SlideShare une entreprise Scribd logo
1  sur  140
Télécharger pour lire hors ligne
Data Communications and Computer Networks
1/28/2023 NA/CSE 6406, CSE Program/ASTU 1
2
Data Networks
Sharing data through the use of floppy disks is not an efficient
or cost-effective manner.
Businesses needed a solution that would successfully address
the following three problems:
• How to avoid duplication of equipment and resources
• How to communicate efficiently
• How to set up and manage a network
Businesses realized that networking technology could increase
productivity while saving money.
3
Networking Devices
Equipment that connects directly to a network segment is
referred to as a device.
These devices are broken up into two classifications.
 End-user devices
 Network devices
End-user devices include computers, printers, scanners, and
other devices that provide services directly to the user.
Network devices include all the devices that connect the end-
user devices together to allow them to communicate.
4
Network Interface Card
A network interface card (NIC) is a printed circuit board
that provides network communication capabilities to and
from a personal computer. Also called a LAN adapter.
5
Hub
Connects a group of Hosts
We divide connecting devices into
five different categories based on
the layer in which they operate in a
network
6
Switch
Switches add more
intelligence to data transfer
management.
7
Router
Routers are used to connect networks together
Route packets of data from one network to another
Cisco became the de facto standard of routers because of their high-
quality router products
Routers, by default, break up a broadcast domain
8
Found by Xerox Palo Alto Research Center (PARC) in
1975
Original designed as a 2.94 Mbps system to connect
100 computers on a 1 km cable
Later, Xerox, Intel and DEC drew up a standard
support 10 Mbps – Ethernet II
Basis for the IEEE’s 802.3 specification
Most widely used LAN technology in the world
Origin of Ethernet(Network Media)
9
10 Mbps IEEE Standards - 10BaseT
• 10BaseT  10 Mbps, baseband,
over Twisted-pair cable
• Running Ethernet over twisted-pair
wiring as specified by IEEE 802.3
• Configure in a star pattern
• Twisting the wires reduces EMI
• Fiber Optic has no EMI
Unshielded twisted-pair
RJ-45 Plug and Socket
10
 Unshielded Twisted Pair Cable (UTP)
most popular
maximum length 100 m
prone to noise
Category 1
Category 2
Category 3
Category 4
Category 5
Category 6
Voice transmission of traditional telephone
For data up to 4 Mbps, 4 pairs full-duplex
For data up to 10 Mbps, 4 pairs full-duplex
For data up to 16 Mbps, 4 pairs full-duplex
For data up to 100 Mbps, 4 pairs full-duplex
For data up to 1000 Mbps, 4 pairs full-duplex
Twisted Pair Cables
11
 Baseband Transmission
 Entire channel is used to transmit a single digital signal
 Complete bandwidth of the cable is used by a single signal
 The transmission distance is shorter
 The electrical interference is lower
 Broadband Transmission
 Use analog signaling and a range of frequencies
 Continuous signals flow in the form of waves
 Support multiple analog transmission (channels)
Modem Broadband
Transmission
Network
Card
Baseband
Transmission
Baseband VS Broadband
12
Straight-through cable
13
Straight-through cable pinout
14
Crossover cable
15
Crossover cable
16
Rollover cable
17
Rollover cable pinout
18
Straight-Through or Crossover
Use straight-through cables for the following cabling:
 Switch to router
 Switch to PC or server
 Hub to PC or server
Use crossover cables for the following cabling:
 Switch to switch
 Switch to hub
 Hub to hub
 Router to router
 PC to PC
 Router to PC
Network Architecture
The Concept of Layered Architecture
1/28/2023 19
NA/CSE 6406, CSE Program/ASTU
OSI Layers, Standards and Protocols
Objectives
• On completion of this topic, students will be able to
• Identify elements of data communication and particularly
protocols/standards
• Identify, describe and understand various issues related to
internetworking
– Standards/models
– Layered architectures packets, frames, data, addressing,
– flow control, error detection/control, congestion, etc)
20
1/28/2023 NA/CSE 6406, CSE Program/ASTU
OSI Layers, Standards and Protocols
• Network Architecture is the complete framework of an organization's computer network.
• The diagram of the network architecture provides a full picture of the established
network with detailed view of all the resources accessible.
• It includes
– Hardware components used for communication,
– cabling and device types,
– network layout and topologies,
– physical and wireless connections,
– implemented areas and future plans.
• In addition, the software rules and protocols also constitute to the network architecture.
• This architecture is always designed by a network manager/administrator with
coordination of network engineers and other design engineers.
1/28/2023 NA/CSE 6406, CSE Program/ASTU 21
OSI Layers, Standards and Protocols
• Network architectures define the standards and techniques for designing and
building communication systems for computers and other devices.
• In the past, vendors developed their own architectures and required that other
vendors conform to this architecture if they wanted to develop compatible
hardware and software.
• There are proprietary network architectures such as IBM's SNA(Systems
Network Architecture)
• There are open architectures like the OSI(Open Systems Interconnection)
model defined by the International Organization for Standardization.
• The previous strategy, where the computer network is designed with the
hardware as the main concern and not the software .
• Network software is now highly structured.
• To reduce the design complexity, most of the networks are organized as a series
of layers or levels, each one build up on one below it
1/28/2023 NA/CSE 6406, CSE Program/ASTU 22
OSI Layers, Standards and Protocols
1/28/2023 NA/CSE 6406, CSE Program/ASTU 23
• With the OSI model, networks can be broken up in to manageable
components/pieces.
• The OSI model provides a common language to explain components
and their functionality
OSI Layers, Standards and Protocols
• Violating the protocol will make communication more difficult or
impossible.
– The entities comprising the corresponding layers on different
machines are called peers.
– In reality, no data is transferred `from layer n on one machine to
layer no f an other machine.
– Instead, each layer passes data and control information to the layer
immediately below it, until the lowest layer is reached.
Belowlayer-1 is the physical layer through which actual
communication occurs.
– The peer process abstraction is crucial to all network design.
– Using it, the unmanageable tasks of designing the complete
network can be broken in to several smaller, manageable, design
problems, namely design of individual layers.
1/28/2023 NA/CSE 6406, CSE Program/ASTU 24
OSI Layers, Standards and Protocols
• A general definition:
– The accepted or established code of procedure or behavior in any group,
organization, or situation
– The rules of correct or appropriate behavior of a group, organization, or profession
• Definition in computing:
– Set of rules governing the exchange or transmission of data electronically between
devices/computers
– How to find a computer(DNS, IP addresses)
– How to send data back and forth(TCP/UDP)
– How to send formatted messages for specific applications(HTTP for web)
– To perform a task, the involved parties usually follow a common protocol designed
for this task
– A protocol is just a set of rules or conventions
– Different tasks use different protocols
1/28/2023 25
NA/CSE 6406, CSE Program/ASTU
OSI Layers, Standards and Protocols
• A series of rules known as computer communication protocols specify
how packet headers are formed and how packets are processed.
• For example, if any network or device malfunctions,
– Protocols detect the failure and automatically
– Find an alternative path for packets in order to avoid the malfunction.
• Protocol software also ensures that data arrives complete and intact.
– If any packets are missing or damaged, protocol software on the
receiving computer requests that the source resend them.
• Only when the data has arrived correctly does the protocol software
make it available to the receiving application program, and therefore to
the user.
1/28/2023 NA/CSE 6406, CSE Program/ASTU 26
OSI Layers, Standards and Protocols
• In other words, in computer networks, communication occurs between
entities in different systems.
• An entity is anything capable of sending or receiving information.
• However, two entities cannot simply send bit streams to each other
and expect to be understood.
• For communication to occur, the entities must agree on a protocol.
• A protocol is a set of rules that govern data communications.
• A protocol defines what is communicated, how it is communicated,
and when it is communicated.
• The key elements of a protocol, therefore, are syntax, semantics, and
timing.
– Syntax: The term syntax refers to the structure or format of the data,
meaning the order in which they are presented.
27
1/28/2023 NA/CSE 6406, CSE Program/ASTU
OSI Layers, Standards and Protocols
• For example, a simple protocol might expect the first 8 bits of data to
be the address of the sender, the second 8 bits to be the address of
the receiver, and the rest of the stream to be the message itself.
– Semantics: The word semantics refers to the meaning of each section
of bits.
• How is a particular pattern to be interpreted, and what action is to
be taken based on that interpretation?
• For example, does an address identify the route to be taken or the
final destination of the message?
– Timing: The term timing refers to two characteristics: when data
should be sent and how fast they can be sent.
• For example, if a sender produces data at 100 Mbps but the receiver
can process data at only 1 Mbps, the transmission will overload the
receiver and some data will be lost.
28
1/28/2023 NA/CSE 6406, CSE Program/ASTU
OSI Layers, Standards and Protocols
1/28/2023 NA/CSE 6406, CSE Program/ASTU 29
OSI Layers, Standards and Protocols
• One OSI layer communicates with another layer to make use of the services
provided by the second layer.
• The services provided by adjacent layers help a given OSI layer communicate with
its peer layer in other computer systems.
• Three basic elements are involved in layer services: the service user, the service
provider, and the service access point(SAP).
• In this context, the service user is the OSI layer that requests services from an
adjacent OSI layer.
• The service provider is the OSI layer that provides services to service users.
• OSI layer scan provide services to multiple service users.
• The SAP is a conceptual location at which one OSI layer can request the services of
another OSI layer.
1/28/2023 NA/CSE 6406, CSE Program/ASTU 30
OSI Layers, Standards and Protocols
• Standards are essential in creating and maintaining an open and
competitive market for equipment manufacturers and in guaranteeing
national and international interoperability of data and
telecommunications technology and processes.
• Standards provide guidelines to manufacturers, vendors, government
agencies, and other service providers to ensure the kind of
interconnectivity necessary in today's marketplace and in international
communications.
• Data communication standards fall into two categories:
– de facto (meaning "by fact" or "by convention") and
– de jure (meaning "by law" or "by regulation").
31
1/28/2023 NA/CSE 6406, CSE Program/ASTU
OSI Layers, Standards and Protocols
• De facto: Standards that have not been approved by an organized
body but have been adopted as standards through widespread use
are de facto standards.
– De facto standards are often established originally by manufacturers who
seek to define the functionality of a new product or technology.
• De jure: Those standards that have been legislated by an officially
recognized body are de jure standards.
• In computer networks, communication occurs between entities in
different systems.
32
1/28/2023 NA/CSE 6406, CSE Program/ASTU
OSI Layers, Standards and Protocols
• Computer networks are created by different entities.
• Standards are needed so that these heterogeneous networks can
communicate with one another.
• The two best-known standards(models) are the OSI model and the
TCP/IP model.
• The OSI (Open Systems Interconnection) model defines a seven-
layer network; the Internet model defines a five-layer network.
• Each layer at the sending site uses the services of the layer
immediately below it.
• The sender at the higher layer uses the services of the middle layer.
• The middle layer uses the services of the lower layer.
• The lower layer uses the services of the carrier.
33
1/28/2023 NA/CSE 6406, CSE Program/ASTU
OSI Layers, Standards and Protocols
To address the problem of networks increasing in size and in number,
the International Organization for Standardization (ISO) researched
many network schemes and recognized that there was a need to create a
network model
This would help network builders implement networks that could
communicate and work together
ISO therefore, released the OSI reference model in 1984.
34
• The layered model that dominated data communications and networking literature
before 1990 was the Open Systems Interconnection (OSI) model.
• Everyone believed that the OSI model would become the ultimate standard for data
communications, but this did not happen.
• The TCP/IP protocol suite became the dominant commercial architecture because it
was used
Why do we need the OSI Model?
1/28/2023 NA/CSE 6406, CSE Program/ASTU
OSI Layers, Standards and Protocols
Don’t Get Confused.
ISO - International Organization for Standardization
OSI - Open System Interconnection
IOS - Internetwork Operating System
To avoid confusion, some people say “International
Standard Organization.”
35
1/28/2023 NA/CSE 6406, CSE Program/ASTU
OSI Layers, Standards and Protocols
7 Application
6 Presentation
5 Session
4 Transport
3 Network
2 Data Link
1 Physical
The OSI Model will be used
throughout your entire
networking career!
36
1/28/2023 NA/CSE 6406, CSE Program/ASTU
The OSI Reference Model
37
OSI Layers, Standards and Protocols
Transport
Data-Link
Physical
Network
Upper-Layer Data
Upper-Layer Data
TCP Header
Data
IP Header
Data
LLC Header
0101110101001000010
Data
MAC Header
Presentation
Application
Session
Segment
Packet
Bits
Frame
PDU
FCS
FCS
A frame check
sequence (FCS) field
1/28/2023 NA/CSE 6406, CSE Program/ASTU
Data Encapsulation
38
OSI Layers, Standards and Protocols
Data Encapsulation
1/28/2023 NA/CSE 6406, CSE Program/ASTU
39
OSI Layers, Standards and Protocols
Data Flow Through a Network
1/28/2023 NA/CSE 6406, CSE Program/ASTU
OSI Layers, Standards and Protocols
• Each Layer of OSI model is a package of protocols
• Application layer
– Used by network applications
• Computer applications that use internet (Google, Firefox,
outlook, Skype, etc)
• Web browsers is a NW applications running in the PC but it
does not reside in the application layer.
• But it uses application layer protocols like HTTP or HTTPs to
do web surfing
• Not only web browsers but also all other Network
applications use application layer
• Other protocols in this layer useful for doing various functions
such as file transfer, virtual terminal, emails, etc include
40
1/28/2023 NA/CSE 6406, CSE Program/ASTU
OSI Layers, Standards and Protocols
• FTP(For File Transfer), NFS, FMTP, DHCP, SNMP, TELNET(virtual
terminals), POP3, SMTP(for email), IRC, NNTP, etc
• Presentation Layer
– Receives data from application letter in the form of characters and numbers
– This layer converts(translates) them to machine understandable
code(binary format). Eg. ASCII to EBCDIC
– Perform also data compression to reduce the file size so that it will be
easily transferred within less time (lossy or lossless) (specially important in
real time data streaming)
– To maintain the integrity of data(to protect sensitive data), encryption is
done by this layer which will be decrypted at the receiver end
• Secure socket Layer(SSL) protocol is used in presentation layer to
decrypt and encrypt data
41
1/28/2023 NA/CSE 6406, CSE Program/ASTU
OSI Layers, Standards and Protocols
• Session Layer
– Setting up and manage connections to enable sending and receiving
data followed by termination of connections/session
– APIs(Application Programming Interfaces) and NETBIOS(network
basic input output system) is an example of APIs which allows
different computer to communicate among each other
• Authentication, authorization are performed by session layer
• Session layer also identifies the type of data that belongs to
which packet as they are placed in different positions(image, text,
etc)
– Generally, session layer is used to
• Manage session
• Authentication
• Authorization
42
1/28/2023 NA/CSE 6406, CSE Program/ASTU
OSI Layers, Standards and Protocols
• Transport Layer
– Controls the reliability of communication in a network through
segmentation, flow control and error control
– In segmentation, data received from session layer is divided into a
small data called segment
• Each segment contains a source and destination port number and a
sequence number
– Port number is useful to direct each segment to the correct
application
– Sequence number is useful to reassemble segment in the correct
order to form correct message at the receiver
– Flow control
• This layer also controls the amount of data being transmitted. Eg
100mbs(server), Mobile (10Mbs).
43
1/28/2023 NA/CSE 6406, CSE Program/ASTU
OSI Layers, Standards and Protocols
– The mobile has to tell to the server to reduce up to 10 Mbs so that
data could not be lost and vice versa to maintain system performance
– Error control: if some data is not arriving appropriately to the
destination, this layer will use automatic repeat request to retransmit
the lost data .
• A group of fields called checksum is added to each segment by
the transport layer to find out receive their appropriate segment
• Protocols in transport layer
– TCP
– UDP
– Perform two types of services
• Connection oriented transmission( done by TCP) which
follows the same route (pre defined path) even though there is
traffic (for the entire connection)
– Session is established and when finished it will be closed.
44
1/28/2023 NA/CSE 6406, CSE Program/ASTU
OSI Layers, Standards and Protocols
• Transport Layer
• Provides feedback so that the lost data can be retransmitted.
