope and put it in a larger delivery envelope. (I actually have written a complete description of this sort of analogy, if you are interested.)
Due to the prominence of TCP/IP, the Internet Protocol is one of the most important places where data encapsulation occurs on a modern network. Data is passed to IP typically from one of the two main transport layer protocols: TCP or UDP. This data is already in the form of a TCP or UDP message with TCP or UDP headers. This is then encapsulated into the body of an IP message, usually called an IP datagram or IP packet. Encapsulation and formatting of an IP datagram is also sometimes called packaging—again, the implied comparison to an envelope is obvious.
A.4.(iii) Sockets
Sockets allow communication between two different processes on the same or different machines. To be more precise, it's a way to talk to other computers using standard Unix file descriptors. In Unix, every I/O action is done by writing or reading a file descriptor. A file descriptor is just an integer associated with an open file and it can be a network connection, a text file, a terminal, or something else.
To a programmer, a socket looks and behaves much like a low-level file descriptor. This is because commands such as read() and write() work with sockets in the same way they do with files and pipes.
Sockets were first introduced in 2.1BSD and subsequently refined into their current form with 4.2BSD. The sockets feature is now available with most current UNIX system releases.
Where is Socket Used?
A Unix Socket is used in a client-server application framework. A server is a process that performs some functions on request from a client. Most of the application-level protocols like FTP, SMTP, and POP3 make use of sockets to establish connection between client and server and then for exchanging data.
Socket Types
There are four types of sockets available to the users. The first two are most commonly used and the last two are rarely used.
Processes are presumed to communicate only between sockets of the same type but there is no restriction that prevents communication between sockets of different types.
-
Stream Sockets − Delivery in a networked environment is guaranteed. If you send through the stream socket three items "A, B, C", they will arrive in the same order − "A, B, C". These sockets use TCP (Transmission Control Protocol) for data transmission. If delivery is impossible, the sender receives an error indicator. Data records do not have any boundaries.
-
Datagram Sockets − Delivery in a networked environment is not guaranteed. They're connectionless because you don't need to have an open connection as in Stream Sockets − you build a packet with the destination information and send it out. They use UDP (User Datagram Protocol).
-
Raw Sockets − These provide users access to the underlying communication protocols, which support socket abstractions. These sockets are normally datagram oriented, though their exact characteristics are dependent on the interface provided by the protocol. Raw sockets are not intended for the general user; they have been provided mainly for those interested in developing new communication protocols, or for gaining access to some of the more cryptic facilities of an existing protocol.
-
Sequenced Packet Sockets − They are similar to a stream socket, with the exception that record boundaries are preserved. This interface is provided only as a part of the Network Systems (NS) socket abstraction, and is very important in most serious NS applications. Sequenced-packet sockets allow the user to manipulate the Sequence Packet Protocol (SPP) or Internet Datagram Protocol (IDP) headers on a packet or a group of packets, either by writing a prototype header along with whatever data is to be sent, or by specifying a default header to be used with all outgoing data, and allows the user to receive the headers on incoming packets.
A.4. (iv) SNMP
Stream Sockets − Delivery in a networked environment is guaranteed. If you send through the stream socket three items "A, B, C", they will arrive in the same order − "A, B, C". These sockets use TCP (Transmission Control Protocol) for data transmission. If delivery is impossible, the sender receives an error indicator. Data records do not have any boundaries.
Datagram Sockets − Delivery in a networked environment is not guaranteed. They're connectionless because you don't need to have an open connection as in Stream Sockets − you build a packet with the destination information and send it out. They use UDP (User Datagram Protocol).
Raw Sockets − These provide users access to the underlying communication protocols, which support socket abstractions. These sockets are normally datagram oriented, though their exact characteristics are dependent on the interface provided by the protocol. Raw sockets are not intended for the general user; they have been provided mainly for those interested in developing new communication protocols, or for gaining access to some of the more cryptic facilities of an existing protocol.
Sequenced Packet Sockets − They are similar to a stream socket, with the exception that record boundaries are preserved. This interface is provided only as a part of the Network Systems (NS) socket abstraction, and is very important in most serious NS applications. Sequenced-packet sockets allow the user to manipulate the Sequence Packet Protocol (SPP) or Internet Datagram Protocol (IDP) headers on a packet or a group of packets, either by writing a prototype header along with whatever data is to be sent, or by specifying a default header to be used with all outgoing data, and allows the user to receive the headers on incoming packets.
Simple Network Management Protocol (SNMP) is a popular protocol for network management. It is used for collecting information from, and configuring, network devices, such as servers, printers, hubs, switches, and routers on an Internet Protocol (IP) network. Microsoft Windows Server 2003 provides SNMP agent software that works with third-party SNMP management software to monitor the status of managed devices and applications.
Automating Network Management
Large networks with hundreds or thousands of nodes are difficult to manage without a large staff to monitor every computer. SNMP, which is widely used in local area networks (LANs), lets you monitor network nodes from a management host. You can monitor network devices such as servers, workstations, printers, routers, bridges, and hubs, as well as services such as Dynamic Host Configuration Protocol (DHCP) or Windows Internet Name Service (WINS).
Use SNMP management software to monitor any network device on which you install SNMP agent software. The SNMP agent, which is an optional component of Windows Server 2003, interacts with third-party SNMP management software to enable the sharing of network status information between monitored devices and applications and the SNMP management system that monitors them. The following figure shows this process.
nice post.......
ReplyDeleteThanks
ReplyDelete