An Introduction to Networking Chapter 1 Panko’s Business Data Networks and Telecommunications, 6 th edition Copyright 2007 Prentice-Hall (Modified by Kevin

An Introductionto Networking

Chapter 1Chapter 1

Panko’s Panko’s Business Data Networks and Telecommunications, Business Data Networks and Telecommunications, 66thth edition edition

Copyright 2007 Prentice-HallCopyright 2007 Prentice-Hall

(Modified by (Modified by Kevin Lin-Kevin Lin- 嘉大 -Taiwan-Taiwan))

2/84企業通訊 [email protected] An Introduction to Networking

Outline

1.1. Basic Networks ConceptsBasic Networks Concepts

2.2. The Nine Elements of a NetworkThe Nine Elements of a Network

3.3. Transmission SpeedTransmission Speed

4.4. LANs and WANsLANs and WANs

5.5. InternetsInternets

6.6. SecuritySecurity

Part I: Basic NetworksConcepts

Concepts we will seeConcepts we will see

throughout the bookthroughout the book


Figure 1-1: Basic Networking Concepts

What is a network?What is a network?

– The basic idea:



What is a network?What is a network?

– A network is a transmission system that connects two or more applications running on different computers.

• Users only care about applications. Users only care about applications.

• It is our job to make networking invisible to the user.It is our job to make networking invisible to the user.

NetworkNetwork


Figure 1-2: The Internet and Applications

ClientComputer

Mobile ClientComputer

Browser

E-Mail Client WebserverApplication

Server Computer(Webserver)

E-MailApplication

Server Computer(Mail Server)

The Internet is a globalTRANSMISSION system.

Not just the World Wide Web

The InternetInternet

(Global transmission systemto carry application data)

The InternetInternet

(Global transmission systemto carry application data)



The InternetThe Internet

– Client/server applications

• PC clients receive service from serversPC clients receive service from servers

• Many C/S applications need special clientsMany C/S applications need special clients

• Many (but not all) C/S applications only need a browserMany (but not all) C/S applications only need a browser

– webapp

Client Computer Server Computer

Server ProgramClient Program



Internal Corporate NetworksInternal Corporate Networks

– For transmission among computers within a corporation

• Typically, only about Typically, only about 10%10% of all corporate traffic typically involves of all corporate traffic typically involves Internet applicationsInternet applications

– 過去主要流量： Transaction processing applications

• High-volume clerical applicationsHigh-volume clerical applications

• Accounting, payroll, billing, etc.Accounting, payroll, billing, etc.

– 現在主要流量可能是 Voice over IP (VoIP)

• or P2P?or P2P?



Data Communications and TelecommunicationsData Communications and Telecommunications

– Data communications (datacoms), as the name suggests, involves the transmission of data (text, numbers, pictures, and other information).

– In turn, telecommunications (telecoms) is the transmission of voice and video, including ordinary telephony and broadcast and cable television.

– Beginning to converge

• ADSL ADSL vs.vs. Skype Skype



Digital TransmissionDigital Transmission

– Information is first converted into a string of ones and zeros (binary) digital communication

– Next, the ones and zeros are converted into signals that propagate over transmission media.

( More detail in Chapter 3 )

Hello…

12345…

101001

1000100

Part II: The Nine Elementsof a Network

Although the idea of “network”Although the idea of “network”is simple, you must understand the nine is simple, you must understand the nine

elements found in most networkselements found in most networks


Figure 1-3: Elements of a Network

WirelessAccess Point

MobileClient

Router

OutsideWorld

ServerComputer

ClientComputer

Switch1

Switch2

Switch3

Message (Frame)Message (Frame)

AccessLine

TrunkLine

Server ApplicationClient Application

Networks connectapplications on different computers.Applications are all users care about

Networks connectapplications on different computers.Applications are all users care about




MobileClient

Router

OutsideWorld

ServerComputer

ClientComputer

Switch1

Switch2

Switch3


AccessLine

TrunkLine


Networks connect computers: clients (fixed and mobile) and servers

Networks connect computers: clients (fixed and mobile) and servers




MobileClient

Router

OutsideWorld

ServerComputer

ClientComputer

Switch1

Switch3

Message (Frame)