• Used where we have matter to get all the data delivery is must.
Eg. www, email, ftp, etc
– Connectionless transmission( done by UDP)- this is the reverse of
the above(changes the route)-no session is established so there will
be an option to change the route.
• This is faster than TCP.
• It does not give feed back about the delivery.
• Used where it does not matter whether we have received all the
data(for example online streaming movies, audio, games, voice
over IP)-TFTP, DNS
• Involves in segmentation, flow control, error control,
connection and connectionless transmission
• Passes data segment to the network layer
45
1/28/2023 NA/CSE 6406, CSE Program/ASTU
OSI Layers, Standards and Protocols
• Network layer
– Works for the transmission of the received data segment from one
computer to other computer located in different network
– Data units in the NW layer are called packet
– It is where routers reside(i.e. router is a device working on a
network layer)
– Here there are two protocols working
• Routed Protocols(IPV4, IPV6, IPX, Apple)
• Routing protocols(RIP, IGRP, OSPF, EIGRP)
– Functions
• Logical addressing(IP1, IP2)
• Routing(method of moving data from source to destination(IP4
or IPV6 and mask for routing will be decided)
• Path determination(choosing the best possible path for better
delivery)- it uses these OSPF, BGP, IS-IS for this
46
1/28/2023 NA/CSE 6406, CSE Program/ASTU
OSI Layers, Standards and Protocols
• Data Link Layer
– In data link layer, a packet is encapsulated into a frame
– This layer prepares network layer packets for the transport across by a
local media by encapsulating within the header and trailer to create its
typical data unit called PDU(the data link layer PDU) is called frame
– Relieves the upper layers from the responsibilities of preparing data into
the network and receiving data from the network
• Data link layer is divided into two sub layers
– Logical link control
• Concerned with multiplexing protocols transmitted over the MAC
layer (when transmitting) and demultiplexing them(when receiving)
• It talks about WAN protocols
– PPP(point to point protocol), HDLC(High data link control),
frame relay
47
1/28/2023 NA/CSE 6406, CSE Program/ASTU
OSI Layers, Standards and Protocols
• Data Link Layer
– Two types of addressing
– Data packet contains IP address of the receiver and the sender
– Logical Addressing: done at NW layer
– Physical Addressing: is done at data link layer(MAC address of a
sender and a receiver is added to each packet received from network
layer to form a frame (MAC1 MAC2 (IP1 IP2, Segment,
Trail))frame
– MAC:12 digit alphanumeric embedded in NIC of a computer by
manufacturers
• Data Packet(IP1 IP2, Segment, Trail): Network layer
• A media access method/control(MAC) refers to the manner in which a
computer gains and controls access to the network’s physical medium
(e.g., cable).
48
1/28/2023 NA/CSE 6406, CSE Program/ASTU
OSI Layers, Standards and Protocols
• Data Link Layer
– Controls how data is placed and received from the media(called
media access control and may be collision(CSMA/CD by data link
layer) as well as error correction (frames also include data(binary
data(bits) for error detection and correction))
• Common media access methods include the following:
– CSMA/CD
– CSMA/CA
– Token Passing
• One of the primary concerns with media access is how to prevent
packets from colliding when two or more computers try to transmit
simultaneously.
49
1/28/2023 NA/CSE 6406, CSE Program/ASTU
OSI Layers, Standards and Protocols
Data Link Layer
– Each of the methods listed above takes a different approach to this problem.
– Data transmitted over a network is sent one bit at a time.
– A bit is either a 1 or a 0 represented by a voltage change (on or off) or a light
pulse.
– If two stations are transmitting at the same time, it is possible that the signals
may overlap, resulting in garbled data.
– Such overlapping is referred to as a "collision."
– CSMA/CD
• Stands for Carrier-Sense Multiple Access with Collision Detection.
• It is a media access method which means it defines how the network places
data on the cable and how it takes it off.
• CSMA/CD specifies how bus topologies such as Ethernet handle
transmission collisions.
50
1/28/2023 NA/CSE 6406, CSE Program/ASTU
• Data Link Layer
– CSMA/CD
• A collision occurs when two or more computers transmit
signals at the same time.
– "Carrier Sense" means that each station on the LAN
continually listens to (tests) the cable for the presence of a
signal prior to transmitting.
– "Multiple Access" means that there are many computers
attempting to transmit and compete for the opportunity to
send data (i.e., they are in contention).
– "Collision Detection" means that when a collision is
detected, the stations will stop transmitting and wait a
random length of time before retransmitting.
51
1/28/2023 NA/CSE 6406, CSE Program/ASTU
OSI Layers, Standards and Protocols
OSI Layers, Standards and Protocols
• Data Link Layer
– CSMA/CD
– CSMA/CD works best in an environment where relatively fewer,
longer data frames are transmitted.
• This is in contrast to token passing which works best with a
relatively large amount of short data frames.
• CSMA/CD is used on Ethernet networks.
• Because CSMA/CD works to control or manage collisions rather
than prevent them, network performance can be degraded with
heavy traffic.
• The greater the traffic, the greater the number of collisions and
retransmissions.
52
1/28/2023 NA/CSE 6406, CSE Program/ASTU
OSI Layers, Standards and Protocols
• Data Link layer
– CSMA/CD Operation
• In its most simple form it operates as follows:
– A station that wishes to transmit on the network checks to
see if the cable is free.
– If the cable is free, the station starts transmitting.
– However, another station may have detected a free cable at
the same instant and also start transmitting. The result is a
"collision."
– Once the collision is detected, all stations immediately stop
transmitting.
– Stations then wait a random length of time before checking
the cable and then retransmit
53
1/28/2023 NA/CSE 6406, CSE Program/ASTU
• Data Link Layer
– CSMA/CA
• Stands for Carrier-Sense Multiple Access with Collision Avoidance and is a
media access method very similar to CSMA/CD.
• The difference is that the CD (collision detection) is changed to CA (collision
avoidance).
• Instead of detecting and reacting to collisions, CSMA/CA tries to avoid them by
having each computer signal its intention to transmit before actually transmitting.
• In effect, the transmitting computer gives a 'heads up' prior to transmitting.
• Although CSMA/CA can prevent collisions, it comes with a cost in the form of the
additional overhead incurred by having each workstation broadcast it's intention
prior to transmitting.
• Thus, CSMA/CA is slower than CSMA/CD.
• CSMA/CA is used on Apple networks and on WiFi (IEEE 802.11) networks.
54
1/28/2023 NA/CSE 6406, CSE Program/ASTU
OSI Layers, Standards and Protocols
OSI Layers, Standards and Protocols
• Physical Layer devices, physical layer roles/services
– Devices of this layer
• Hubs, Cables, Repeaters, Modems(External Vs Internal)
– We get bits(0’s and 1’s) in this layer.
– Physical layer convert this sequence of bits(frame data) from the data
link layer into signals)-light signals(fiber optics), electronic
signal(Coaxial, UTP), radio signal(air) which will be converted to bits
and then to frame, then to packet etc in the destination computer
– In the receiving end-the bits from physical layer are converted to bits
and then to frame in data link layer
– Radio signal(Air), fiber optics, copper wire
– Allows upper layers place data (access media) through framing
(media access control)
55
1/28/2023 NA/CSE 6406, CSE Program/ASTU
56
1/28/2023 NA/CSE 6406, CSE Program/ASTU
OSI Layers, Standards and Protocols
OSI Layers, Standards and Protocols
57
1/28/2023 NA/CSE 6406, CSE Program/ASTU
OSI Layers, Standards and Protocols
TCP/IP PROTOCOL SUITE
• The TCPIIP protocol suite was developed prior to the OSI model.
• Therefore, the layers in the TCP/IP protocol suite do not exactly match
those in the OSI model.
• The original TCP/IP protocol suite was defined as having four layers: host-
to-network, internet, transport, and application.
• However, when TCP/IP is compared to OSI, we can say that the host-to-
network layer is equivalent to the combination of the physical and data link
layers.
• The internet layer is equivalent to the network layer, and the application
layer is roughly doing the job of the session, presentation, and application
layers with the transport layer in TCP/IP taking care of part of the duties of
the session layer.
• So in this book, we assume that the TCPIIP protocol suite is made of five
layers: physical, data link, network, transport, and application.
58
1/28/2023 NA/CSE 6406, CSE Program/ASTU
OSI Layers, Standards and Protocols
• TCP/IP PROTOCOL SUITE
– The first four layers provide physical standards, network interfaces,
internetworking, and transport functions that correspond to the first four layers
of the OSI model.
– The three topmost layers in the OSI model, however, are represented in TCPIIP
by a single layer called the application layer (see the figure on the next slide).
– At the transport layer, TCP/IP defines three protocols: Transmission Control
Protocol (TCP), User Datagram Protocol (UDP), and Stream Control
Transmission Protocol (SCTP).
– At the network layer, the main protocol defined by TCP/IP is the
Internetworking Protocol (IP)
59
1/28/2023 NA/CSE 6406, CSE Program/ASTU
OSI Layers, Standards and Protocols
60
TCP/IP Layers
1/28/2023 NA/CSE 6406, CSE Program/ASTU
61
OSI Layers, Standards and Protocols
*Used by the Router
Application
Transport
Internet
Data-Link
Physical
File Transfer
- TFTP*
- FTP*
- NFS
E-Mail
- SMTP
Remote Login
- Telnet*
- rlogin*
Network Management
- SNMP*
Name Management
- DNS*
1/28/2023 NA/CSE 6406, CSE Program/ASTU
TCP/IP Application Layer Overview
62
OSI Layers, Standards and Protocols
Transmission Control
Protocol (TCP)
User Datagram
Protocol (UDP)
Application
Transport
Internet
Data-Link
Physical
Connection-
Oriented
Connectionless
1/28/2023 NA/CSE 6406, CSE Program/ASTU
TCP/IP Transport Layer Overview
63
OSI Layers, Standards and Protocols
Source Port (16) Destination Port (16)
Sequence Number (32)
Header
Length (4)
Acknowledgment Number (32)
Reserved (6) Code Bits (6) Window (16)
Checksum (16) Urgent (16)
Options (0 or 32 if Any)
Data (Varies)
20
Bytes
Bit 0 Bit 15 Bit 16 Bit 31
1/28/2023 NA/CSE 6406, CSE Program/ASTU
TCP/IP Segment Format
Computer Network Security Basics
Data Communication and Computer
Networks
What is network security?
65
 While computer systems today have some of the best security
systems ever, they are more vulnerable than ever before.
 This vulnerability stems from the world-wide access to computer
systems via the Internet.
 Network security is preventing attackers from achieving objectives
through unauthorized access or unauthorized use of computers and
networks.
Basic Security Measures
 The basic security measures for computer systems fall into the
following categories:
1. External security
2. Operational security
3. Surveillance
4. Passwords/authentication
5. Auditing
6. Access rights
7. Standard System attacks
8. Viruses/worms and antivirus
tools
9. Firewalls
10. Encryption and Decryption
Techniques
11. Digital Signature
12. Security Policy
66
External Security
 Protection from environmental damage such as floods,
earthquakes, and heat.
 Physical security such as locking rooms, locking down
computers, keyboards, and other devices.
 Electrical protection from power surges.
 Noise protection from placing computers away from devices
that generate electromagnetic interference.
67
Operational Security
1. Deciding who has access to what.
2. Limiting time of day access.
3. Limiting day of week access.
4. Limiting access from a location, such as not allowing a
user to use a remote login during certain periods or any
time.
68
Surveillance
 Proper placement of security cameras can deter theft and
vandalism.
 Cameras can also provide a record of activities.
 Intrusion detection is a field of study in which specialists try
to prevent intrusion and try to determine if a computer
system has been violated.
69
Passwords and ID Systems
 Passwords are the most common form of security and the most
abused.
 Simple rules help support safe passwords, including:
1. Change your password often.
2. Pick a good, random password (minimum 8
characters, mixed symbols).
3. Don’t share passwords or write them down.
4. Don’t select names and familiar objects as passwords.
70
Authentication
71
 Authentication is the process of reliably verifying the identity
of someone (or something) by means of:
 A secret (password [one-time], ...)
 An object (smart card, ...)
 Physical characteristics (fingerprint, retina, ...)
 Trust
Passwords and ID Systems - Authentication?
Many new forms of “passwords” are emerging:
 Fingerprints
 Face prints
 Retina scans and iris scans
 Voice prints
 Ear prints
 Nose recognition
72
Auditing
 Creating a computer or paper audit can help detect wrongdoing.
 Auditing can also be used as a deterrent.
 Many network operating systems allow the administrator to audit
most types of transactions.
 Many types of criminals have been caught because of computer-
based audits.
73
Access Rights
 Two basic questions to access right: who and how?
 Who do you give access right to? No one, group of users,
entire set of users?
 How does a user or group of users have access? Read, write,
delete, print, copy, execute?
 Most network operating systems have a powerful system for
assigning access rights. 74
Computer virus and a computer worm?
75
• Viruses are computer programs that are designed to spread themselves
from one file to another on a single computer. A virus might rapidly
infect every application file on an individual computer, or slowly infect
the documents on that computer, but it does not intentionally try to
spread itself from that computer to other computers.
• We send e-mail document attachments, trade programs on diskettes, or
copy files to file servers. When the next unsuspecting user receives the
infected file or disk, they spread the virus to their computer, and so on.
• The computer worm is a program that is designed to copy itself from one
computer to another over a network (e.g. by using e-mail). The worm
spreads itself to many computers over a network, and doesn't wait for a
human being to help. This means that computer worms spread much
more rapidly than computer viruses.
Standard System Attacks
1. Denial of service attacks, or distributed denial of service attacks, bombard
a computer site with so many messages that the site is incapable of
answering valid request.
2. e-mail bombing, a user sends an excessive amount of unwanted e-mail to
someone.
3. Smurfing is a nasty technique in which a program attacks a network by
exploiting IP broadcast addressing operations.
4. Ping storm is a condition in which the Internet Ping program is used to
send a flood of packets to a server.
5. Spoofing is when a user creates a packet making them appear as though
they came from a trusted user within the network
6. Trojan Horse is a malicious piece of code hidden inside a seemingly
harmless piece of code.
7. Stealing, guessing, and intercepting passwords is also a tried and true
form of attack
76
Cryptography
77
 Is the science and art of transforming messages to make them
secure and immune to attacks
 The original message, before being transformed, is called plaintext.
After the message is transformed, it is called ciphertext.
 An encryption algorithm transforms the plaintext into ciphertext; a
decryption algorithm transforms the ciphertext back into plaintext.
 The sender uses an encryption algorithm, and the receiver uses a
decryption algorithm.
78
 A key is a number (or a set of numbers) that the cipher, as an algorithm,
operates on.
 To encrypt a message, we need an encryption algorithm, an encryption
key, and the plaintext. These create the ciphertext.
 To decrypt a message, we need a decryption algorithm, a decryption
key, and the ciphertext. These reveal the original plaintext.
 We can divide all the cryptography algorithms (ciphers) into two groups:
symmetric-key (also called secret-key) cryptography algorithms and
asymmetric (also called public-key) cryptography algorithms.
Cryptography
Symmetric-Key Cryptography
79
• In symmetric-key cryptography, the same key is used by both
parties. The sender uses this key and an encryption algorithm
to encrypt data; the receiver uses the same key and the
corresponding decryption algorithm to decrypt the data
Asymmetric-Key Cryptography
80
 In asymmetric or public-key cryptography, there are two keys: a
private key and a public key. The private key is kept by the
receiver. The public key is announced to the public.
 In public-key encryption/decryption, the public key that is used
for encryption is different from the private key that is used for
decryption. The public key is available to the public; the private
key is available only to an individual.
Keys used in cryptography
81
SYMMETRIC-KEY CRYPTOGRAPHY
82
 Symmetric-key cryptography started thousands of years ago when
people needed to exchange secrets (for example, in a war).
 We still mainly use symmetric-key cryptography in our network security.
83
• A substitution cipher replaces one symbol with
another.
• Example:
The following shows a plaintext and its corresponding
ciphertext. Is the cipher monoalphabetic?
Solution
The cipher is probably monoalphabetic because both
occurrences of L’s are encrypted as O’s.
Example 2
84
The following shows a plaintext and its corresponding
ciphertext. Is the cipher monoalphabetic?
Solution
The cipher is not monoalphabetic because each
occurrence of L is encrypted by a different character. The
first L is encrypted as N; the second as Z.
85
• The shift cipher is sometimes referred to as the Caesar
cipher. In this cipher, the encryption algorithm is "shift key
characters down," with key equal to some number. The
decryption algorithm is "shift key characters up.“
• Example:
Use the shift cipher with key = 15 to encrypt the message
“HELLO.”
Solution
We encrypt one character at a time. Each character is shifted 15
characters down. Letter H is encrypted to W. Letter E is encrypted to
T. The first L is encrypted to A. The second L is also encrypted to A.
And O is encrypted to D. The cipher text is WTAAD.
Example 2
86
