The document discusses fundamentals of computer networking, including definitions of key terms like networks, protocols, and packet switching. It explains networking concepts such as the layered OSI model and TCP/IP stacks. Examples of different types of networking devices, protocols, and technologies are provided such as Ethernet, IP addressing, DNS, WiFi, and Bluetooth.

1. Fundamentals of Networking

2. Definitions
 Network: physical connection that allows two
computers to communicate
Packet: unit of transfer, sequence of bits carried
over the network
 Protocol: Agreement between two parties as
to how information is to be transmitted
 Internet Protocol (IP)
Used to route messages through routes across globe
32-bit addresses, 16-bit ports

3. Definitions (cont.)
 Layering (separation of tasks)
building complex services from simpler ones
 End-to-end argument
Application-specific properties are best provided by the
applications, not the network
 Packet vs. Circuit Switching
Post card (packet) vs. phone call (circuit)
Bandwidth and congestion
• Packet - better bandwidth usage, but potentially congested links
• Circuit - no congestion, but potentially lower link utilization
Failures and reconfiguration
• Packet - Failed routed detected and routed around
• Circuit - reconfigure entire path if any router fails

4. Two Ways To Handle Networking
 Circuit Switching
What you get when you make a phone call
Dedicated circuit per call
 Packet Switching
What you get when you send a bunch of letters
Bandwidth consumed only when sending
Packets are routed independently

5. Packet Switching vs. Packet Switching
 In a circuit-switched network, a circuit is established between the
two devices (like in a telephone system)
 In a packet-switched network, blocks of data may take any number
of paths as they travel from one device to the other
Circuit-switched Packet-switched

6. 6
Layered Architectures
 How computers manage complex
protocol processing?
Break-up design problem into smaller
problems
→ more manageable
 Decompose complicated jobs into layers
Each has a well defined task
Specify well defined protocols to enact
 Modular design
easy to extend / modify

7. Layered Architecture
Web, e-mail, file transfer, ...
Reliable/ordered transmission, QOS,
security, compression, ...
End-to-end transmission,
resource allocation, routing, ...
Point-to-point links,
LANs, radios, ...
Applications
Middleware
Routing
Physical Links
usersnetwork

8. The OSI Model
 Open Systems Interconnect (OSI)
standard way of understanding conceptual layers of network
communication, this is a model, nobody builds systems like this
 Each level
provides certain functions and guarantees communicates with the
same level on remote notes
 A message
generated at the highest level is passed down the levels,
encapsulated by lower levels until it is sent over the wire
 On the destination
encapsulated message makes its way up the layers
until the high-level message reaches its high-level destination

9. OSI Levels
Presentation
Transport
Network
Data Link
Physical
Application
Presentation
Transport
Network
Data Link
Physical
ApplicationNode A Node B
Network
Session Session

10. Network Protocol: the OSI Model
Separation of tasks using a hierarchy of data
1. Application Layer (FTP, DNS, SMTP, MIME, POP, TLS)
2. Presentation Layer (HTTP)
3. Session Layer
4. Transport Layer (control, firewall, protection)
5. Network Layer (IP address routing)
6. Data Link Layer (MAC / hardware address)
7. Physical Layer (cabling, wiring)

11. The Internet Protocol Layers
OSI Internet

12. Internet Protocol Stack
HTTP, SMTP, FTP, TELNET, DNS, …
TCP, UDP
IP
Point-to-point links,
LANs, radios, ...
Application
Transport
Network
Physical
usersnetwork

13. Protocol Stack
e-mail client
tcpserver process
ipserver process
ethernet
driver/card
user X
SMTP
TCP
IP
e-mail server
tcpserver process
Ipserver process
ethernet
driver/card
user Y
IEEE 802.3 standard
electric signals
English

14. Protocol encapsulation
e-mail client
tcpserver process
ipserver process
ethernet
driver/card
user X
e-mail server
tcpserver process
ipserver process
ethernet
driver/card
user Y“Hello”
“Hello”
“Hello”
“Hello”
“Hello”