TrunkLine


The patha frame takes

is called its data link

The patha frame takes

is called its data link

Computers (and routers)usually communicateby sending messages

called frames

Computers (and routers)usually communicateby sending messages

called frames

Data LinkData Link




MobileClient

Router

OutsideWorld

ServerComputer

ClientComputer

Switch4


TrunkLine


Switch 2Switch 2

Switch 1Switch 1Switch 3Switch 3

Frameto Sw1

Frameto Sw1 Frame

to Sw2

Frameto Sw2

FrameTo Sw3

FrameTo Sw3

Frameto

Server

Frameto

Server

Frames are forwarded within a single network by devices

called Switches

Frames are forwarded within a single network by devices

called Switches


Figure 1-5: Ethernet Switch Operation

A1-44-D5-1F-AA-4C B2-CD-13-5B-E4-65

Switch

D4-47-55-C4-B6-F9

C3-2D-55-3B-A9-4F

Port 15

Frame to C3…Frame to C3…

A1- sends a frame to C3-…A1- sends a frame to C3-…

Frame to C3…Frame to C3…

Switch sends frame to C3-…Switch sends frame to C3-…

Switching TablePort Host10 A1-44-D5-1F-AA-4C13 B2-CD-13-5B-E4-6515 C3-2D-55-3B-A9-4F16 D4-47-55-C4-B6-F9

Switching TablePort Host10 A1-44-D5-1F-AA-4C13 B2-CD-13-5B-E4-6515 C3-2D-55-3B-A9-4F16 D4-47-55-C4-B6-F915 C3-2D-55-3B-A9-4F15 C3-2D-55-3B-A9-4F

C3- is out Port 15C3- is out Port 15

1

2

3



Both sizes of switches are48 cm (19 inches) wide

Small Switches (Stacked):Workgroup Switches

(to link stations to network)

Large Switch (Chassis Switch)

Central Core Switch




MobileClient

Router

OutsideWorld

ServerComputer

ClientComputer

Switch1

Switch2

Switch3

Switch4


AccessLine

TrunkLine


Wireless access pointsconnect

wireless stations (mobile devices)

to switches

Wireless access pointsconnect

wireless stations (mobile devices)

to switches




MobileClient

Router

OutsideWorld

ServerComputer

ClientComputer

Switch1

Switch2

Switch3

Switch4


AccessLine

TrunkLine


Routers connect networks to the outside world.

Routers forward messages outside of a single network, to

other networks.

Routers connect networks to the outside world.

Routers forward messages outside of a single network, to

other networks.




MobileClient

Router

OutsideWorld

ServerComputer

ClientComputer

Switch1

Switch2

Switch3

Switch4


AccessLine

TrunkLine


Access linesconnect computers

to switches

Access linesconnect computers

to switches




MobileClient

Router

OutsideWorld

ServerComputer

ClientComputer

Switch1

Switch2

Switch3

Switch4


AccessLine

TrunkLines


Trunk lines connectswitches to switches and

switches to routers

Trunk lines connectswitches to switches and

switches to routers

TrunkLine


Figure 1-4: Packet Switching and Multiplexing

ClientStation A

Mobile ClientStation B

Router D

ServerStation C

Trunk line multiplexesthe messages ofmultiple conversations

ACAC

ACACACAC

ACAC

ACACACAC

BDBD

BDBD

BDBD

BDBD

AccessLine

Trunk LineTrunk Line

Packet Switching:Conversationsare broken intosmall messages

So packet switching/multiplexingreduces the cost of trunk lines

( ∵ share the trunk line’s capacity)(Other costs actually are increased ：packet switches are more expensive)

Part III: Transmission Speed


Figure 1-6: Transmission Speed

Measuring Transmission SpeedMeasuring Transmission Speed

– Measured in bits per second (bps)

– In metric notation:

• Increasing factors of 1,000 …Increasing factors of 1,000 …

– Not factors of 1,024

• Kilobits per second (kbps) - Kilobits per second (kbps) - note the lowercase note the lowercase kk

• Megabits per second (Mbps)Megabits per second (Mbps)

• Gigabits per second (Gbps)Gigabits per second (Gbps)

• Terabits per second (Tbps)Terabits per second (Tbps)