Use the shift cipher with key = 15 to decrypt the message
“WTAAD.”
Solution
We decrypt one character at a time. Each character is
shifted 15 characters up. Letter W is decrypted to H. Letter
T is decrypted to E. The first A is decrypted to L. The
second A is decrypted to L. And, finally, D is decrypted to
O. The plaintext is HELLO.
87
A transposition cipher reorders (permutes)
symbols in a block of symbols.
Example
88
Encrypt the message “HELLO MY DEAR,” using the key
shown in Figure above
Solution
We first remove the spaces in the message. We then divide
the text into blocks of four characters. We add a bogus
character Z at the end of the third block. The result is
HELL OMYD EARZ. We create a three-block ciphertext
ELHLMDOYAZER.
Data Encryption Standard (DES)
89
• One example of a complex block cipher is the Data Encryption Standard
(DES). DES was designed by IBM and adopted by the U.S. government as
the standard encryption method for nonmilitary and nonclassified use.
• The algorithm encrypts a 64-bit plaintext block using a 64-bit key
ASYMMETRIC-KEY CRYPTOGRAPHY
90
• An asymmetric-key (or public-key) cipher uses two
keys: one private and one public.
• Example: RSA (Rivest, Shamir, and Adleman )
ASYMMETRIC-KEY CRYPTOGRAPHY
• The RSA algorithm is named after those who invented it in 1978: Ron Rivest, Adi Shamir,
and Leonard Adleman.
• How it works
• The RSA algorithm ensures that the keys, in the above illustration, are as secure as possible.
The following steps highlight how it works:
• Generating the keys
– Select two large prime numbers, x and y. The prime numbers need to be large so
that they will be difficult for someone to figure out.
– Calculate n=x∗y
– Calculate the totient function; ϕ(n)=(x−1)(y−1).
– Select an integer e, such that e is co-prime (relatively prime) to ϕ(n) and
1<e<ϕ(n).
– The pair of numbers (n,e) makes up the public key.
– NB: Two integers are co-prime if the only positive integer that divides them is 1.
1/28/2023 NA/CSE 6406, CSE Program/ASTU 91
ASYMMETRIC-KEY CRYPTOGRAPHY
– Calculate d such that e.d=1 mod ϕ(n).
– d can be found using the extended euclidean algorithm. The pair (n,d)
makes up the private key.
2. Encryption
– Given a plaintext P, represented as a number, the ciphertext C is
calculated as:
– C=Pe mod n.
3. Decryption
– Using the private key (n,d), the plaintext can be found using:
– P=Cd mod n.
1/28/2023 NA/CSE 6406, CSE Program/ASTU 92
Example
93
• Bob chooses 7 and 11 as p and q and calculates
n = 7 · 11 = 77. The value of Ø = (7 − 1) (11 − 1) or 60.
• Now he chooses two keys, e and d. If he chooses e to be 13, then d is 37.
• Now imagine Alice sends the plaintext 5 to Bob. She uses the public key
13 to encrypt 5.
Bob receives the ciphertext 26 and uses the private key 37 to
decipher the ciphertext:
Plain Text: 5
C= Pe Mod n C: 513 Mod 77
Cipher text: 26
Cypher Text: 26
P= Cd Mod n P: 2637 Mod 77
Plain text: 5
In RSA, e and n are announced to the public; d and Ø are kept secret
Digital Signatures
94
• A digital signature is much like a hand signature in that it provides
proof that you are the originator of the message (Authentication);
assigns a code to a document.
• Used to bound the message originator with the exact contents of the
message through the use of key pairs. This allows for the feature of
non-repudiation (non-rejection) to be achieved - this is crucial for
electronic commerce.
• Non-repudiation is a property achieved through cryptographic
methods which prevents an individual or entity from denying having
performed a particular action related to data.
• The private key of the sender is used to compute a message digest.
Class Activity: How is conventional signature sent? How is it
verified by the receiver?
Firewalls
95
 Used to control the flow of traffic (both inflows and outflows, but
primarily inflows) between networks
 The connected networks can be internal or a combination of
internal and external networks
 A system or combination of systems that supports an access
control policy between two networks.
 A firewall can limit the types of transactions that enter a system,
as well as the types of transactions that leave a system.
 Firewalls can be programmed to stop certain types or ranges of IP
addresses, as well as certain types of TCP port numbers
(applications such as ftp, telnet, etc.)
Characteristics of Good Firewalls
96
• All traffic from inside the corporate network to outside the
network, and vice-versa, must pass through it;
• Only authorized traffic, as defined by the security policy, is
allowed to pass through it; and the system itself is immune to
penetration.
A firewall as it stops certain internet and external transactions
97
Types of Firewall
 A packet filter firewall is essentially a router that has been
programmed to filter out or allow to pass certain IP addresses or
TCP port numbers.
 A proxy server is a more advanced firewall that acts as a doorman
into a corporate network.
 Any external transaction that request something from the
corporate network must enter through the proxy server, this server
replaces the IP addresses of the packets going out by its own
address.
 Proxy servers are more advanced but make external accesses
slower.
98
Firewall Functions
99
1. Protect the system from the hackers from logging into machines
on network.
2. Provide a single access point from where security and audit can
be imposed.
3. Act as an effective tracing tool.
4. Provide an important logging and auditing function
5. Provide information about the nature of traffic and the number
of attempts made to break into it.
Security Policy Design Issues
 What is the company’s desired level of security?
 How much money is the company willing to invest in security?
 If the company is serious about restricting access through an
Internet link, what about restricting access through all other entry
ways?
 The company must have a well-designed security policy.
100
10 Tips for Computer Network Security
1. Use a good anti-virus program.
2. Make sure your virus definitions are up-to-date.
3. Run regular virus scans.
4. Update your operating system regularly.
5. Configure and use a firewall.
6. Use your Web browser’s security features.
7. Enable your router’s security features.
8. Install an anti-spyware program.
9. Use strong, varied passwords.
10. Consider a computer network security suite and policy. . 101
Project
1/28/2023 NA/CSE 6406, CSE Program/ASTU 102
1. Configure interfaces.
2. Route the communication
3. PCs should have to be communicated
Router Lab Exercise
Introduction to Routers
• A router is a special type of computer.
• It has the same basic components as a standard desktop PC.
• However, routers are designed to perform some very specific functions.
• Just as computers need operating systems to run software applications,
routers need the Internetwork Operating System software (IOS) to run
configuration files.
• These configuration files contain the instructions and parameters that control
the flow of traffic in and out of the routers.
• The many parts of a router are shown below:
Router Memory Components
• ROM - Read Only Memory – Bootstrap/POST
• FLASH Memory- IOS Images are kept here
- Erasable reprogrammable ROM
- Contents are kept on Power down or reload
• RAM - Random Access memory
- Routing Tables
- Running Configuration
- Contents are lost on reboot
• NVRAM - Start up configuration
- Configuration Register
- Contents are kept on reload
ROM
Read-Only Memory
ROM has the following characteristics and functions:
 Maintains instructions for power-on self test
(POST) diagnostics
 Stores bootstrap program and basic operating
system software
 Mini IOS
RAM
Random Access Memory, also called dynamic RAM (DRAM)
RAM has the following characteristics and functions:
 Stores routing tables
 Holds ARP cache
 Performs packet buffering (shared RAM)
 Provides temporary memory for the configuration file of
the router while the router is powered on
 Loses content when router is powered down or restarted
NVRAM
Non-Volatile RAM
NVRAM has the following characteristics and functions:
Provides storage for the startup configuration file
Retains content when router is powered down or
restarted
Configuration Register – 16 bit register which decides
boot sequence
Flash
Flash memory has the following characteristics and
functions:
 Holds the operating system image (IOS)
 Allows software to be updated without
removing and replacing chips on the processor
 Retains content when router is powered down
or restarted
 Can store multiple versions of IOS software
 Is a type of electronically erasable,
programmable ROM (EEPROM)
Interfaces
• Interfaces have the following characteristics and functions:
• Connect router to network for frame entry and exit
• Can be on the motherboard or on a separate module
• Types of interfaces:
• Ethernet
• Fast Ethernet
• Serial
• ISDN BRI
• Loopback
• Console
• Aux
Router Power-On/Bootup Sequence
– Perform power-on self test (POST).
– Load and run bootstrap code.
– Find the Cisco IOS software.
– Load the Cisco IOS software.
– Find the configuration.
– Load the configuration.
– Run the configured Cisco IOS software.
After the Post…
After the POST, the following events occur as the router initializes:
Step 1: The generic bootstrap loader in ROM executes. A bootstrap is a simple set of
instructions that tests hardware and initializes the IOS for operation.
Step 2: The IOS can be found in several places. The boot field of the configuration
register determines the location to be used in loading the IOS.
Step 3:The operating system image is loaded.
Step 4: The configuration file saved in NVRAM is loaded into main memory and
executed one line at a time. The configuration commands start routing processes,
supply addresses for interfaces, and define other operating characteristics of the
router.
Step 5: If no valid configuration file exists in NVRAM, the operating system searches
for an available TFTP server. If no TFTP server is found, the setup dialog is
initiated.
Computer/Terminal Console Connection
Router User Interface Modes
• The Cisco command-line interface (CLI) uses a hierarchical structure.
• This structure requires entry into different modes to accomplish
particular tasks.
• Each configuration mode is indicated with a distinctive prompt and
allows only commands that are appropriate for that mode.
• As a security feature the Cisco IOS software separates sessions into
two access levels, user EXEC mode and privileged EXEC mode.
• The privileged EXEC mode is also known as enable mode.
Overview of Router Modes
Router Modes
LAB – Interface Configuration
S0 S0
E0
10.0.0.1
10.0.0.2
30.0.0.2
20.0.0.1
20.0.0.2 30.0.0.1
A
S0
E0
40.0.0.2
40.0.0.1
B
S1
Syntax: ip address Address Mask
LAB – Interface Configuration(Assigning Addresses)
• An interface needs an IP Address and a Subnet Mask to be configured.
• All interfaces are “shutdown” by default. We have to make them up
– Router>
– Router>enable
– Ruter#hostname R1
– R1#config t
R1(config)#int Fa 0/0
– R1(config)#Description Connected to Host
R1(config-if)#ip address 10.0.0.1 255.0.0.0
– R1(config-if)#no shutdown
– R1(config-if)#exit
– R1(config)#interface serial 0/0/0
– R1(config-if)#ip address 20.0.0.1 255.0.0.0
R1(config-if)#no shutdown
– R1(config-if)#exit
– R1(config)#exit
– R1#
User EXEC Mode
Privileged EXEC Mode
Global Configuration Mode mode
Specific Configuration mode
ip address Address Mask
LAB – Interface Configuration(Router Two)
Router>
Router>enable
Ruter#hostname R1
R2#config t
R2(config)#int se 0/0/0
R2(config)#Description Connoted to Host
R2(config-if)#ip address 20.0.0.2 255.0.0.0
R2(config-if)#no shutdown
R2(config-if)#exit
R2(config)#interface serial 0/0/1
R2(config-if)#ip address 30.0.0.1 255.255.255.0
R2(config-if)#no shutdown
R2(config-if)#exit
R2(config)#exit
R2#
LAB – Interface Configuration(Router Two)
Router>
Router>enable
Ruter#hostname R1
R3#config t
R3(config)#int se 0/0/0
R3(config)#Description Connoted to Host
R3(config-if)#ip address 30.0.0.2 255.0.0.0
R3(config-if)#no shutdown
R3(config-if)#exit
R3(config)#interface fa 0/0
R3(config-if)#ip address 40.0.0.1 255.0.0.0
R3(config-if)#no shutdown
R3(config-if)#exit
R3(config)#exit
R3#
Privileged Mode Command
# show startup-config
# show running-config
# show version
# show flash
# show interfaces
# show interfaces s 0
# show history
# show terminal
# terminal history size 25
Are used in Privileged EXEC Mode
Password
Passwords restrict access to routers.
Passwords should always be configured for virtual terminal lines
and the console line.
Passwords are also used to control access to privileged EXEC
mode so that only authorized users may make changes to the
configuration file.
Passwords
There are five passwords for Router
Privileged Mode Password – 2
Line Console Password
Auxiliary Port Password
Telnet Password
Privileged Mode Password
Gates(config)# enable password gates
Encrypted privilege mode password
Gates(config)# enable secret gates1
Line Password
Gates(config)# line console 0
Gates(config)# password cisco
Gates(config)# login
Aux Port Password
Gates(config)# line aux 0
Gates(config)# password cisco
Gates(config)# login
Routing
• The process of transferring data from one local area network to
another
• Layer 3 devices
• Routed protocol Enables to forward packet from one router to
another – Ex – IP, IPX
• Routing protocol sends and receives routing information packets
to and from other routers – Ex -RIP, OSPF , IGRP
• Routing protocols gather and share the routing information used to
maintain and update routing tables.
• That routing information is in turn used to route a routed protocol
to its final destination
 To route, a router needs to know:
Destination addresses
Sources it can learn from
Possible routes
Best route
What is Routing?
172.16.1.0
10.120.2.0
• Routers must learn
destinations that are not
directly connected
Route Types
• Static routing - network administrator configures information about
remote networks manually.
• They are used to reduce overhead and for security.
• Dynamic routing - information is learned from other routers, and
routing protocols adjust routes automatically.
• Because of the extra administrative requirements, static routing does
not have the scalability of dynamic routing.
The different types of routing are:
Static routing
Default routing
Dynamic routing
Static Routes
Benefits
No overhead on the router CPU
No bandwidth usage between routers
 Adds security
Disadvantage
Administrator must really understand the internetwork
If a network is added to the internetwork, the
administrator has to add a route to it on all routers
Not feasible in large networks
 ip route The command used to create the static route.
 destination_network The network you’re placing in the routing table.
 mask The subnet mask being used on the network.
 next-hop_address The address of the next-hop router that will receive the packet
and forward it to the remote network. This is a router interface that’s on a directly
connected network.
 exitinterface You can use it in place of the next-hop address if you want, but it’s
got to be on a point-to-point link, such as a WAN
 administrative_distance By default, static routes have an administrative distance
of 1 (or even 0 if you use an exit interface instead of a next-hop address)
 permanent If the interface is shut down, or the router can’t communicate to the
next-hop router, the route will automatically be discarded from the routing table.
Choosing the permanent option keeps the entry in the routing table no matter
what happens.
ip route [destination_network] [mask] [next-hop_address or exitinterface]
[administrative_distance] [permanent
Static Route Configuration
R1(config)#ip route 30.0.0.0 255.0.0.0 20.0.0.2
LAB – Static Route Configuration
S0 S0
E0
10.0.0.1
10.0.0.2
30.0.0.2
20.0.0.1
20.0.0.2 30.0.0.1
A
S0
E0
40.0.0.2
40.0.0.1
B
S1
R1# config t
R1(config)#ip route 30.0.0.0 255.0.0.0 20.0.0.2
R1(config)#ip route 40.0.0.0 255.0.0.0 20.0.0.2
R2# config t
R2(config)#ip route 10.0.0.0 255.0.0.0 20.0.0.1
R2(config)#ip route 40.0.0.0 255.0.0.0 30.0.0.2
R3# config t
R3(config)#ip route 10.0.0.0 255.0.0.0 30.0.0.1
R3(config)#ip route 20.0.0.0 255.0.0.0 30.0.0.1
Verifying Static
Route Configuration
After static routes are configured it is important to verify that
they are present in the routing table and that routing is
working as expected.
The command show running-config is used to view the
active configuration in RAM to verify that the static route was
entered correctly.
The show ip route command is used to make sure that the
static route is present in the routing table.
S0 S0
E0
10.0.0.1
10.0.0.2
30.0.0.2
20.0.0.1
20.0.0.2 30.0.0.1
A
S0
E0
40.0.0.2
40.0.0.1
B
S1
R1# config t
R1(config)#no ip route 30.0.0.0 255.0.0.0 20.0.0.2
R1(config)#no ip route 40.0.0.0 255.0.0.0 20.0.0.2
R2# config t
R2(config)#no ip route 10.0.0.0 255.0.0.0 20.0.0.1
R2(config)#no ip route 40.0.0.0 255.0.0.0 30.0.0.2
R3# config t
R3(config)#no ip route 10.0.0.0 255.0.0.0 30.0.0.1
R3(config)#no ip route 20.0.0.0 255.0.0.0 30.0.0.1
Removing IP Route
Default Routes
• Can only use default routing on stub networks
• Stub networks are those with only one exit path out of
the network
• The only routers that are considered to be in a stub
network are R1 and R3
S0
S0
E0
E0
10.0.0.1
10.0.0.2 40.0.0.2
20.0.0.1
20.0.0.2
30.0.0.1
A B
S0
S1
30.0.0.2
40.0.0.1
Stub Network
ip route 0.0.0.0 0.0.0.0 172.16.2.2
Default Routes
172.16.2.1
SO
172.16.1.0
B
172.16.2.2
Network
A B
This route allows the stub network to reach all known
networks beyond router A.
10.0.0.0
Configuring Default Routes
Default routes are used to route packets with destinations that do not
match any of the other routes in the routing table.
A default route is actually a special static route that uses this format:
ip route 0.0.0.0 0.0.0.0 [next-hop-address | outgoing interface]
This is sometimes referred to as a “Quad-Zero” route.
Example using next hop address:
Router(config)#ip route 0.0.0.0 0.0.0.0 172.16.4.1
Example using the exit interface:
Router(config)#ip route 0.0.0.0 0.0.0.0 s0/0
S0
S0
E0
E0
10.0.0.1
10.0.0.2 40.0.0.2
20.0.0.1
20.0.0.2
30.0.0.1
A B
S0
S1
30.0.0.2
40.0.0.1
LAB Configuration
Default Route LAB Configuration
S0
S0
E0
E0
10.0.0.1
10.0.0.2 40.0.0.2
20.0.0.1
20.0.0.2
30.0.0.1
A B
S0
S1
30.0.0.2
40.0.0.1
R1# config t
R1(config)#ip route 0.0.0.0 0.0.0.0 20.0.0.2
R3# config t
R3(config)#ip route 0.0.0.0 0.0.0.0 30.0.0.1
R2# config t
R2(config)#ip route 10.0.0.0 255.0.0.0 20.0.0.1
R2(config)#ip route 40.0.0.0 255.0.0.0 30.0.0.2
Question & Answer
1/28/2023 141

