Download Free PDF. Introduction to Computer Networks and Cybersecurity. Hui Zheng. A short summary of this paper. In addition, some of the applications are used by the general population on a daily basis, while others are fairly sophisticated and their use is more esoteric. The applications that find wide and extensive use are known as killer applications, or killer apps for short.
A listing of some of the popular network applications that are generally employed are listed in Table 1. In this list, email and the Web would definitely be classified as killer apps for the Internet. Given the extensive list of applications, let us examine the manner in which these network applications are created.
We begin at the application layer for two fundamental reasons: 1 this is the one layer that is essentially known by every computer user, and 2 because it is here that the application software resides that runs on the various end host systems. CRC Press. All rights reserved. Example 1. Because the application software is written on end host systems, i. Note that the core network, shown in Figure 1. It is important to note that no application software is written for this network backbone and the core does not run applications because the core devices do not function at the application layer.
David, and Chwan-Hwa John Wu. Introduction to Computer Networks and Cybersecurity, edited by J. ProQuest Ebook Central,. Created from vu on The answer is the application service can be provided in three ways. The manner in which the application is structured among the various end host systems is known as the application architecture.
This architecture has a number of impor- tant features. First of all, in order to respond to, i. Thus, contacting the server for applications such as the Web or email can always be done. Furthermore, when a single server becomes overwhelmed with requests and is therefore inca- pable of handling the traffic, a cluster of servers, called a server farm, can be employed to scale the architecture. Within this architecture, the clients communicate with the server, however these client hosts do not communicate directly with each other.
In contrast to the server with its fixed IP address, the clients have a dynamic IP address. While clients can always be connected to the server they need not be, and thus may be connected on an intermittent basis.
In the peer-to-peer P2P architecture, a computer may operate as both server and client. These end systems communicate directly with one another, i. Because these peers, with dynamic IP addresses, communicate directly, they do not encounter a server bottleneck. Since the number of peers within this architecture can be enormous, this system is highly scalable. This decentralized system is however difficult to manage. Systems running the Gnutella software are arranged in a known group structure, and when a node requests a particular object, it queries its neighbor specifying the file name.
If the neighbor has the requested object it responds with the data necessary to download it. If the neighbor does not have the requested material, it forwards the request to its neighbors. Gnutella is consid- ered to be the third-most-popular file-sharing network in the Internet, following eDonkey and Fast Track.
The various aspects of process communication are described in Figure 1. Given the three architectures that support network applications, let us examine the manner in which programs running within the end host systems communicate with one another. These programs, often referred to as processes that are running within a host and communicate using inter-process communication IPC , are supported by the operating systems OS.
When the IPC is extended to network applications, the client process initiates communication, while the server process waits to be contacted. Processes in different hosts, created within the application layer, communicate by exchanging messages through the network. This communication, which is supported by both operating systems, is done in such a way that the application believes the information is virtually contained in the local memory, but with any attendant latency, jitter and error.
Irwin, J. What mechanism is used by a programmer to instruct the OS of an end host to communicate with another host? The mechanism by which two processes communicate through the Internet, using the TCP stack, is outlined in Figure 1. The software interface, through which a process sends and receives messages through the network, is called a socket.
A process sends a message by passing it through its socket as if it were writing to a local memory. At the output of its socket is a communica- tion infrastructure that transports the message to the socket of the receiving process. This latter socket passes the message on to the receiving process for the appropriate action.
As Figure 1. Because it resides in this position within the stack, it is referred to as the Application Programming Interface API for programmers. The socket is essentially a boundary separating levels of control. While control of the entire process exists on the application layer side of this boundary, very little control exists on the transport layer and bottom three layers of the stack.
Developers are typically able to select only the transport protocol and some select parameters, such as the IP address and port number. Given the communication process infrastructure, we now need to address the manner in which a process running on host A indicates that it wants to communicate with another process run- ning on host B.
In order to perform this operation, information on both the receiving host and the process are needed. In the Internet, the host is uniquely identified by a bit IP address. Within the host, the process itself has a specific identifier.