Measuring Transmission SpeedMeasuring Transmission Speed

– The rule ： there should be 1 to 3 places before the decimal point

– 273.44 Gbps

– 15,100,000 bps 15.1 Mbps

– 0.036 Mbps 36 kbps

Occasionally measured in bytes per secondOccasionally measured in bytes per second• This may be done for file downloadsThis may be done for file downloads

• Written as Written as BpsBps



Rated Speed vs. ThroughputRated Speed vs. Throughput

– Rated speed is the speed a network should provide, based on standards

– Throughput is the speed a network actually provides

• We will use this distinction constantly throughout this bookWe will use this distinction constantly throughout this book

– When transmission capacity is shared by multiple users,

• The total shared throughput is the The total shared throughput is the aggregate throughputaggregate throughput

• Individual throughputIndividual throughput is what individuals receive as a fraction of is what individuals receive as a fraction of the aggregate throughputthe aggregate throughput

Part IV: LANs and WANs


First Bank of Paradise (FBP)

The book’s running case studyThe book’s running case study

– Composite mid-size bank in Hawaii

– Banks are fairly “typical” firms, although they have stronger need for security

– Warren Chun is the chief information officer (CIO)

– Yvonne Champion is the network manager

– Annual Revenues: $4.5 Billion

– Operations• 60 Branches60 Branches

• 375 ATMs (Automated Teller Machines)375 ATMs (Automated Teller Machines)


First Bank of Paradise (FBP)

NetworkNetwork

– 700 Ethernet switches

– 450 Routers ComputersComputers

– 2,300 desktop and notebook user PCs

– 130 Windows servers

– 60 Unix servers

Information Systems StaffInformation Systems Staff

– 112 people


Figure 1-7: The First Bank of Paradise’s Wide Area Networks (WANs)

Operations

Headquarters

North Shore

T3 Leased Line

T3

T3

Branchesin State (60)

ISP 1

ISP 2

Da Kine Island Credit CardAuthorization

Bureau

56 kbps2 PVCs

PVC 1

PVC 2

56 kbps

T1

T1Fractional

T1 Line

redundancy

InternetInternetBank has multiple

facilities connectedby multiple WANs

Bank has multiplefacilities connectedby multiple WANs


Figure 1-7: The First Bank of Paradise’s Wide Area Networks (WANs)

LANs transmit data LANs transmit data withinwithin corporate corporate sitessites

– LAN is the network within a site

WANs transmit data WANs transmit data betweenbetween corporate sitescorporate sites

– WAN is a network that links different sites together

Each LAN or WAN is a single Each LAN or WAN is a single networknetwork

LAN costs are low andLAN costs are low andspeeds are highspeeds are high

WAN costs are highWAN costs are highand speeds are lowerand speeds are lower

WANWAN


WAN

WAN is a WAN is a single networksingle network

– built by a carrier (ISP 、固網電信公司 )

Possible solutionsPossible solutions

– Point-to-Point Leased Line Networks （例：中華電信 T1, T3 專線）

– Public Switched Data Networks (PSDN)

• Frame RelayFrame Relay（例：亞太線上（例：亞太線上——訊框傳送服務）訊框傳送服務）

• ATM (Asynchronous Transfer Mode)ATM (Asynchronous Transfer Mode)（例：台灣固網（例：台灣固網——國內數據國內數據—— ATMATM 服務）服務）

• MPLSMPLS（例：易達通電訊）（例：易達通電訊）

• Metropolitan Area EthernetMetropolitan Area Ethernet

易達通電訊 MPLS-VPN

6-27-1

補充


WAN-2 WAN-1

LAN ＋ WAN vs. Internet ＋ Intranet

LAN-1LAN-2

LAN-3

LAN-1

LAN-2

LAN-3LAN-4

LAN-5

WAN-3

LAN-1

LAN-1

WAN-4

LAN-4LAN-1

中國台灣美國

6-27-2

補充


Figure 1-8: LANs vs. WANs

CharacteristicsCharacteristics

ScopeScope

Cost per bit TransmittedCost per bit Transmitted

Typical SpeedTypical Speed

LANsLANs

For transmission within a site ( 場所 ): campus,building, and SOHO (Small Office or

Home Office) LANs

For transmission within a site ( 場所 ): campus,building, and SOHO (Small Office or

Home Office) LANs

LowLow

Unshared 100 Mbps to a gigabit per second to each desktop. Even fastertrunk line speeds.