Contenu connexe

Similaire à network.pptx

Similaire à network.pptx (20)

Sept 2017 network standards and models
Sept 2017   network standards and modelsSept 2017   network standards and models
Sept 2017 network standards and models
 
OSI Model.pdf
OSI Model.pdfOSI Model.pdf
OSI Model.pdf
 
Chapters1&2.pdf
Chapters1&2.pdfChapters1&2.pdf
Chapters1&2.pdf
 
Unit_I_Computer Networks 4.pdf
Unit_I_Computer Networks 4.pdfUnit_I_Computer Networks 4.pdf
Unit_I_Computer Networks 4.pdf
 
networking1.ppt
networking1.pptnetworking1.ppt
networking1.ppt
 
Ccna PPT
Ccna PPTCcna PPT
Ccna PPT
 
IP ADDRESSING AND SUBNETTING REPORT
IP ADDRESSING AND SUBNETTING  REPORTIP ADDRESSING AND SUBNETTING  REPORT
IP ADDRESSING AND SUBNETTING REPORT
 
Ccna day1
Ccna day1Ccna day1
Ccna day1
 
Ccna day1-130802165909-phpapp01
Ccna day1-130802165909-phpapp01Ccna day1-130802165909-phpapp01
Ccna day1-130802165909-phpapp01
 
Ccna day1
Ccna day1Ccna day1
Ccna day1
 
Ccna day 1
Ccna day 1Ccna day 1
Ccna day 1
 
Ccna day1
Ccna day1Ccna day1
Ccna day1
 
Ex 1 chapter02-communicating-network-tony_chen
Ex 1 chapter02-communicating-network-tony_chenEx 1 chapter02-communicating-network-tony_chen
Ex 1 chapter02-communicating-network-tony_chen
 
presentation_internet.pptx
presentation_internet.pptxpresentation_internet.pptx
presentation_internet.pptx
 
ITP-22 -COMPUTER NETWORK.pptx
ITP-22 -COMPUTER NETWORK.pptxITP-22 -COMPUTER NETWORK.pptx
ITP-22 -COMPUTER NETWORK.pptx
 
Networking lecture1
Networking lecture1Networking lecture1
Networking lecture1
 
9781111306366 ppt ch9
9781111306366 ppt ch99781111306366 ppt ch9
9781111306366 ppt ch9
 
Ccna day1
Ccna day1Ccna day1
Ccna day1
 
Networking concepts
Networking conceptsNetworking concepts
Networking concepts
 
PC 106 PPT-06
PC 106 PPT-06PC 106 PPT-06
PC 106 PPT-06
 

Dernier

Human-AI Co-Creation of Worked Examples for Programming Classes
Human-AI Co-Creation of Worked Examples for Programming ClassesHuman-AI Co-Creation of Worked Examples for Programming Classes
Human-AI Co-Creation of Worked Examples for Programming ClassesMohammad Hassany
 
How to Add a New Field in Existing Kanban View in Odoo 17
How to Add a New Field in Existing Kanban View in Odoo 17How to Add a New Field in Existing Kanban View in Odoo 17
How to Add a New Field in Existing Kanban View in Odoo 17Celine George
 
How to Make a Field read-only in Odoo 17
How to Make a Field read-only in Odoo 17How to Make a Field read-only in Odoo 17
How to Make a Field read-only in Odoo 17Celine George
 
Diploma in Nursing Admission Test Question Solution 2023.pdf
Diploma in Nursing Admission Test Question Solution 2023.pdfDiploma in Nursing Admission Test Question Solution 2023.pdf
Diploma in Nursing Admission Test Question Solution 2023.pdfMohonDas
 
Education and training program in the hospital APR.pptx
Education and training program in the hospital APR.pptxEducation and training program in the hospital APR.pptx
Education and training program in the hospital APR.pptxraviapr7
 
CHUYÊN ĐỀ DẠY THÊM TIẾNG ANH LỚP 11 - GLOBAL SUCCESS - NĂM HỌC 2023-2024 - HK...
CHUYÊN ĐỀ DẠY THÊM TIẾNG ANH LỚP 11 - GLOBAL SUCCESS - NĂM HỌC 2023-2024 - HK...CHUYÊN ĐỀ DẠY THÊM TIẾNG ANH LỚP 11 - GLOBAL SUCCESS - NĂM HỌC 2023-2024 - HK...
CHUYÊN ĐỀ DẠY THÊM TIẾNG ANH LỚP 11 - GLOBAL SUCCESS - NĂM HỌC 2023-2024 - HK...Nguyen Thanh Tu Collection
 
P4C x ELT = P4ELT: Its Theoretical Background (Kanazawa, 2024 March).pdf
P4C x ELT = P4ELT: Its Theoretical Background (Kanazawa, 2024 March).pdfP4C x ELT = P4ELT: Its Theoretical Background (Kanazawa, 2024 March).pdf
P4C x ELT = P4ELT: Its Theoretical Background (Kanazawa, 2024 March).pdfYu Kanazawa / Osaka University
 
How to Manage Cross-Selling in Odoo 17 Sales
How to Manage Cross-Selling in Odoo 17 SalesHow to Manage Cross-Selling in Odoo 17 Sales
How to Manage Cross-Selling in Odoo 17 SalesCeline George
 
Drug Information Services- DIC and Sources.
Drug Information Services- DIC and Sources.Drug Information Services- DIC and Sources.
Drug Information Services- DIC and Sources.raviapr7
 
HED Office Sohayok Exam Question Solution 2023.pdf
HED Office Sohayok Exam Question Solution 2023.pdfHED Office Sohayok Exam Question Solution 2023.pdf
HED Office Sohayok Exam Question Solution 2023.pdfMohonDas
 
How to Use api.constrains ( ) in Odoo 17
How to Use api.constrains ( ) in Odoo 17How to Use api.constrains ( ) in Odoo 17
How to Use api.constrains ( ) in Odoo 17Celine George
 