Since numerous processes, e. Some port numbers have been previously assigned to some of the more useful applications. So, to send an HTTP message to the cnn. With TCP, the two sockets are essentially connected by a virtual highway, and it is through this connections-oriented service that communication is established. The handshake that takes place while establishing the con- nection allows the client and server to agree upon the sequence number to be used.
A sequence number is used for each TCP segment in order to achieve reliable transport. This so-called connectionless operation is a best effort arrangement and therefore generally unreliable. While we have found that processes communicate through sockets, and we have briefly men- tioned the mechanisms by which this communication is accomplished, a number of important issues remain unanswered.
The details that codify the manner in which processes, running on different hosts, pass messages back and forth is defined by the application-layer protocol. This protocol defines such things as the types of messages that can be exchanged, i. It is important to note that while many application-layer protocols are in the public domain, some are not.
Protocols that are intentionally unavailable are typically proprietary. One such example is Skype. When the Internet was first introduced, it supported the interaction of a small number of individuals composed primarily of academics and researchers, and it was almost totally unknown to people outside these two groups.
Then along came the World Wide Web WWW and with it essentially a revolution in the manner in which people interacted in both personal and business environments. WWW turned the Internet into a data network with enormous potential, which led to the development of Web browsers. While the Web as we know it today contains an absolutely staggering amount of information, the problem is of course one of trying to effectively find what you need.
The first search engine was WAIS, and it started a development that has led to our ability to use the Web in ways we had never dreamed. Timing is also an issue. The data loss, timing and bandwidth requirements for a variety of applications are shown in Table 1. Each protocol has some distinctive services and the applica- tion developer must choose the one that best fits the application.
In order to aid the developer in this selection process, a listing of the comparative services is outlined in Table 1. TABLE 1. In addition, it is too late for the sender to retransmit the packet using TCP for the required low delay jitter. Table 1. For example, a Web page consists of objects, which are nothing more than files. These Irwin, J. The base HTML file includes several referenced objects, such as links and images.
Each object is addressable by a Uniform Resource Locator URL , and the following is a typical example of a URL in which the host name and path name are specified as shown. As such, it controls the manner in which Web pages are transferred back and forth between the Web server and its various clients.
As illustrated in Figure 1. There are two versions of HTTP. Recall from Table 1. When the client initiates a TCP connection to the server and the server accepts the connection, sockets are created at both ends and port number 80 is used. Then, HTTP messages are exchanged between the browser, i. Since TCP is employed, the data transfer is reliable. Once the request has been answered, the TCP connection is closed. Keep in mind that HTTP is stateless, meaning that the server maintains no information about past client requests.
Protocols that maintain state are complex because the past history must be maintained in some manner. Request is sent by a client to a web server and response is sent from a web server to a client.
As shown in Figure 1. These header lines are followed by a blank line representing the carriage return, and the line feed indicating the end of the Header lines [6]. Once again, it is infor- mative to compare this format to the screen capture shown in Figure 1.
Wireshark is a network analyzer software or network sniffer that supports every OS. It is a free download from www. Line 10 [SYN], i. Lines represent the file transfer from a HTTP server.
Line 17 acknowledges that the correct file has been received by the client host. Clearly, a format that is understood by every host will make this task easy. For example, mailto:xyzt auburn. The format and interpretation of fragment iden- tifiers are dependent on the media type of the resulting retrieval, as defined in RFC [6]. One example is shown in Figure 1. A URI can be further classified as a locator, a name, or both. This URL specifies where an identified resource is available and the mechanism for retrieving it.
For example, Irwin, J. The information that is sent from a form with the POST method is invisible in the header lines and there are no limits on the amount of information sent. The GET information, i. A service is being requested and that service is a search. Figure 1. Note that the information specifies that the GET method is requested, the ver- sion number is given and the host identified. The informa- tion requested is a name search, in particular the name of John Smith.
However, in this case there is an entity body that contains the query. Once again, a search is specified, and in this case the search is conducted in order to find people. The input param- eters are the first and last name, which must be given in the entity body. It is important to note that the information in the body can be encrypted to provide better security, whereas the header lines can be sniffed easily.