Unshared 100 Mbps to a gigabit per second to each desktop. Even fastertrunk line speeds.

WANsWANs

For transmissionbetween sites

For transmissionbetween sites

HighHigh

Shared 128 kbps to several megabits per second trunk line speeds

Shared 128 kbps to several megabits per second trunk line speeds


Figure 1-8: LANs vs. WANs

Characteristics

ManagementManagement

LANs WANsWANs

On own premises, sofirm builds andmanages its own LANor outsources theWork

On own premises, sofirm builds andmanages its own LANor outsources theWork

Must use a carrier with rights of way for transmission in publicArea. Carrier handles most work butCharges a high price.

Must use a carrier with rights of way for transmission in publicArea. Carrier handles most work butCharges a high price.

ChoicesChoices UnlimitedUnlimited Only those offered bycarrier

Only those offered bycarrier


Figure 1-9: Local Area Network (LAN) in a Large Building

Multi-floorOffice Building

The bank has multiple LANs — one at each site

(buildings, branch offices…)

The bank has multiple LANs — one at each site

(buildings, branch offices…)


Figure 1-9: Local Area Network (LAN) in a Large Building

Router Core Switch

Workgroup Switch 2

Workgroup Switch 1

Wall Jack

ToWAN

Wall Jack

Server

Client

Frames from the client to the server go through Workgroup Switch 2, through the Core Switch, through Workgroup Switch 1, and then to the server

Part V: Internets


Figure 1-11: Internets

Single LANs vs.Single LANs vs. InternetsInternets

– In single networks (LANs and WANs), all devices connect to one another by switches—our focus so far.

– In contrast, an internet is a group of networks connected by routers so that any application on any host on any single network can communicate with any application on any other host on any other network in the internet.

LANLAN WANWAN LANLAN

Application Application

Router Router



Internet ComponentsInternet Components

– All computers in an internet are called hosts• Servers, clients, PDAs, cellphones, etc.Servers, clients, PDAs, cellphones, etc.

Cat

InternetInternet

Client PC(Host)

Cellphone(Host)

VoIP Phone(Host)

PDA(Host)

Server(Host)



Hosts have two addressesHosts have two addresses IP AddressIP Address

– This is the host’s official address on its internet

– 32 bits long (just for IPv4)

– Expressed for people in dotted decimal notation e.g., 128.171.17.13

Single-Network Addresses (Single-Network Addresses (MAC AddressMAC Address))

– This is the host’s address on its single network

– For instance, Ethernet addresses are 48 bits long

– Expressed in hexadecimal notation e.g., AF-23-9B-E8-67-47



Networks are connected by devices called routersNetworks are connected by devices called routers

– Switches provide connections within networks, while routers provide connections between networks in an internet.

Frames and PacketsFrames and Packets

– In single networks (LANs and WANs), message are called frames

– In internets, messages are called packets


Figure 1-12: Internet with Three Networks

(Source)Host A

Network X(LAN) Network Y

(WAN)(LAN)Network Z

R1

R2

Route A-B

PacketPacket

A packet goes all theway across the internet;

It’s path is its route

A packet goes all theway across the internet;

It’s path is its route

X2X1

Z1Z2Host B(Destination)



Packets are carried within framesPackets are carried within frames

– One packet is transmitted from the source host to the destination host across the entire internet

– Within a single network, the packet is encapsulated in (carried in) the network’s frame

FrameTruck

(frame)

Package(Packet)PacketPacket

Source: ADestination: B

Source: ADestination: R1



Mobile ClientHost

ServerHost

SwitchX2

SwitchX1

Switch

Router R1D6-EE-92-5F-C1-56

Network XRoute A-BRoute A-B

A route is a packet’spath through the internet

A route is a packet’spath through the internet

Data linkA-R1

Data linkA-R1

A data Link is aframe’s path through

its single network

A data Link is aframe’s path through

its single network

In Network X, the Packet is Placed in Frame X

Host A10.0.0.23

AB-23-D1-A8-34-DD

Switch

Packet

Frame X



Router R1

Router R2AF-3B-E7-39-12-B5

PacketFrame Y

ToNetwork X

ToNetwork Z Network Y

Data LinkR1-R2

RouteA-B

Packet

Packet



Host Bwww.pukanui.com

1.3.45.11155-6B-CC-D4-A7-56

Mobile Client Host

SwitchZ1

Switch

SwitchZ2

Switch

PacketFrame Z

Network Z

Router R2

Router

Data LinkR2-B

Mobile ClientComputer



In this internet with three networks, in a transmission,In this internet with three networks, in a transmission,

– There is one packet

– There are three frames (one in each network)

If a packet in an internet must pass through 10 networks,If a packet in an internet must pass through 10 networks,

– How many packets will be sent?