3.21.24 The Origins of Black Power.pptx
3.21.24  The Origins of Black Power.pptx3.21.24  The Origins of Black Power.pptx
3.21.24 The Origins of Black Power.pptxmary850239
 
Maximizing Impact_ Nonprofit Website Planning, Budgeting, and Design.pdf
Maximizing Impact_ Nonprofit Website Planning, Budgeting, and Design.pdfMaximizing Impact_ Nonprofit Website Planning, Budgeting, and Design.pdf
Maximizing Impact_ Nonprofit Website Planning, Budgeting, and Design.pdfTechSoup
 
Clinical Pharmacy Introduction to Clinical Pharmacy, Concept of clinical pptx
Clinical Pharmacy  Introduction to Clinical Pharmacy, Concept of clinical pptxClinical Pharmacy  Introduction to Clinical Pharmacy, Concept of clinical pptx
Clinical Pharmacy Introduction to Clinical Pharmacy, Concept of clinical pptxraviapr7
 
Prescribed medication order and communication skills.pptx
Prescribed medication order and communication skills.pptxPrescribed medication order and communication skills.pptx
Prescribed medication order and communication skills.pptxraviapr7
 
How to Add a many2many Relational Field in Odoo 17
How to Add a many2many Relational Field in Odoo 17How to Add a many2many Relational Field in Odoo 17
How to Add a many2many Relational Field in Odoo 17Celine George
 
Practical Research 1 Lesson 9 Scope and delimitation.pptx
Practical Research 1 Lesson 9 Scope and delimitation.pptxPractical Research 1 Lesson 9 Scope and delimitation.pptx
Practical Research 1 Lesson 9 Scope and delimitation.pptxKatherine Villaluna
 
Philosophy of Education and Educational Philosophy
Philosophy of Education  and Educational PhilosophyPhilosophy of Education  and Educational Philosophy
Philosophy of Education and Educational PhilosophyShuvankar Madhu
 

Dernier (20)

Human-AI Co-Creation of Worked Examples for Programming Classes
Human-AI Co-Creation of Worked Examples for Programming ClassesHuman-AI Co-Creation of Worked Examples for Programming Classes
Human-AI Co-Creation of Worked Examples for Programming Classes
 
How to Add a New Field in Existing Kanban View in Odoo 17
How to Add a New Field in Existing Kanban View in Odoo 17How to Add a New Field in Existing Kanban View in Odoo 17
How to Add a New Field in Existing Kanban View in Odoo 17
 
How to Make a Field read-only in Odoo 17
How to Make a Field read-only in Odoo 17How to Make a Field read-only in Odoo 17
How to Make a Field read-only in Odoo 17
 
Diploma in Nursing Admission Test Question Solution 2023.pdf
Diploma in Nursing Admission Test Question Solution 2023.pdfDiploma in Nursing Admission Test Question Solution 2023.pdf
Diploma in Nursing Admission Test Question Solution 2023.pdf
 
Education and training program in the hospital APR.pptx
Education and training program in the hospital APR.pptxEducation and training program in the hospital APR.pptx
Education and training program in the hospital APR.pptx
 
CHUYÊN ĐỀ DẠY THÊM TIẾNG ANH LỚP 11 - GLOBAL SUCCESS - NĂM HỌC 2023-2024 - HK...
CHUYÊN ĐỀ DẠY THÊM TIẾNG ANH LỚP 11 - GLOBAL SUCCESS - NĂM HỌC 2023-2024 - HK...CHUYÊN ĐỀ DẠY THÊM TIẾNG ANH LỚP 11 - GLOBAL SUCCESS - NĂM HỌC 2023-2024 - HK...
CHUYÊN ĐỀ DẠY THÊM TIẾNG ANH LỚP 11 - GLOBAL SUCCESS - NĂM HỌC 2023-2024 - HK...
 
Prelims of Kant get Marx 2.0: a general politics quiz
Prelims of Kant get Marx 2.0: a general politics quizPrelims of Kant get Marx 2.0: a general politics quiz
Prelims of Kant get Marx 2.0: a general politics quiz
 
P4C x ELT = P4ELT: Its Theoretical Background (Kanazawa, 2024 March).pdf
P4C x ELT = P4ELT: Its Theoretical Background (Kanazawa, 2024 March).pdfP4C x ELT = P4ELT: Its Theoretical Background (Kanazawa, 2024 March).pdf
P4C x ELT = P4ELT: Its Theoretical Background (Kanazawa, 2024 March).pdf
 
How to Manage Cross-Selling in Odoo 17 Sales
How to Manage Cross-Selling in Odoo 17 SalesHow to Manage Cross-Selling in Odoo 17 Sales
How to Manage Cross-Selling in Odoo 17 Sales
 
Drug Information Services- DIC and Sources.
Drug Information Services- DIC and Sources.Drug Information Services- DIC and Sources.
Drug Information Services- DIC and Sources.
 
Finals of Kant get Marx 2.0 : a general politics quiz
Finals of Kant get Marx 2.0 : a general politics quizFinals of Kant get Marx 2.0 : a general politics quiz
Finals of Kant get Marx 2.0 : a general politics quiz
 
HED Office Sohayok Exam Question Solution 2023.pdf
HED Office Sohayok Exam Question Solution 2023.pdfHED Office Sohayok Exam Question Solution 2023.pdf
HED Office Sohayok Exam Question Solution 2023.pdf
 
How to Use api.constrains ( ) in Odoo 17
How to Use api.constrains ( ) in Odoo 17How to Use api.constrains ( ) in Odoo 17
How to Use api.constrains ( ) in Odoo 17
 
3.21.24 The Origins of Black Power.pptx
3.21.24  The Origins of Black Power.pptx3.21.24  The Origins of Black Power.pptx
3.21.24 The Origins of Black Power.pptx
 
Maximizing Impact_ Nonprofit Website Planning, Budgeting, and Design.pdf
Maximizing Impact_ Nonprofit Website Planning, Budgeting, and Design.pdfMaximizing Impact_ Nonprofit Website Planning, Budgeting, and Design.pdf
Maximizing Impact_ Nonprofit Website Planning, Budgeting, and Design.pdf
 
Clinical Pharmacy Introduction to Clinical Pharmacy, Concept of clinical pptx
Clinical Pharmacy  Introduction to Clinical Pharmacy, Concept of clinical pptxClinical Pharmacy  Introduction to Clinical Pharmacy, Concept of clinical pptx
Clinical Pharmacy Introduction to Clinical Pharmacy, Concept of clinical pptx
 
Prescribed medication order and communication skills.pptx
Prescribed medication order and communication skills.pptxPrescribed medication order and communication skills.pptx
Prescribed medication order and communication skills.pptx
 
How to Add a many2many Relational Field in Odoo 17
How to Add a many2many Relational Field in Odoo 17How to Add a many2many Relational Field in Odoo 17
How to Add a many2many Relational Field in Odoo 17
 
Practical Research 1 Lesson 9 Scope and delimitation.pptx
Practical Research 1 Lesson 9 Scope and delimitation.pptxPractical Research 1 Lesson 9 Scope and delimitation.pptx
Practical Research 1 Lesson 9 Scope and delimitation.pptx
 
Philosophy of Education and Educational Philosophy
Philosophy of Education  and Educational PhilosophyPhilosophy of Education  and Educational Philosophy
Philosophy of Education and Educational Philosophy
 