While these two versions have some things in common, there are some distinct differences. The requested HTML file completes the response message. As the example HTTP response message indicates, the first line specifies the status code. Some of the more typical status codes, and their description, are listed in Table 1. In the former case, at most one object is sent over a separate and distinct TCP connection.
In the latter case, multiple objects are sent over the same TCP connec- tion. Tower image 2. Motorbike image 3. The client browser can request image files while interpreting HTML tags in the manner indicated in Figure 1.
We further assume the client browser wants to download this page. Let us first consider the non-persistent HTTP case by examining in detail the manner in which a Web page is transferred from server to client.
Step 3: The TCP handshake is sent from server to client to confirm the connection is established. These first three steps are illustrated in Figure 1. The message sent indicates that the client requests a base HTML file. As the figure illustrates, this process is repeated for each of the three JPEG objects. The fact that there are several steps involved in this process leads one to question the amount of time this process will actually take. To aid us in quantifying the time involved, we define the round-trip time RTT as the time required for a small packet to travel from client to server and back again.
With reference to Figure 1. For simplic- ity, we have deliberately ignored such things as propagation delays and delays in routers and other intermediate devices. In the situation outlined in Figure 1.
In summary, the non-persistent client-server interaction over TCP has the following charac- teristics. One connection is established for each object, and the server closes the connection after sending an object. Two RTTs are required per object.
Finally, after the base HTML file is processed by the client browser, the browser opens parallel TCP connections in order to fetch the referenced objects.
In the former Irwin, J. Request connection Request connection Accept connection Accept connection Request bike image Request index. In the latter mode, multiple active con- nections are employed at the same time. In fact, most browsers will open multiple parallel TCP connections. In order to facilitate the visualization of these two types of connections, we assume infinite bandwidth.
This is clearly a process which operates in tandem and thus by its very nature is time consuming. On the other hand, Figure 1. There is however an underlying assumption in this case that the pipe has an infinite bandwidth. For a low data rate link, there is essentially no difference between parallel and serial connections; however, a high data rate link can benefit from parallel connections.
Let us next consider the persistent HTTP case. It also encounters operating system over- head for each TCP connection, and the browsers typically open parallel TCP connections in order to fetch the referenced objects. Persistent HTTP connections can be in one of two forms: with and without pipelining. Without pipelining, the client issues a new request only when the previous response has been received, and only one RTT is required for each referenced object.
The client issues the three HTTP requests, one after the other, without waiting for the arrival of previously requested files as shown in Figure 1. In contrast to pipelining, the persistent connection without pipelining issues a request and then waits until the complete file is received before issuing the next HTTP request.
For most organizations, the access link to the Internet is almost always full, and hence there typically exists a long queuing delay when sending a packet to the Internet. Assume, for example, that the average queuing delay at the border router is ms when a packet travels to the Internet.
In contrast, when a response packet travels from the Internet to a Gbps LAN, the queuing delay is negligible when compared with the delay in the opposite direction. In addition, suppose that a homepage is to be downloaded that has only one base file that is Kbits long. Network latency contains the round-trip time RTT and the number of round trips required to transfer application data is the delay that can be minimized through protocol optimizations. Network bandwidth has grown substantially over the past two decades, thereby reducing the transmission delay, while propaga- tion delay is largely constrained by the speed of light and has remained unchanged.
Therefore reducing the number of round trips has become the most effective way to improve the latency of TCP-based applications. The media file will stop play back if the rate of play back exceeds the rate at which the file is downloaded. The file will resume to play again after further video is downloaded. Google Video, and YouTube support video progressive downloading that can seek any part of the video before buffering is complete. A Flash Video player can request any part of the Flash Video file starting at a specified key frame.
Cookies are designed to provide a browser with memory for a particular site that one has visited. Individuals who use the Web to purchase a variety of items are typically very familiar with Cookies. Obviously, this information can be very useful in enticing the users to buy more goods by informing them of buying opportunities that fit their pattern of purchases. Cookies provide the state information for HTTP since it is inherently stateless. In addition, the file is also contained in a back-end database that exists at the Web site.