– How many frames must carry the packet?


10000000101010110001000100001101 10000000101010110001000100001101

Figure 1-13: Converting IP Addresses into Dotted Decimal Notation

Divided into 4 bytes. Theseare segments.

10000000 10101011 00010001 0000110100001101

Dotted decimal notation(4 segments separated by dots)

Dotted decimal notation(4 segments separated by dots)

IP Address (32 bits long)

Convert each byte todecimal (result will bebetween 0 and 255)*

128 171 17 1313

*The conversion process is described in the Hands On section at the end of the chapter.

128.171.17.13128.171.17.13


Figure 1-25: Windows Calculator


Figure 1-14: The Internet, internets, Intranets, and Extranets

The Global InternetThe Global Internet

– Spelled with a lowercase i, internet means any internet

– Spelled with a uppercase I, Internet means the global Internet



The Internet (Figure 1-17)The Internet (Figure 1-17)

– Host computers

– Internet service providers (ISPs)

• Required to access the InternetRequired to access the Internet

• Carry your packets across the InternetCarry your packets across the Internet

• Collect money to pay for the InternetCollect money to pay for the Internet

– The Internet backbone consists of many ISPs

• ISPs interconnect at Network access points (ISPs interconnect at Network access points (NAPNAPs) to exchange s) to exchange cross-ISP trafficcross-ISP traffic

The Internet is a collection of independent commercial ISPs.The Internet is a collection of independent commercial ISPs.


Figure 1-17: The Internet

User PC’sInternet Service

Provider

Webserver’sInternet Service

Provider

ISP ISP

User PCHost Computer

WebserverHost Computer

NAP = Network Access Point

Router

NAPNAPNAPNAP

NAPNAPISP

ISP

Internet Backbone(Multiple ISP Carriers)

AccessLine

AccessLine


Figure 1-18: Subnets in an Internet

LAN 1LAN 2

Note: Subnets are single networks (collections of switches, transmission lines)Often just show subnets as lines in internet diagrams.

RouterR1

Router R3

RouterR4

Router R2

LAN Subnet10.1.x.x

WANSubnet

123.x.x.x

LAN Subnet60.4.3.x

LAN Subnet10.2.x.x

LAN Subnet10.3.x.x

LAN Subnet60.4.15.x

LAN Subnet60.4.7.x

LAN Subnet60.4.131.x


Figure 1-19: Terminology Differences for Single-Network and Internet Professionals

By Single-NetworkProfessionals

By InternetProfessionals

By InternetProfessionals

Single Networks AreCalled

Networks SubnetsSubnets

Internets Are CalledInternets Are Called InternetsInternets NetworksNetworks

In this book, to avoid confusion,

we will call internets “internets”

and subnets “single networks”

Internet specialists and single-network specialistsuse conflicting terminology:



IntranetIntranetss

– An intranet is an internal internet for use within an organization

– Based on the TCP/IP standards created for the Internet

“Intra” means “within”



ExtranetExtranetss

– To connect multiple firms

• Only some computersOnly some computers from each firm are on the extranet from each firm are on the extranet

– Use TCP/IP standards

“Extra” means “outside”



Intranets, Extranets, and the InternetIntranets, Extranets, and the Internet

– Confusingly, both intranets and extranets can use the Internet for some of their transmission capacity

– Although intranets operate within firms, firms have many sites.

• Site-to-site communication within an intranet may use the Internet Site-to-site communication within an intranet may use the Internet for transmission.for transmission.

– In an extranet, the companies may use the Internet to reach one another.