network.pptx

  • 1. Data Communications and Computer Networks 1/28/2023 NA/CSE 6406, CSE Program/ASTU 1
  • 2. 2 Data Networks Sharing data through the use of floppy disks is not an efficient or cost-effective manner. Businesses needed a solution that would successfully address the following three problems: • How to avoid duplication of equipment and resources • How to communicate efficiently • How to set up and manage a network Businesses realized that networking technology could increase productivity while saving money.
  • 3. 3 Networking Devices Equipment that connects directly to a network segment is referred to as a device. These devices are broken up into two classifications.  End-user devices  Network devices End-user devices include computers, printers, scanners, and other devices that provide services directly to the user. Network devices include all the devices that connect the end- user devices together to allow them to communicate.
  • 4. 4 Network Interface Card A network interface card (NIC) is a printed circuit board that provides network communication capabilities to and from a personal computer. Also called a LAN adapter.
  • 5. 5 Hub Connects a group of Hosts We divide connecting devices into five different categories based on the layer in which they operate in a network
  • 6. 6 Switch Switches add more intelligence to data transfer management.
  • 7. 7 Router Routers are used to connect networks together Route packets of data from one network to another Cisco became the de facto standard of routers because of their high- quality router products Routers, by default, break up a broadcast domain
  • 8. 8 Found by Xerox Palo Alto Research Center (PARC) in 1975 Original designed as a 2.94 Mbps system to connect 100 computers on a 1 km cable Later, Xerox, Intel and DEC drew up a standard support 10 Mbps – Ethernet II Basis for the IEEE’s 802.3 specification Most widely used LAN technology in the world Origin of Ethernet(Network Media)
  • 9. 9 10 Mbps IEEE Standards - 10BaseT • 10BaseT  10 Mbps, baseband, over Twisted-pair cable • Running Ethernet over twisted-pair wiring as specified by IEEE 802.3 • Configure in a star pattern • Twisting the wires reduces EMI • Fiber Optic has no EMI Unshielded twisted-pair RJ-45 Plug and Socket
  • 10. 10  Unshielded Twisted Pair Cable (UTP) most popular maximum length 100 m prone to noise Category 1 Category 2 Category 3 Category 4 Category 5 Category 6 Voice transmission of traditional telephone For data up to 4 Mbps, 4 pairs full-duplex For data up to 10 Mbps, 4 pairs full-duplex For data up to 16 Mbps, 4 pairs full-duplex For data up to 100 Mbps, 4 pairs full-duplex For data up to 1000 Mbps, 4 pairs full-duplex Twisted Pair Cables
  • 11. 11  Baseband Transmission  Entire channel is used to transmit a single digital signal  Complete bandwidth of the cable is used by a single signal  The transmission distance is shorter  The electrical interference is lower  Broadband Transmission  Use analog signaling and a range of frequencies  Continuous signals flow in the form of waves  Support multiple analog transmission (channels) Modem Broadband Transmission Network Card Baseband Transmission Baseband VS Broadband
  • 18. 18 Straight-Through or Crossover Use straight-through cables for the following cabling:  Switch to router  Switch to PC or server  Hub to PC or server Use crossover cables for the following cabling:  Switch to switch  Switch to hub  Hub to hub  Router to router  PC to PC  Router to PC
  • 19. Network Architecture The Concept of Layered Architecture 1/28/2023 19 NA/CSE 6406, CSE Program/ASTU
  • 20. OSI Layers, Standards and Protocols Objectives • On completion of this topic, students will be able to • Identify elements of data communication and particularly protocols/standards • Identify, describe and understand various issues related to internetworking – Standards/models – Layered architectures packets, frames, data, addressing, – flow control, error detection/control, congestion, etc) 20 1/28/2023 NA/CSE 6406, CSE Program/ASTU
  • 21. OSI Layers, Standards and Protocols • Network Architecture is the complete framework of an organization's computer network. • The diagram of the network architecture provides a full picture of the established network with detailed view of all the resources accessible. • It includes – Hardware components used for communication, – cabling and device types, – network layout and topologies, – physical and wireless connections, – implemented areas and future plans. • In addition, the software rules and protocols also constitute to the network architecture. • This architecture is always designed by a network manager/administrator with coordination of network engineers and other design engineers. 1/28/2023 NA/CSE 6406, CSE Program/ASTU 21
  • 22. OSI Layers, Standards and Protocols • Network architectures define the standards and techniques for designing and building communication systems for computers and other devices. • In the past, vendors developed their own architectures and required that other vendors conform to this architecture if they wanted to develop compatible hardware and software. • There are proprietary network architectures such as IBM's SNA(Systems Network Architecture) • There are open architectures like the OSI(Open Systems Interconnection) model defined by the International Organization for Standardization. • The previous strategy, where the computer network is designed with the hardware as the main concern and not the software . • Network software is now highly structured. • To reduce the design complexity, most of the networks are organized as a series of layers or levels, each one build up on one below it 1/28/2023 NA/CSE 6406, CSE Program/ASTU 22
  • 23. OSI Layers, Standards and Protocols 1/28/2023 NA/CSE 6406, CSE Program/ASTU 23 • With the OSI model, networks can be broken up in to manageable components/pieces. • The OSI model provides a common language to explain components and their functionality
  • 24. OSI Layers, Standards and Protocols • Violating the protocol will make communication more difficult or impossible. – The entities comprising the corresponding layers on different machines are called peers. – In reality, no data is transferred `from layer n on one machine to layer no f an other machine. – Instead, each layer passes data and control information to the layer immediately below it, until the lowest layer is reached. Belowlayer-1 is the physical layer through which actual communication occurs. – The peer process abstraction is crucial to all network design. – Using it, the unmanageable tasks of designing the complete network can be broken in to several smaller, manageable, design problems, namely design of individual layers. 1/28/2023 NA/CSE 6406, CSE Program/ASTU 24
  • 25. OSI Layers, Standards and Protocols • A general definition: – The accepted or established code of procedure or behavior in any group, organization, or situation – The rules of correct or appropriate behavior of a group, organization, or profession • Definition in computing: – Set of rules governing the exchange or transmission of data electronically between devices/computers – How to find a computer(DNS, IP addresses) – How to send data back and forth(TCP/UDP) – How to send formatted messages for specific applications(HTTP for web) – To perform a task, the involved parties usually follow a common protocol designed for this task – A protocol is just a set of rules or conventions – Different tasks use different protocols 1/28/2023 25 NA/CSE 6406, CSE Program/ASTU
  • 26. OSI Layers, Standards and Protocols • A series of rules known as computer communication protocols specify how packet headers are formed and how packets are processed. • For example, if any network or device malfunctions, – Protocols detect the failure and automatically – Find an alternative path for packets in order to avoid the malfunction. • Protocol software also ensures that data arrives complete and intact. – If any packets are missing or damaged, protocol software on the receiving computer requests that the source resend them. • Only when the data has arrived correctly does the protocol software make it available to the receiving application program, and therefore to the user. 1/28/2023 NA/CSE 6406, CSE Program/ASTU 26
  • 27. OSI Layers, Standards and Protocols • In other words, in computer networks, communication occurs between entities in different systems. • An entity is anything capable of sending or receiving information. • However, two entities cannot simply send bit streams to each other and expect to be understood. • For communication to occur, the entities must agree on a protocol. • A protocol is a set of rules that govern data communications. • A protocol defines what is communicated, how it is communicated, and when it is communicated. • The key elements of a protocol, therefore, are syntax, semantics, and timing. – Syntax: The term syntax refers to the structure or format of the data, meaning the order in which they are presented. 27 1/28/2023 NA/CSE 6406, CSE Program/ASTU
  • 28. OSI Layers, Standards and Protocols • For example, a simple protocol might expect the first 8 bits of data to be the address of the sender, the second 8 bits to be the address of the receiver, and the rest of the stream to be the message itself. – Semantics: The word semantics refers to the meaning of each section of bits. • How is a particular pattern to be interpreted, and what action is to be taken based on that interpretation? • For example, does an address identify the route to be taken or the final destination of the message? – Timing: The term timing refers to two characteristics: when data should be sent and how fast they can be sent. • For example, if a sender produces data at 100 Mbps but the receiver can process data at only 1 Mbps, the transmission will overload the receiver and some data will be lost. 28 1/28/2023 NA/CSE 6406, CSE Program/ASTU
  • 29. OSI Layers, Standards and Protocols 1/28/2023 NA/CSE 6406, CSE Program/ASTU 29
  • 30. OSI Layers, Standards and Protocols • One OSI layer communicates with another layer to make use of the services provided by the second layer. • The services provided by adjacent layers help a given OSI layer communicate with its peer layer in other computer systems. • Three basic elements are involved in layer services: the service user, the service provider, and the service access point(SAP). • In this context, the service user is the OSI layer that requests services from an adjacent OSI layer. • The service provider is the OSI layer that provides services to service users. • OSI layer scan provide services to multiple service users. • The SAP is a conceptual location at which one OSI layer can request the services of another OSI layer. 1/28/2023 NA/CSE 6406, CSE Program/ASTU 30
  • 31. OSI Layers, Standards and Protocols • Standards are essential in creating and maintaining an open and competitive market for equipment manufacturers and in guaranteeing national and international interoperability of data and telecommunications technology and processes. • Standards provide guidelines to manufacturers, vendors, government agencies, and other service providers to ensure the kind of interconnectivity necessary in today's marketplace and in international communications. • Data communication standards fall into two categories: – de facto (meaning "by fact" or "by convention") and – de jure (meaning "by law" or "by regulation"). 31 1/28/2023 NA/CSE 6406, CSE Program/ASTU
  • 32. OSI Layers, Standards and Protocols • De facto: Standards that have not been approved by an organized body but have been adopted as standards through widespread use are de facto standards. – De facto standards are often established originally by manufacturers who seek to define the functionality of a new product or technology. • De jure: Those standards that have been legislated by an officially recognized body are de jure standards. • In computer networks, communication occurs between entities in different systems. 32 1/28/2023 NA/CSE 6406, CSE Program/ASTU
  • 33. OSI Layers, Standards and Protocols • Computer networks are created by different entities. • Standards are needed so that these heterogeneous networks can communicate with one another. • The two best-known standards(models) are the OSI model and the TCP/IP model. • The OSI (Open Systems Interconnection) model defines a seven- layer network; the Internet model defines a five-layer network. • Each layer at the sending site uses the services of the layer immediately below it. • The sender at the higher layer uses the services of the middle layer. • The middle layer uses the services of the lower layer. • The lower layer uses the services of the carrier. 33 1/28/2023 NA/CSE 6406, CSE Program/ASTU
  • 34. OSI Layers, Standards and Protocols To address the problem of networks increasing in size and in number, the International Organization for Standardization (ISO) researched many network schemes and recognized that there was a need to create a network model This would help network builders implement networks that could communicate and work together ISO therefore, released the OSI reference model in 1984. 34 • The layered model that dominated data communications and networking literature before 1990 was the Open Systems Interconnection (OSI) model. • Everyone believed that the OSI model would become the ultimate standard for data communications, but this did not happen. • The TCP/IP protocol suite became the dominant commercial architecture because it was used Why do we need the OSI Model? 1/28/2023 NA/CSE 6406, CSE Program/ASTU
  • 35. OSI Layers, Standards and Protocols Don’t Get Confused. ISO - International Organization for Standardization OSI - Open System Interconnection IOS - Internetwork Operating System To avoid confusion, some people say “International Standard Organization.” 35 1/28/2023 NA/CSE 6406, CSE Program/ASTU
  • 36. OSI Layers, Standards and Protocols 7 Application 6 Presentation 5 Session 4 Transport 3 Network 2 Data Link 1 Physical The OSI Model will be used throughout your entire networking career! 36 1/28/2023 NA/CSE 6406, CSE Program/ASTU The OSI Reference Model
  • 37. 37 OSI Layers, Standards and Protocols Transport Data-Link Physical Network Upper-Layer Data Upper-Layer Data TCP Header Data IP Header Data LLC Header 0101110101001000010 Data MAC Header Presentation Application Session Segment Packet Bits Frame PDU FCS FCS A frame check sequence (FCS) field 1/28/2023 NA/CSE 6406, CSE Program/ASTU Data Encapsulation
  • 38. 38 OSI Layers, Standards and Protocols Data Encapsulation 1/28/2023 NA/CSE 6406, CSE Program/ASTU
  • 39. 39 OSI Layers, Standards and Protocols Data Flow Through a Network 1/28/2023 NA/CSE 6406, CSE Program/ASTU
  • 40. OSI Layers, Standards and Protocols • Each Layer of OSI model is a package of protocols • Application layer – Used by network applications • Computer applications that use internet (Google, Firefox, outlook, Skype, etc) • Web browsers is a NW applications running in the PC but it does not reside in the application layer. • But it uses application layer protocols like HTTP or HTTPs to do web surfing • Not only web browsers but also all other Network applications use application layer • Other protocols in this layer useful for doing various functions such as file transfer, virtual terminal, emails, etc include 40 1/28/2023 NA/CSE 6406, CSE Program/ASTU
  • 41. OSI Layers, Standards and Protocols • FTP(For File Transfer), NFS, FMTP, DHCP, SNMP, TELNET(virtual terminals), POP3, SMTP(for email), IRC, NNTP, etc • Presentation Layer – Receives data from application letter in the form of characters and numbers – This layer converts(translates) them to machine understandable code(binary format). Eg. ASCII to EBCDIC – Perform also data compression to reduce the file size so that it will be easily transferred within less time (lossy or lossless) (specially important in real time data streaming) – To maintain the integrity of data(to protect sensitive data), encryption is done by this layer which will be decrypted at the receiver end • Secure socket Layer(SSL) protocol is used in presentation layer to decrypt and encrypt data 41 1/28/2023 NA/CSE 6406, CSE Program/ASTU
  • 42. OSI Layers, Standards and Protocols • Session Layer – Setting up and manage connections to enable sending and receiving data followed by termination of connections/session – APIs(Application Programming Interfaces) and NETBIOS(network basic input output system) is an example of APIs which allows different computer to communicate among each other • Authentication, authorization are performed by session layer • Session layer also identifies the type of data that belongs to which packet as they are placed in different positions(image, text, etc) – Generally, session layer is used to • Manage session • Authentication • Authorization 42 1/28/2023 NA/CSE 6406, CSE Program/ASTU
  • 43. OSI Layers, Standards and Protocols • Transport Layer – Controls the reliability of communication in a network through segmentation, flow control and error control – In segmentation, data received from session layer is divided into a small data called segment • Each segment contains a source and destination port number and a sequence number – Port number is useful to direct each segment to the correct application – Sequence number is useful to reassemble segment in the correct order to form correct message at the receiver – Flow control • This layer also controls the amount of data being transmitted. Eg 100mbs(server), Mobile (10Mbs). 43 1/28/2023 NA/CSE 6406, CSE Program/ASTU
  • 44. OSI Layers, Standards and Protocols – The mobile has to tell to the server to reduce up to 10 Mbs so that data could not be lost and vice versa to maintain system performance – Error control: if some data is not arriving appropriately to the destination, this layer will use automatic repeat request to retransmit the lost data . • A group of fields called checksum is added to each segment by the transport layer to find out receive their appropriate segment • Protocols in transport layer – TCP – UDP – Perform two types of services • Connection oriented transmission( done by TCP) which follows the same route (pre defined path) even though there is traffic (for the entire connection) – Session is established and when finished it will be closed. 44 1/28/2023 NA/CSE 6406, CSE Program/ASTU