15. Air travel
Ticket (purchase)
Baggage (check)
Gates (load)
Runway (take off)
Passenger Origin
Ticket (complain)
Baggage (claim)
Gates (unload)
Runway (landing)
Passenger Destination
Airplane routing

16. Bandwidth / Shannon’s Formula
 Transmission capacity of a channel
using radio frequencies (Wi-Fi) or a
carrier wave (ADSL) is given by
Shannon’s formula:
Capacity = Bandwidth x Log2 (1+S/N)
where S/N stands for signal/noise ratio
For instance: B = 40 kHz, S/N = 20 dB (factor 100)
Capacity = 40’000 x 6.65821 = 266.33 kbps

17. History of Computer Networks
 Networks started in the late 60’s in the US, in military and academic
research projects
 ARPAnet (Advanced Research Projects Agency Network)
 DECnet developed by DEC in the 70’s to link their mini-computers
worldwide
 Later they became widely used by the financial community for terminals and
ATM’s in the 80’s (X.25)
 Finally, the Internet, starting in the 90’s using the standard TCP/IP protocol
(inherited from the ARPAnet), the World Wide Web, and the hyper-text
transfer protocol (http) developed at the CERN in Geneva

18. Ethernet
 A technology for wiring computers and hosts in a
LAN (twisted pairs, fiberglass cable) standardized by
IEEE 802.3 (physical layer 1)

19. Devices on the Network
 Bridges: connect network segments together; work at the
physical and data link layer using the hardware address (broadcast
domain, layer 2)
 Switches: connect devices on the same physical network segment;
work at the data link layer using the hardware address (broadcast
domain, layer 2)
 Routers: process network packets using the IP-address (layer 3);
they set the path for reaching the destination, using routing tables
and routing algorithms (they define the boundaries between
broadcast domains)
 Gateways: connect different networks together (with protocol
conversion if necessary); they are the access point to the network
where controlling and filtering functions are performed (firewall, mal-
ware and spam detection); the Default Gateway is the node
connecting to the outside world and may be the device provided by the
ISP to home users or, a firewall or, a proxy server

20. Firewall
 A dedicated appliance (or a software running on another
computer) which inspects network traffic and denies or
permits passage based on a set of rules
 Firewalls of the second generation are stateful, meaning
that they maintain a record of all connection passing
through the firewall (detect Denial-Of-Service attacks)
 Firewall often have Network Address Translation
functionality (NAT), i.e. they hide from the outside world
the IP-address of hosts protected behind

21. Proxy Server
 Services requests to other servers on
behalf of its clients
 A proxy server that passes all requests
and replies unmodified is also called a
gateway

22. Network Protocols
Protocol Description Listening Port
FTP File Transfer Protocol
(used for file downloading)
21
SMTP Simple Mail Transfer Protocol
(Internet standard for electronic mail, Exchange)
25
DHCP Dynamic Host Configuration Protocol
(used by clients to obtain the network parameters)
67, 68
HTTP Hyper Text Transfer Protocol
(request/response standard in the Web)
80
POP3 Post Office Protocol 3
(client server protocol for e-mail, Outlook)
110
LDAP Lightweight Directory Access Protocol
(querying and modifying directory services)
389
HTTPS Hyper Text Transfer Protocol Secure
(secure socket layer for secure communication)
443
ICAP Internet Content Adaptation Protocol
(used for proxy servers and content filtering)
1344

23. IP Addressing
 IP (v4) addresses are divided into 4 groups of 8 bits
separated by dots (32 bits), each group has a value
between 0 and 28
– 1 = 255
 In order to reduce routing requirements, the IP address is also
divided into network-prefix, subnet-number and host-number
 Sub-netting enables organizations to reduce the number of public
(unique) IP-addresses requested for the LAN
 Subnets (broadcasting addresses) allow for deploying additional
networks without requesting new network numbers
 Local routers will use the extended network-prefix while Internet
routers will only need to know the network-prefix to route traffic to
individual subnets
 The extended network-prefix is commonly called subnet-mask
for instance: a 24-bits network-prefix is written as 255.255.255.0