The following data is typical of the type of information Cookies generate: Alice always accesses the Internet from a PC, and this is the first time the current Web site has been vis- ited. The actual process proceeds as indicated in Figure 1. When an initial HTTP request arrives at the site, e. This information is also saved in a special Cookie file maintained by the browser. If Alice returns to the amazon. This process is repeated each time Alice visits this web site.
There is tremendous value in this process for amazon. For example, the web site knows such things as what she is purchasing, how much she is purchasing, the order of her purchases and the times of purchase.
Armed with this information, the company is in a position to suggest additional purchases that are aligned with her previous history of purchases at their site.
So, once a purchase has been made and Alice has given the company all the necessary data that identifies her, e. Two cookies are set by amazon. Note that this Hypertext Transfer Protocol contains two Cookies.
Two cookies are sent to amazon. The server responds by sending the requested page, pre- ceded by the HTTP header, that may contain lines requesting the browser to store Cookies. If the browser sup- ports Cookies and they are enabled, every subsequent page request to this particular server will contain the Cookie.
This last condition permits a server or script to explicitly delete a Cookie. This process can be performed in the following manner. First, the user provides both user name and password in the text fields of a login page and forwards them to the server.
Next, the server receives and checks this data. If correct, the server sends back a page that confirms a successful login and includes a Cookie. Finally, with every user request from the server, the browser automatically sends the Cookie to the server, the server compares the Cookie with those that are stored, and if a match is found the server has identified the user.
This technique is commonly used by a variety of sites that permit login, such as Yahoo. Cookies assist with such things as authorization, shopping carts, recommendations and user session state, i.
This state is maintained at the protocol endpoints, i. Cookies are routinely being used to collect statistics and generate Irwin, J. However, when a Cookie is used for a single sign on, the authen- tication information stored in the Cookie may be stolen. Unfortunately, Cookies contain a lot of information about an individual and therefore privacy is always an issue when they are used. The use of a proxy server is the most economical way. The web cache, also known as a proxy server, is an intermediary device between the client and origin server as indicated in Figure 1.
It handles HTTP requests for the origin server, and stores recently requested objects. A user can configure a browser to first access the web cache. Under these circumstances, the browser sends all HTTP requests directly to cache. If the requested object is resident in cache, the cache will return the object to the client.
Otherwise, the cache will request the object from the origin server. When the cache receives the object, it retains a copy and for- wards it on to the client. The proxy caching operation is performed in the following manner. This technique clearly has some inherent advantages. Part 1 covers the most important Internet applications and the methods used to develop them. Part 2 discusses the network edge, consisting of hosts, access networks, LANs, and the physical media used with the physical and link layers.
Building on the concepts and principles, the book then delves into state-of-the-art cybersecurity mechanisms in Part 5. It reviews the types of malware and the various security systems, made up of firewalls, intrusion detection systems, and other components.
Crucially, it provides a seamless view of an information infrastructure in which security capabilities are built in rather than treated as an add-on feature.
The book closes with a look at emerging technologies, including virtualization and data center and cloud computing unified communication. This comprehensive text supplies a carefully designed introduction to both the fundamentals of networks and the latest advances in Internet security.
Addressing cybersecurity from an Internet perspective, it prepares you to better understand the motivation and methods of cyber attacks and what you can do to protect the networks and the applications that run on them. Learning goals in each chapter show you what you can expect to learn, and end-of-chapter problems and questions test your understanding. Throughout, the book uses real-world examples and extensive illustrations and screen captures to explain complicated concepts simply and clearly.
Programmer Books. Random Books. Book Description: If a network is not secure, how valuable is it? Get the Fundamentals of Internet Architecture and the Protocol Layers Organized into six parts, the book walks you through the fundamentals, starting with the way most people first encounter computer networks—through the Internet architecture.
Learn about Malware and Security Systems Building on the concepts and principles, the book then delves into state-of-the-art cybersecurity mechanisms in Part 5.
Understand Cyber Attacks—and What You Can Do to Defend against Them This comprehensive text supplies a carefully designed introduction to both the fundamentals of networks and the latest advances in Internet security.
0コメント