The Internet

No central computer systemNo central computer system

– but has communication standards (IP-based)

No governing bodyNo governing body

– but have many international advisory and standard groups: ISOC, W3C, IETF, TWNIC…

No one owns itNo one owns it

– composed of many networks owned by commercial ISPs, educational/research/government organizations…

6-13

補充


Internet World Stats補充

2007 年底 : 1,319,872,109


Internet World Stats (cont.)補充


Internet Traffic Report

http://www.internettrafficreport.com/

補充


Figure 1-15: Routers(19 inches / 48 cm Wide)


Figure 1-20: IP Address Management

Every host must have a unique IP addressEvery host must have a unique IP address

– Server hosts are given static IP addresses (unchanging)

？：？： Server Server 真得真得固定固定 IPIP 嗎？嗎？

– Clients get dynamic (temporary) IP addresses that may be different each time they use an internet

Dynamic Host Configuration Protocol (DHCP)

• Clients get these dynamic IP addresses from Clients get these dynamic IP addresses from DHCP servers (Figure 1-21)DHCP servers (Figure 1-21)


Figure 1-21: Dynamic Host Configuration Protocol (DHCP)

Client PCA3-4E-CD-59-28-7F

DHCPServer

DHCP Request Message:“My 48-bit Ethernet address is A3-4E-CD-59-28-7F.

Please give me a 32-bit IP address.”

Pool ofIP Addresses

10.1.1.2210.1.1.23

…

10.1.1.2210.1.1.23

…

Client 如何知道 DHCP Server 的位置 (IP)?


Figure 1-21: Dynamic Host Configuration Protocol (DHCP)

Client PCA3-4E-CD-59-28-7F

DHCPServer

DHCP Response Message:“Computer at A3-4E-CD-59-28-7F,

your 32-bit IP address is 11010000101111101010101100000010”.(Usually other configuration parameters as well.)

Pool ofIP Addresses

10.1.1.2210.1.1.23

…

10.1.1.2210.1.1.23

…


Figure 1-20: IP Address Management

Domain Name System (Domain Name System (DNSDNS) )

– IP addresses are official addresses on the Internet and other internets

– Hosts can also have host names (e.g., www.ncyu.edu.tw)

• Not official—like nicknamesNot official—like nicknames

• DNS addressDNS address

– If you only know the host name of a host that you want to reach, your computer must learn its IP address

• DNS servers tell our computer the IP address of a target host whose DNS servers tell our computer the IP address of a target host whose name you know. (Figure 1-22)name you know. (Figure 1-22)

DNS AddressDNS Address = = Host NameHost Name + + Domain NameDomain Name= = wwwwww..mis.ncyu.edu.twmis.ncyu.edu.tw


Figure 1-22: The Domain Name System (DNS)

1.Client Host

wishes to reachVoyager.cba.hawaii.edu;

Needs to knowits IP Address

2. Sends DNS Request Message“The host name is Voyager.cba.hawaii.edu”

Host Name IP Address … …… …Voyager.cba.hawaii.edu 128.171.17.13… …


DNS Table

DNSHost

ClientHost

Voyager.cba.hawaii.edu128.171.17.13




DNS Table

DNSHost


4. DNS Response Message“The IP address is 128.171.17.13”

5.Client sends packets to

128.171.17.13

3.DNS Hostlooks up

IP address

Client 如何知道 DNS Server 的位置

(IP)?

ClientHost

Voyager.cba.hawaii.edu128.171.17.13





DNS Table

Client Host

1. DNS Request Message

Another DNS Host

LocalDNSHost

3. DNS Response Message

The local DNS hostsends back the response;the user is unaware that

other DNS hosts were involved

The local DNS hostsends back the response;the user is unaware that

other DNS hosts were involved

If local DNS host does nothave the target host’s IP address,

it contacts other DNS hoststo get the IP address

If local DNS host does nothave the target host’s IP address,

it contacts other DNS hoststo get the IP address

2.Request &Response

Part VI: Security


Figure 1-23: Firewall and Hardened Hosts

LegitimateHost

LegitimatePacket

BorderFirewall

HardenedServer

Allowed LegitimatePacket

HardenedClient PC

InternalCorporateNetwork

Border firewallshould pass

legitimate packets

Border firewallshould pass

legitimate packets

TheInternet

Attacker

Log File



LegitimateHost

AttackPacket

DeniedAttack Packet

HardenedServer

HardenedClient PC

InternalCorporateNetwork

Border firewallshould deny (drop)

and logattack packets

Border firewallshould deny (drop)

and logattack packets

TheInternet

BorderFirewall

Attacker

Log File



LegitimateHost

Attacker

AttackPacket

TheInternet

BorderFirewall

AttackPacket

AttackPacket

Log FileHosts shouldbe hardened

against attack packetsthat get through

Hosts shouldbe hardened

against attack packetsthat get through

HardenedServer

HardenedClient PC

Anti-viruspersonal firewall

Cryptographic protections


Figure 1-24: Cryptographic Protections

CryptographyCryptography

– The use of mathematical operations (?) to thwart attacks on message exchanges between pairs of communicating parties (people, programs, or devices)