  • 45. OSI Layers, Standards and Protocols • Transport Layer • Provides feedback so that the lost data can be retransmitted. • Used where we have matter to get all the data delivery is must. Eg. www, email, ftp, etc – Connectionless transmission( done by UDP)- this is the reverse of the above(changes the route)-no session is established so there will be an option to change the route. • This is faster than TCP. • It does not give feed back about the delivery. • Used where it does not matter whether we have received all the data(for example online streaming movies, audio, games, voice over IP)-TFTP, DNS • Involves in segmentation, flow control, error control, connection and connectionless transmission • Passes data segment to the network layer 45 1/28/2023 NA/CSE 6406, CSE Program/ASTU
  • 46. OSI Layers, Standards and Protocols • Network layer – Works for the transmission of the received data segment from one computer to other computer located in different network – Data units in the NW layer are called packet – It is where routers reside(i.e. router is a device working on a network layer) – Here there are two protocols working • Routed Protocols(IPV4, IPV6, IPX, Apple) • Routing protocols(RIP, IGRP, OSPF, EIGRP) – Functions • Logical addressing(IP1, IP2) • Routing(method of moving data from source to destination(IP4 or IPV6 and mask for routing will be decided) • Path determination(choosing the best possible path for better delivery)- it uses these OSPF, BGP, IS-IS for this 46 1/28/2023 NA/CSE 6406, CSE Program/ASTU
  • 47. OSI Layers, Standards and Protocols • Data Link Layer – In data link layer, a packet is encapsulated into a frame – This layer prepares network layer packets for the transport across by a local media by encapsulating within the header and trailer to create its typical data unit called PDU(the data link layer PDU) is called frame – Relieves the upper layers from the responsibilities of preparing data into the network and receiving data from the network • Data link layer is divided into two sub layers – Logical link control • Concerned with multiplexing protocols transmitted over the MAC layer (when transmitting) and demultiplexing them(when receiving) • It talks about WAN protocols – PPP(point to point protocol), HDLC(High data link control), frame relay 47 1/28/2023 NA/CSE 6406, CSE Program/ASTU
  • 48. OSI Layers, Standards and Protocols • Data Link Layer – Two types of addressing – Data packet contains IP address of the receiver and the sender – Logical Addressing: done at NW layer – Physical Addressing: is done at data link layer(MAC address of a sender and a receiver is added to each packet received from network layer to form a frame (MAC1 MAC2 (IP1 IP2, Segment, Trail))frame – MAC:12 digit alphanumeric embedded in NIC of a computer by manufacturers • Data Packet(IP1 IP2, Segment, Trail): Network layer • A media access method/control(MAC) refers to the manner in which a computer gains and controls access to the network’s physical medium (e.g., cable). 48 1/28/2023 NA/CSE 6406, CSE Program/ASTU
  • 49. OSI Layers, Standards and Protocols • Data Link Layer – Controls how data is placed and received from the media(called media access control and may be collision(CSMA/CD by data link layer) as well as error correction (frames also include data(binary data(bits) for error detection and correction)) • Common media access methods include the following: – CSMA/CD – CSMA/CA – Token Passing • One of the primary concerns with media access is how to prevent packets from colliding when two or more computers try to transmit simultaneously. 49 1/28/2023 NA/CSE 6406, CSE Program/ASTU
  • 50. OSI Layers, Standards and Protocols Data Link Layer – Each of the methods listed above takes a different approach to this problem. – Data transmitted over a network is sent one bit at a time. – A bit is either a 1 or a 0 represented by a voltage change (on or off) or a light pulse. – If two stations are transmitting at the same time, it is possible that the signals may overlap, resulting in garbled data. – Such overlapping is referred to as a "collision." – CSMA/CD • Stands for Carrier-Sense Multiple Access with Collision Detection. • It is a media access method which means it defines how the network places data on the cable and how it takes it off. • CSMA/CD specifies how bus topologies such as Ethernet handle transmission collisions. 50 1/28/2023 NA/CSE 6406, CSE Program/ASTU
  • 51. • Data Link Layer – CSMA/CD • A collision occurs when two or more computers transmit signals at the same time. – "Carrier Sense" means that each station on the LAN continually listens to (tests) the cable for the presence of a signal prior to transmitting. – "Multiple Access" means that there are many computers attempting to transmit and compete for the opportunity to send data (i.e., they are in contention). – "Collision Detection" means that when a collision is detected, the stations will stop transmitting and wait a random length of time before retransmitting. 51 1/28/2023 NA/CSE 6406, CSE Program/ASTU OSI Layers, Standards and Protocols
  • 52. OSI Layers, Standards and Protocols • Data Link Layer – CSMA/CD – CSMA/CD works best in an environment where relatively fewer, longer data frames are transmitted. • This is in contrast to token passing which works best with a relatively large amount of short data frames. • CSMA/CD is used on Ethernet networks. • Because CSMA/CD works to control or manage collisions rather than prevent them, network performance can be degraded with heavy traffic. • The greater the traffic, the greater the number of collisions and retransmissions. 52 1/28/2023 NA/CSE 6406, CSE Program/ASTU
  • 53. OSI Layers, Standards and Protocols • Data Link layer – CSMA/CD Operation • In its most simple form it operates as follows: – A station that wishes to transmit on the network checks to see if the cable is free. – If the cable is free, the station starts transmitting. – However, another station may have detected a free cable at the same instant and also start transmitting. The result is a "collision." – Once the collision is detected, all stations immediately stop transmitting. – Stations then wait a random length of time before checking the cable and then retransmit 53 1/28/2023 NA/CSE 6406, CSE Program/ASTU
  • 54. • Data Link Layer – CSMA/CA • Stands for Carrier-Sense Multiple Access with Collision Avoidance and is a media access method very similar to CSMA/CD. • The difference is that the CD (collision detection) is changed to CA (collision avoidance). • Instead of detecting and reacting to collisions, CSMA/CA tries to avoid them by having each computer signal its intention to transmit before actually transmitting. • In effect, the transmitting computer gives a 'heads up' prior to transmitting. • Although CSMA/CA can prevent collisions, it comes with a cost in the form of the additional overhead incurred by having each workstation broadcast it's intention prior to transmitting. • Thus, CSMA/CA is slower than CSMA/CD. • CSMA/CA is used on Apple networks and on WiFi (IEEE 802.11) networks. 54 1/28/2023 NA/CSE 6406, CSE Program/ASTU OSI Layers, Standards and Protocols
  • 55. OSI Layers, Standards and Protocols • Physical Layer devices, physical layer roles/services – Devices of this layer • Hubs, Cables, Repeaters, Modems(External Vs Internal) – We get bits(0’s and 1’s) in this layer. – Physical layer convert this sequence of bits(frame data) from the data link layer into signals)-light signals(fiber optics), electronic signal(Coaxial, UTP), radio signal(air) which will be converted to bits and then to frame, then to packet etc in the destination computer – In the receiving end-the bits from physical layer are converted to bits and then to frame in data link layer – Radio signal(Air), fiber optics, copper wire – Allows upper layers place data (access media) through framing (media access control) 55 1/28/2023 NA/CSE 6406, CSE Program/ASTU
  • 56. 56 1/28/2023 NA/CSE 6406, CSE Program/ASTU OSI Layers, Standards and Protocols
  • 57. OSI Layers, Standards and Protocols 57 1/28/2023 NA/CSE 6406, CSE Program/ASTU
  • 58. OSI Layers, Standards and Protocols TCP/IP PROTOCOL SUITE • The TCPIIP protocol suite was developed prior to the OSI model. • Therefore, the layers in the TCP/IP protocol suite do not exactly match those in the OSI model. • The original TCP/IP protocol suite was defined as having four layers: host- to-network, internet, transport, and application. • However, when TCP/IP is compared to OSI, we can say that the host-to- network layer is equivalent to the combination of the physical and data link layers. • The internet layer is equivalent to the network layer, and the application layer is roughly doing the job of the session, presentation, and application layers with the transport layer in TCP/IP taking care of part of the duties of the session layer. • So in this book, we assume that the TCPIIP protocol suite is made of five layers: physical, data link, network, transport, and application. 58 1/28/2023 NA/CSE 6406, CSE Program/ASTU
  • 59. OSI Layers, Standards and Protocols • TCP/IP PROTOCOL SUITE – The first four layers provide physical standards, network interfaces, internetworking, and transport functions that correspond to the first four layers of the OSI model. – The three topmost layers in the OSI model, however, are represented in TCPIIP by a single layer called the application layer (see the figure on the next slide). – At the transport layer, TCP/IP defines three protocols: Transmission Control Protocol (TCP), User Datagram Protocol (UDP), and Stream Control Transmission Protocol (SCTP). – At the network layer, the main protocol defined by TCP/IP is the Internetworking Protocol (IP) 59 1/28/2023 NA/CSE 6406, CSE Program/ASTU
  • 60. OSI Layers, Standards and Protocols 60 TCP/IP Layers 1/28/2023 NA/CSE 6406, CSE Program/ASTU
  • 61. 61 OSI Layers, Standards and Protocols *Used by the Router Application Transport Internet Data-Link Physical File Transfer - TFTP* - FTP* - NFS E-Mail - SMTP Remote Login - Telnet* - rlogin* Network Management - SNMP* Name Management - DNS* 1/28/2023 NA/CSE 6406, CSE Program/ASTU TCP/IP Application Layer Overview
  • 62. 62 OSI Layers, Standards and Protocols Transmission Control Protocol (TCP) User Datagram Protocol (UDP) Application Transport Internet Data-Link Physical Connection- Oriented Connectionless 1/28/2023 NA/CSE 6406, CSE Program/ASTU TCP/IP Transport Layer Overview
  • 63. 63 OSI Layers, Standards and Protocols Source Port (16) Destination Port (16) Sequence Number (32) Header Length (4) Acknowledgment Number (32) Reserved (6) Code Bits (6) Window (16) Checksum (16) Urgent (16) Options (0 or 32 if Any) Data (Varies) 20 Bytes Bit 0 Bit 15 Bit 16 Bit 31 1/28/2023 NA/CSE 6406, CSE Program/ASTU TCP/IP Segment Format
  • 64. Computer Network Security Basics Data Communication and Computer Networks
  • 65. What is network security? 65  While computer systems today have some of the best security systems ever, they are more vulnerable than ever before.  This vulnerability stems from the world-wide access to computer systems via the Internet.  Network security is preventing attackers from achieving objectives through unauthorized access or unauthorized use of computers and networks.
  • 66. Basic Security Measures  The basic security measures for computer systems fall into the following categories: 1. External security 2. Operational security 3. Surveillance 4. Passwords/authentication 5. Auditing 6. Access rights 7. Standard System attacks 8. Viruses/worms and antivirus tools 9. Firewalls 10. Encryption and Decryption Techniques 11. Digital Signature 12. Security Policy 66
  • 67. External Security  Protection from environmental damage such as floods, earthquakes, and heat.  Physical security such as locking rooms, locking down computers, keyboards, and other devices.  Electrical protection from power surges.  Noise protection from placing computers away from devices that generate electromagnetic interference. 67
  • 68. Operational Security 1. Deciding who has access to what. 2. Limiting time of day access. 3. Limiting day of week access. 4. Limiting access from a location, such as not allowing a user to use a remote login during certain periods or any time. 68
  • 69. Surveillance  Proper placement of security cameras can deter theft and vandalism.  Cameras can also provide a record of activities.  Intrusion detection is a field of study in which specialists try to prevent intrusion and try to determine if a computer system has been violated. 69
  • 70. Passwords and ID Systems  Passwords are the most common form of security and the most abused.  Simple rules help support safe passwords, including: 1. Change your password often. 2. Pick a good, random password (minimum 8 characters, mixed symbols). 3. Don’t share passwords or write them down. 4. Don’t select names and familiar objects as passwords. 70
  • 71. Authentication 71  Authentication is the process of reliably verifying the identity of someone (or something) by means of:  A secret (password [one-time], ...)  An object (smart card, ...)  Physical characteristics (fingerprint, retina, ...)  Trust
  • 72. Passwords and ID Systems - Authentication? Many new forms of “passwords” are emerging:  Fingerprints  Face prints  Retina scans and iris scans  Voice prints  Ear prints  Nose recognition 72
  • 73. Auditing  Creating a computer or paper audit can help detect wrongdoing.  Auditing can also be used as a deterrent.  Many network operating systems allow the administrator to audit most types of transactions.  Many types of criminals have been caught because of computer- based audits. 73
  • 74. Access Rights  Two basic questions to access right: who and how?  Who do you give access right to? No one, group of users, entire set of users?  How does a user or group of users have access? Read, write, delete, print, copy, execute?  Most network operating systems have a powerful system for assigning access rights. 74
  • 75. Computer virus and a computer worm? 75 • Viruses are computer programs that are designed to spread themselves from one file to another on a single computer. A virus might rapidly infect every application file on an individual computer, or slowly infect the documents on that computer, but it does not intentionally try to spread itself from that computer to other computers. • We send e-mail document attachments, trade programs on diskettes, or copy files to file servers. When the next unsuspecting user receives the infected file or disk, they spread the virus to their computer, and so on. • The computer worm is a program that is designed to copy itself from one computer to another over a network (e.g. by using e-mail). The worm spreads itself to many computers over a network, and doesn't wait for a human being to help. This means that computer worms spread much more rapidly than computer viruses.
  • 76. Standard System Attacks 1. Denial of service attacks, or distributed denial of service attacks, bombard a computer site with so many messages that the site is incapable of answering valid request. 2. e-mail bombing, a user sends an excessive amount of unwanted e-mail to someone. 3. Smurfing is a nasty technique in which a program attacks a network by exploiting IP broadcast addressing operations. 4. Ping storm is a condition in which the Internet Ping program is used to send a flood of packets to a server. 5. Spoofing is when a user creates a packet making them appear as though they came from a trusted user within the network 6. Trojan Horse is a malicious piece of code hidden inside a seemingly harmless piece of code. 7. Stealing, guessing, and intercepting passwords is also a tried and true form of attack 76
  • 77. Cryptography 77  Is the science and art of transforming messages to make them secure and immune to attacks  The original message, before being transformed, is called plaintext. After the message is transformed, it is called ciphertext.  An encryption algorithm transforms the plaintext into ciphertext; a decryption algorithm transforms the ciphertext back into plaintext.  The sender uses an encryption algorithm, and the receiver uses a decryption algorithm.
  • 78. 78  A key is a number (or a set of numbers) that the cipher, as an algorithm, operates on.  To encrypt a message, we need an encryption algorithm, an encryption key, and the plaintext. These create the ciphertext.  To decrypt a message, we need a decryption algorithm, a decryption key, and the ciphertext. These reveal the original plaintext.  We can divide all the cryptography algorithms (ciphers) into two groups: symmetric-key (also called secret-key) cryptography algorithms and asymmetric (also called public-key) cryptography algorithms. Cryptography
  • 79. Symmetric-Key Cryptography 79 • In symmetric-key cryptography, the same key is used by both parties. The sender uses this key and an encryption algorithm to encrypt data; the receiver uses the same key and the corresponding decryption algorithm to decrypt the data
  • 80. Asymmetric-Key Cryptography 80  In asymmetric or public-key cryptography, there are two keys: a private key and a public key. The private key is kept by the receiver. The public key is announced to the public.  In public-key encryption/decryption, the public key that is used for encryption is different from the private key that is used for decryption. The public key is available to the public; the private key is available only to an individual.
  • 81. Keys used in cryptography 81
  • 82. SYMMETRIC-KEY CRYPTOGRAPHY 82  Symmetric-key cryptography started thousands of years ago when people needed to exchange secrets (for example, in a war).  We still mainly use symmetric-key cryptography in our network security.
  • 83. 83 • A substitution cipher replaces one symbol with another. • Example: The following shows a plaintext and its corresponding ciphertext. Is the cipher monoalphabetic? Solution The cipher is probably monoalphabetic because both occurrences of L’s are encrypted as O’s.
  • 84. Example 2 84 The following shows a plaintext and its corresponding ciphertext. Is the cipher monoalphabetic? Solution The cipher is not monoalphabetic because each occurrence of L is encrypted by a different character. The first L is encrypted as N; the second as Z.
  • 85. 85 • The shift cipher is sometimes referred to as the Caesar cipher. In this cipher, the encryption algorithm is "shift key characters down," with key equal to some number. The decryption algorithm is "shift key characters up.“ • Example: Use the shift cipher with key = 15 to encrypt the message “HELLO.” Solution We encrypt one character at a time. Each character is shifted 15 characters down. Letter H is encrypted to W. Letter E is encrypted to T. The first L is encrypted to A. The second L is also encrypted to A. And O is encrypted to D. The cipher text is WTAAD.