24. CIDR: Classless Inter-Domain Routing
 A method of categorizing IP-
addresses for efficient use of
available IP numbers
Prefix Subnet-Mask # of hosts
/24 255.255.255.0 256
/25 255.255.255.128 128
/26 255.255.255.192 64
/27 255.255.255.224 32
/28 255.255.255.240 16
/29 255.255.255.248 8
/30 255.255.255.252 4
/31 255.255.255.254 2
/32 255.255.255.255 1

25. VLAN (Virtual LAN)
 Set of computers connected together as if they
were attached to the same Broadcasting Domain,
regardless of their physical location
 A Virtual LAN works like a physical LAN, even the
endpoint stations are not located on the same
network switch
 A Virtual LAN is often associated with a network
segment (subnet)

26. VPN: Virtual Private Network
 VPN are used to connect organizations with
remote users across multiple locations
 VPN’s establish tunnels that allow sensitive
data to be protected with encryption as it
goes over the Internet
 Remote access VPN: for mobile users
through dial-up services
 LAN-to-LAN VPN: for communication
between two different networks
 IPsec protocol is used as a secured link
(authentication, integrity and confidentiality)

28. Demilitarized Zone (DMZ)
 A non-critical region at the periphery of
the LAN (outside the firewall)
 Web servers, Mail Relay servers may
reside in the DMZ

29. Domain Name System (DNS)
 A fully qualified domain name is composed of a server,
an organizational domain, and a top-level domain
 Top-level domains are shared across organizations
(.com, .org, .net, .gov, .edu, ...)
 Top-level domains around the world are defined
according to country codes (.il, .uk, .us, .de, .ch, .fr …)

30. Name to Address Resolution
 Forward lookup
translates domain names
into IP addresses
 Reverse lookup
does the opposite
resolving addresses
into names

31. DNS Servers
 DNS Servers are distributed worldwide, but there
are 13 Root Servers that are the central repository
of all domain names in the World Wide Web, and
another 110 (Anycast) with copies across the globe

32. Use of DNS Servers
There are many records kept on DNS servers for instance:
 The “A” record keeping the 32-bit IP address of the host
 The “MX” record (mail exchange record) keeping a list of
mail exchange servers associated with a particular domain
 The “TXT” record keeping “Sender Policy Framework” and
“Domain Key” information used to identify valid mail from
Spam

33. Wireless 802.11b (Wi-Fi)
 Uses radio frequencies (2.4 GHz)
 Transmission speed 5.5 Mbps (new 54 Mbps)
 WEP (Wired Equivalent Privacy) uses a
shared key between the mobile station
and the base, but has security loopholes
 IEEE 802.11i addresses the WEP
weaknesses, uses AES and block cipher
to encrypt the wireless communication

34. Bluetooth
 A wireless short-range
communication technology
of 1 Mbp/s, named after Harald
Bluetooth King of Denmark in 900
 Used to exchange information
between devices such as mobile
phones, laptops, printers, digital cameras
etc.

35. The 10 Commandments of Security
1. Know that one line of defense is not enough
2. Understand the exposure and loopholes
3. Understand the technology used in attacks
4. See the “big picture” (network, servers, endpoints)
5. Beware of weak authentication mechanism
6. Remember that security is part of a life cycle
7. Address security breaches from insiders
8. Do not overlook physical security
9. Explain that security means also positive thinking
10. Avoid to many false alarms (false positive)

36. Requirements → What To Do
• One line of defense is not enough → Protect gateway/server/desktop
• Understand the exposure → Ask for a second opinion
• Understand the technology of attacks → Look for up-to-date information
• See the “big picture” → Install Total Protection suites
• Beware of weak authentication → Enforce strict passwords rules
• Security is part of a life cycle → Renew the licenses on time
• Address security breaches from insiders→ Install Device Control, Encryption
• Do not overlook physical security → Verify backups, disaster recovery
• Security means also positive thinking → Delegate tasks to the users
• Avoid too many false alarms → Use powerful algorithms