Cryptography is ExpensiveCryptography is Expensive

– Usually only sensitive communications are cryptographically secured

Cryptographic Protection begins with Cryptographic Protection begins with Initial AuthenticationInitial Authentication

– Determine the other party’s identity to thwart impostors （騙子）


Figure 1-24: Cryptographic Protections

Message-by-Message ProtectionsMessage-by-Message Protections

– Encryption to provide confidentiality so that an eavesdropper cannot reach intercepted messages

– Electronic signatures (Digital signatures) provide message-by-message authentication to prevent the insertion of messages by an impostor after initial authentication

– Electronic signatures usually also provide message integrity; this tells the receiver whether anyone has changed the message en route

Recap


Network Elements: Recap

Applications (the only element that users care about)Applications (the only element that users care about)

ComputersComputers

– Clients

– Servers Switches and RoutersSwitches and Routers

Transmission LinesTransmission Lines

– Trunk lines

– Access Lines

Messages (Frames)Messages (Frames)

Wireless Access PointsWireless Access Points

Never talk about aninnovation “reducing cost,”

“increasing speed,” etc.without specifyingwhich element ischeaper or faster.

For example, multiplexingonly reduces the cost of

trunk lines; othercosts are not decreased

Never talk about aninnovation “reducing cost,”

“increasing speed,” etc.without specifyingwhich element ischeaper or faster.

For example, multiplexingonly reduces the cost of

trunk lines; othercosts are not decreased


Recap: LANs and WANs

LANs transmit data LANs transmit data withinwithin corporate sitescorporate sites

WANs transmit data WANs transmit data betweenbetween corporate sitescorporate sites

Each LAN or WAN is a single Each LAN or WAN is a single networknetwork

LAN costs are low andLAN costs are low andspeeds are highspeeds are high

WAN costs are highWAN costs are highand speeds are lowerand speeds are lower

WANWAN



Internets

Most firms have multiple LANs and WANs.Most firms have multiple LANs and WANs.

They must create internetsThey must create internets

– An internet is a collection of networks connected by routers so that any application on any host on any single network can communicate with any application on any other host on any other network in the internet.

Application Application

Router Router



Internets

Elements of an InternetElements of an Internet

– Computers connected to the internet are called hosts

• Both servers and client PCs are hostsBoth servers and client PCs are hosts

– Routers connect the networks of the internet together

• In contrast, switches forward frames within individual In contrast, switches forward frames within individual networksnetworks

Router

Client PC Host Server Host

Router


Internets

Hosts Have Two AddressesHosts Have Two Addresses IP AddressIP Address

– This is the host’s official address on its internet

– 32 bits long

– Expressed for people in dotted decimal notation (e.g., 128.171.17.13)

Single Network AddressesSingle Network Addresses

– This is the host’s address on its single network

– Ethernet addresses, for instance, are 48 bits long

– Expressed in hexadecimal notation, e.g., AF-23-9B-E8-67-47


Recap

Switches versus RoutersSwitches versus Routers

– Switches move frames through a single network (LAN or WAN)

– Routers move packets through internets

MessagesMessages

– Messages in single networks are called frames

– Messages in internets are called packets

– Packets are encapsulated within (carried inside) frames


Security

SecuritySecurity

– Firewalls

– Hardened Hosts

– Cryptographic securityfor sensitive dialogues

• Initial authenticationInitial authentication

• Encryption for confidentialityEncryption for confidentiality

• Electronic signatures for Electronic signatures for authentication and message authentication and message integrityintegrity

Documents

An Introduction to Networking Chapter 1 Panko’s Business Data Networks and Telecommunications, 6 th edition Copyright 2007 Prentice-Hall (Modified by Kevin