  • 86. Example 2 86 Use the shift cipher with key = 15 to decrypt the message “WTAAD.” Solution We decrypt one character at a time. Each character is shifted 15 characters up. Letter W is decrypted to H. Letter T is decrypted to E. The first A is decrypted to L. The second A is decrypted to L. And, finally, D is decrypted to O. The plaintext is HELLO.
  • 87. 87 A transposition cipher reorders (permutes) symbols in a block of symbols.
  • 88. Example 88 Encrypt the message “HELLO MY DEAR,” using the key shown in Figure above Solution We first remove the spaces in the message. We then divide the text into blocks of four characters. We add a bogus character Z at the end of the third block. The result is HELL OMYD EARZ. We create a three-block ciphertext ELHLMDOYAZER.
  • 89. Data Encryption Standard (DES) 89 • One example of a complex block cipher is the Data Encryption Standard (DES). DES was designed by IBM and adopted by the U.S. government as the standard encryption method for nonmilitary and nonclassified use. • The algorithm encrypts a 64-bit plaintext block using a 64-bit key
  • 90. ASYMMETRIC-KEY CRYPTOGRAPHY 90 • An asymmetric-key (or public-key) cipher uses two keys: one private and one public. • Example: RSA (Rivest, Shamir, and Adleman )
  • 91. ASYMMETRIC-KEY CRYPTOGRAPHY • The RSA algorithm is named after those who invented it in 1978: Ron Rivest, Adi Shamir, and Leonard Adleman. • How it works • The RSA algorithm ensures that the keys, in the above illustration, are as secure as possible. The following steps highlight how it works: • Generating the keys – Select two large prime numbers, x and y. The prime numbers need to be large so that they will be difficult for someone to figure out. – Calculate n=x∗y – Calculate the totient function; ϕ(n)=(x−1)(y−1). – Select an integer e, such that e is co-prime (relatively prime) to ϕ(n) and 1<e<ϕ(n). – The pair of numbers (n,e) makes up the public key. – NB: Two integers are co-prime if the only positive integer that divides them is 1. 1/28/2023 NA/CSE 6406, CSE Program/ASTU 91
  • 92. ASYMMETRIC-KEY CRYPTOGRAPHY – Calculate d such that e.d=1 mod ϕ(n). – d can be found using the extended euclidean algorithm. The pair (n,d) makes up the private key. 2. Encryption – Given a plaintext P, represented as a number, the ciphertext C is calculated as: – C=Pe mod n. 3. Decryption – Using the private key (n,d), the plaintext can be found using: – P=Cd mod n. 1/28/2023 NA/CSE 6406, CSE Program/ASTU 92
  • 93. Example 93 • Bob chooses 7 and 11 as p and q and calculates n = 7 · 11 = 77. The value of Ø = (7 − 1) (11 − 1) or 60. • Now he chooses two keys, e and d. If he chooses e to be 13, then d is 37. • Now imagine Alice sends the plaintext 5 to Bob. She uses the public key 13 to encrypt 5. Bob receives the ciphertext 26 and uses the private key 37 to decipher the ciphertext: Plain Text: 5 C= Pe Mod n C: 513 Mod 77 Cipher text: 26 Cypher Text: 26 P= Cd Mod n P: 2637 Mod 77 Plain text: 5 In RSA, e and n are announced to the public; d and Ø are kept secret
  • 94. Digital Signatures 94 • A digital signature is much like a hand signature in that it provides proof that you are the originator of the message (Authentication); assigns a code to a document. • Used to bound the message originator with the exact contents of the message through the use of key pairs. This allows for the feature of non-repudiation (non-rejection) to be achieved - this is crucial for electronic commerce. • Non-repudiation is a property achieved through cryptographic methods which prevents an individual or entity from denying having performed a particular action related to data. • The private key of the sender is used to compute a message digest. Class Activity: How is conventional signature sent? How is it verified by the receiver?
  • 95. Firewalls 95  Used to control the flow of traffic (both inflows and outflows, but primarily inflows) between networks  The connected networks can be internal or a combination of internal and external networks  A system or combination of systems that supports an access control policy between two networks.  A firewall can limit the types of transactions that enter a system, as well as the types of transactions that leave a system.  Firewalls can be programmed to stop certain types or ranges of IP addresses, as well as certain types of TCP port numbers (applications such as ftp, telnet, etc.)
  • 96. Characteristics of Good Firewalls 96 • All traffic from inside the corporate network to outside the network, and vice-versa, must pass through it; • Only authorized traffic, as defined by the security policy, is allowed to pass through it; and the system itself is immune to penetration.
  • 97. A firewall as it stops certain internet and external transactions 97
  • 98. Types of Firewall  A packet filter firewall is essentially a router that has been programmed to filter out or allow to pass certain IP addresses or TCP port numbers.  A proxy server is a more advanced firewall that acts as a doorman into a corporate network.  Any external transaction that request something from the corporate network must enter through the proxy server, this server replaces the IP addresses of the packets going out by its own address.  Proxy servers are more advanced but make external accesses slower. 98
  • 99. Firewall Functions 99 1. Protect the system from the hackers from logging into machines on network. 2. Provide a single access point from where security and audit can be imposed. 3. Act as an effective tracing tool. 4. Provide an important logging and auditing function 5. Provide information about the nature of traffic and the number of attempts made to break into it.
  • 100. Security Policy Design Issues  What is the company’s desired level of security?  How much money is the company willing to invest in security?  If the company is serious about restricting access through an Internet link, what about restricting access through all other entry ways?  The company must have a well-designed security policy. 100
  • 101. 10 Tips for Computer Network Security 1. Use a good anti-virus program. 2. Make sure your virus definitions are up-to-date. 3. Run regular virus scans. 4. Update your operating system regularly. 5. Configure and use a firewall. 6. Use your Web browser’s security features. 7. Enable your router’s security features. 8. Install an anti-spyware program. 9. Use strong, varied passwords. 10. Consider a computer network security suite and policy. . 101
  • 102. Project 1/28/2023 NA/CSE 6406, CSE Program/ASTU 102 1. Configure interfaces. 2. Route the communication 3. PCs should have to be communicated
  • 104. Introduction to Routers • A router is a special type of computer. • It has the same basic components as a standard desktop PC. • However, routers are designed to perform some very specific functions. • Just as computers need operating systems to run software applications, routers need the Internetwork Operating System software (IOS) to run configuration files. • These configuration files contain the instructions and parameters that control the flow of traffic in and out of the routers. • The many parts of a router are shown below:
  • 105. Router Memory Components • ROM - Read Only Memory – Bootstrap/POST • FLASH Memory- IOS Images are kept here - Erasable reprogrammable ROM - Contents are kept on Power down or reload • RAM - Random Access memory - Routing Tables - Running Configuration - Contents are lost on reboot • NVRAM - Start up configuration - Configuration Register - Contents are kept on reload
  • 106. ROM Read-Only Memory ROM has the following characteristics and functions:  Maintains instructions for power-on self test (POST) diagnostics  Stores bootstrap program and basic operating system software  Mini IOS
  • 107. RAM Random Access Memory, also called dynamic RAM (DRAM) RAM has the following characteristics and functions:  Stores routing tables  Holds ARP cache  Performs packet buffering (shared RAM)  Provides temporary memory for the configuration file of the router while the router is powered on  Loses content when router is powered down or restarted
  • 108. NVRAM Non-Volatile RAM NVRAM has the following characteristics and functions: Provides storage for the startup configuration file Retains content when router is powered down or restarted Configuration Register – 16 bit register which decides boot sequence
  • 109. Flash Flash memory has the following characteristics and functions:  Holds the operating system image (IOS)  Allows software to be updated without removing and replacing chips on the processor  Retains content when router is powered down or restarted  Can store multiple versions of IOS software  Is a type of electronically erasable, programmable ROM (EEPROM)
  • 110. Interfaces • Interfaces have the following characteristics and functions: • Connect router to network for frame entry and exit • Can be on the motherboard or on a separate module • Types of interfaces: • Ethernet • Fast Ethernet • Serial • ISDN BRI • Loopback • Console • Aux
  • 111. Router Power-On/Bootup Sequence – Perform power-on self test (POST). – Load and run bootstrap code. – Find the Cisco IOS software. – Load the Cisco IOS software. – Find the configuration. – Load the configuration. – Run the configured Cisco IOS software.
  • 112. After the Post… After the POST, the following events occur as the router initializes: Step 1: The generic bootstrap loader in ROM executes. A bootstrap is a simple set of instructions that tests hardware and initializes the IOS for operation. Step 2: The IOS can be found in several places. The boot field of the configuration register determines the location to be used in loading the IOS. Step 3:The operating system image is loaded. Step 4: The configuration file saved in NVRAM is loaded into main memory and executed one line at a time. The configuration commands start routing processes, supply addresses for interfaces, and define other operating characteristics of the router. Step 5: If no valid configuration file exists in NVRAM, the operating system searches for an available TFTP server. If no TFTP server is found, the setup dialog is initiated.
  • 114. Router User Interface Modes • The Cisco command-line interface (CLI) uses a hierarchical structure. • This structure requires entry into different modes to accomplish particular tasks. • Each configuration mode is indicated with a distinctive prompt and allows only commands that are appropriate for that mode. • As a security feature the Cisco IOS software separates sessions into two access levels, user EXEC mode and privileged EXEC mode. • The privileged EXEC mode is also known as enable mode.
  • 117. LAB – Interface Configuration S0 S0 E0 10.0.0.1 10.0.0.2 30.0.0.2 20.0.0.1 20.0.0.2 30.0.0.1 A S0 E0 40.0.0.2 40.0.0.1 B S1 Syntax: ip address Address Mask
  • 118. LAB – Interface Configuration(Assigning Addresses) • An interface needs an IP Address and a Subnet Mask to be configured. • All interfaces are “shutdown” by default. We have to make them up – Router> – Router>enable – Ruter#hostname R1 – R1#config t R1(config)#int Fa 0/0 – R1(config)#Description Connected to Host R1(config-if)#ip address 10.0.0.1 255.0.0.0 – R1(config-if)#no shutdown – R1(config-if)#exit – R1(config)#interface serial 0/0/0 – R1(config-if)#ip address 20.0.0.1 255.0.0.0 R1(config-if)#no shutdown – R1(config-if)#exit – R1(config)#exit – R1# User EXEC Mode Privileged EXEC Mode Global Configuration Mode mode Specific Configuration mode ip address Address Mask
  • 119. LAB – Interface Configuration(Router Two) Router> Router>enable Ruter#hostname R1 R2#config t R2(config)#int se 0/0/0 R2(config)#Description Connoted to Host R2(config-if)#ip address 20.0.0.2 255.0.0.0 R2(config-if)#no shutdown R2(config-if)#exit R2(config)#interface serial 0/0/1 R2(config-if)#ip address 30.0.0.1 255.255.255.0 R2(config-if)#no shutdown R2(config-if)#exit R2(config)#exit R2#
  • 120. LAB – Interface Configuration(Router Two) Router> Router>enable Ruter#hostname R1 R3#config t R3(config)#int se 0/0/0 R3(config)#Description Connoted to Host R3(config-if)#ip address 30.0.0.2 255.0.0.0 R3(config-if)#no shutdown R3(config-if)#exit R3(config)#interface fa 0/0 R3(config-if)#ip address 40.0.0.1 255.0.0.0 R3(config-if)#no shutdown R3(config-if)#exit R3(config)#exit R3#
  • 121. Privileged Mode Command # show startup-config # show running-config # show version # show flash # show interfaces # show interfaces s 0 # show history # show terminal # terminal history size 25 Are used in Privileged EXEC Mode
  • 122. Password Passwords restrict access to routers. Passwords should always be configured for virtual terminal lines and the console line. Passwords are also used to control access to privileged EXEC mode so that only authorized users may make changes to the configuration file.
  • 123. Passwords There are five passwords for Router Privileged Mode Password – 2 Line Console Password Auxiliary Port Password Telnet Password
  • 124. Privileged Mode Password Gates(config)# enable password gates Encrypted privilege mode password Gates(config)# enable secret gates1
  • 125. Line Password Gates(config)# line console 0 Gates(config)# password cisco Gates(config)# login
  • 126. Aux Port Password Gates(config)# line aux 0 Gates(config)# password cisco Gates(config)# login
  • 127. Routing • The process of transferring data from one local area network to another • Layer 3 devices • Routed protocol Enables to forward packet from one router to another – Ex – IP, IPX • Routing protocol sends and receives routing information packets to and from other routers – Ex -RIP, OSPF , IGRP • Routing protocols gather and share the routing information used to maintain and update routing tables. • That routing information is in turn used to route a routed protocol to its final destination
  • 128.  To route, a router needs to know: Destination addresses Sources it can learn from Possible routes Best route What is Routing? 172.16.1.0 10.120.2.0 • Routers must learn destinations that are not directly connected
  • 129. Route Types • Static routing - network administrator configures information about remote networks manually. • They are used to reduce overhead and for security. • Dynamic routing - information is learned from other routers, and routing protocols adjust routes automatically. • Because of the extra administrative requirements, static routing does not have the scalability of dynamic routing. The different types of routing are: Static routing Default routing Dynamic routing
  • 130. Static Routes Benefits No overhead on the router CPU No bandwidth usage between routers  Adds security Disadvantage Administrator must really understand the internetwork If a network is added to the internetwork, the administrator has to add a route to it on all routers Not feasible in large networks
  • 131.  ip route The command used to create the static route.  destination_network The network you’re placing in the routing table.  mask The subnet mask being used on the network.  next-hop_address The address of the next-hop router that will receive the packet and forward it to the remote network. This is a router interface that’s on a directly connected network.  exitinterface You can use it in place of the next-hop address if you want, but it’s got to be on a point-to-point link, such as a WAN  administrative_distance By default, static routes have an administrative distance of 1 (or even 0 if you use an exit interface instead of a next-hop address)  permanent If the interface is shut down, or the router can’t communicate to the next-hop router, the route will automatically be discarded from the routing table. Choosing the permanent option keeps the entry in the routing table no matter what happens. ip route [destination_network] [mask] [next-hop_address or exitinterface] [administrative_distance] [permanent Static Route Configuration R1(config)#ip route 30.0.0.0 255.0.0.0 20.0.0.2
  • 132. LAB – Static Route Configuration S0 S0 E0 10.0.0.1 10.0.0.2 30.0.0.2 20.0.0.1 20.0.0.2 30.0.0.1 A S0 E0 40.0.0.2 40.0.0.1 B S1 R1# config t R1(config)#ip route 30.0.0.0 255.0.0.0 20.0.0.2 R1(config)#ip route 40.0.0.0 255.0.0.0 20.0.0.2 R2# config t R2(config)#ip route 10.0.0.0 255.0.0.0 20.0.0.1 R2(config)#ip route 40.0.0.0 255.0.0.0 30.0.0.2 R3# config t R3(config)#ip route 10.0.0.0 255.0.0.0 30.0.0.1 R3(config)#ip route 20.0.0.0 255.0.0.0 30.0.0.1
  • 133. Verifying Static Route Configuration After static routes are configured it is important to verify that they are present in the routing table and that routing is working as expected. The command show running-config is used to view the active configuration in RAM to verify that the static route was entered correctly. The show ip route command is used to make sure that the static route is present in the routing table.
  • 134. S0 S0 E0 10.0.0.1 10.0.0.2 30.0.0.2 20.0.0.1 20.0.0.2 30.0.0.1 A S0 E0 40.0.0.2 40.0.0.1 B S1 R1# config t R1(config)#no ip route 30.0.0.0 255.0.0.0 20.0.0.2 R1(config)#no ip route 40.0.0.0 255.0.0.0 20.0.0.2 R2# config t R2(config)#no ip route 10.0.0.0 255.0.0.0 20.0.0.1 R2(config)#no ip route 40.0.0.0 255.0.0.0 30.0.0.2 R3# config t R3(config)#no ip route 10.0.0.0 255.0.0.0 30.0.0.1 R3(config)#no ip route 20.0.0.0 255.0.0.0 30.0.0.1 Removing IP Route
  • 135. Default Routes • Can only use default routing on stub networks • Stub networks are those with only one exit path out of the network • The only routers that are considered to be in a stub network are R1 and R3 S0 S0 E0 E0 10.0.0.1 10.0.0.2 40.0.0.2 20.0.0.1 20.0.0.2 30.0.0.1 A B S0 S1 30.0.0.2 40.0.0.1
  • 136. Stub Network ip route 0.0.0.0 0.0.0.0 172.16.2.2 Default Routes 172.16.2.1 SO 172.16.1.0 B 172.16.2.2 Network A B This route allows the stub network to reach all known networks beyond router A. 10.0.0.0
  • 137. Configuring Default Routes Default routes are used to route packets with destinations that do not match any of the other routes in the routing table. A default route is actually a special static route that uses this format: ip route 0.0.0.0 0.0.0.0 [next-hop-address | outgoing interface] This is sometimes referred to as a “Quad-Zero” route. Example using next hop address: Router(config)#ip route 0.0.0.0 0.0.0.0 172.16.4.1 Example using the exit interface: Router(config)#ip route 0.0.0.0 0.0.0.0 s0/0
  • 139. Default Route LAB Configuration S0 S0 E0 E0 10.0.0.1 10.0.0.2 40.0.0.2 20.0.0.1 20.0.0.2 30.0.0.1 A B S0 S1 30.0.0.2 40.0.0.1 R1# config t R1(config)#ip route 0.0.0.0 0.0.0.0 20.0.0.2 R3# config t R3(config)#ip route 0.0.0.0 0.0.0.0 30.0.0.1 R2# config t R2(config)#ip route 10.0.0.0 255.0.0.0 20.0.0.1 R2(config)#ip route 40.0.0.0 255.0.0.0 30.0.0.2