9 network fundamentals - union county vocational ... within their organization. internet the...

9 Network Fundamentals

In all large corporations, there is

a pervasive fear that someone,

somewhere is having fun with a

computer on company time.

Networks help alleviate that fear.

—JOHN C. DVORAK

In this chapter, you will learnhow to

■ Identify the basic networkarchitectures

■ Define the basic networkprotocols

■ Explain routing and addresstranslation

■ Classify security zones

208

BaseTech / Principles of Computer Security: CompTIA Security+™ and Beyond / Wm. Arthur Conklin / 619-8 / Chapter 9

The term “network” has different meanings depending on the context and

usage. A network can be a group of friends and associates, a series of

interconnected tunnels, or, from a computer-oriented perspective, a collection

of interconnected devices. For the purposes of this discussion, we’ll focus

on the more widely accepted definition of a network to mean any series of

interconnected information systems and devices. Networks are all around us,

and they enable the computers we use to interact—exchanging information

on everything from credit card transactions to the latest news and weather.

Essentially the Internet itself is one giant network consisting of interconnected

PCs, servers, routers, and switches.

By the simplest definition in the data world, a network is a means

to connect two or more computers together for the purposes of sharing

information. Network sizes and shapes vary drastically—from two personal

computers connected with a crossover cable or wireless router to the Internet,

encircling the globe and linking together untold numbers of individual, distributed

systems. Though data networks vary widely in size and scope, they are generally

defined in terms of their architecture, topology, and protocol.

P:\010Comp\BaseTech\619-8\ch09.vpSaturday, October 08, 2011 3:17:24 PM

Color profile: DisabledComposite Default screen

■ Network ArchitecturesEvery network has an architecture—whether by design or accident. De-fining or describing a specific network’s architecture involves identifyingthe network’s physical configuration, logical operation, structure, proce-dures, data formats, protocols, and other components. For the sake of sim-plicity and categorization, people tend to divide network architectures intotwo main categories: LANs and WANs. A local area network (LAN) typicallyis smaller in terms of size and geographic coverage and consists of two ormore connected devices. Home networks and most small office networkscan be classified as LANs. A wide area network (WAN) tends to be larger,covering more geographic area, and consists of two or more systems in geo-graphically separated areas connected by any of a variety of methods suchas leased lines, radio waves, satelliterelays, microwaves, or even dial-upconnections. With the advent ofwireless networking, optical, andcellular technology, the lines be-tween LAN and WAN sometimesblur, merging seamlessly into a sin-gle network entity. For example,most corporations have multipleLANs within each office locationthat all connect to a WAN that pro-vides intercompany connectivity.Figure 9.1 shows an example of acorporate network. Each office loca-tion will typically have one or moreLANs, which are connected to theother offices and the company head-quarters through a corporate WAN.

Over time, as networks have grown, diversified, and multiplied, the linebetween LAN and WAN has become blurred. To better describe emerging,specialized network structures, new terms have been coined to classify net-works based on size and use:

■ Campus area network (CAN) A network connecting any numberof buildings in an office or university complex (also referred to as acampus wide area network).

■ Intranet A “private” network that is accessible only to authorizedusers. Many large corporations host an intranet to facilitate informationsharing within their organization.

■ Internet The “global network” connecting hundreds of millions ofsystems and users.

■ Metropolitan area network (MAN) A network designed for aspecific geographic locality such as a town or a city.

■ Storage area network (SAN) A high-speed network connecting avariety of storage devices such as tape systems, RAID arrays, opticaldrives, file servers, and others.

Chapter 9: Network Fundamentals 209


• Figure 9.1 Corporate WAN connecting multiple offices

Exam Tip: A LAN is a localarea network—an office build -ing, home network, and so on.A WAN is a wide area network—a corporate network connectingoffices in Dallas, New York, andSan Jose, for example.



■ Virtual local area network (VLAN) A logical network allowingsystems on different physical networks to interact as if they wereconnected to the same physical network.

■ Client/server A network in which powerful, dedicated systemscalled servers provide resources to individual workstations or clients.

■ Peer-to-peer A network in which every system is treated as anequal, such as a home network.

■ Network TopologyOne major component of every network’s architecture isthe network’s topology—how the network is physicallyor logically arranged. Terms to classify a network’s to-pology have been developed, often reflecting the physi-cal layout of the network. The main classes of networktopologies are star, ring, bus, and mixed.

■ Star topology Network components are connectedto a central point. (See Figure 9.2.)

■ Bus topology Network components are connectedto the same cable, often called “the bus” or “thebackbone.” (See Figure 9.3.)

■ Ring topology Network components are connectedto each other in a closed loop with each device directlyconnected to two other devices. (See Figure 9.4.)

Larger networks, such as those inside an office com-plex, may use more than one topology at the same time.For example, an office complex may have a large ring to-pology that interconnects all the buildings in the

210 Principles of Computer Security: CompTIA Security+ and Beyond


• Figure 9.2 Star topology

• Figure 9.3 Bus topology • Figure 9.4 Ring topology



complex. Each buildingmay have a large bus to-pology to interconnect startopologies located on eachfloor of the building. Thisis called a mixed topologyor hybrid topology. (SeeFigure 9.5.)

With recent advancesin technology, these topol-ogy definitions often breakdown. While a networkconsisting of five comput-ers connected to the samecoaxial cable is easily clas-sified as a bus topology,what about those samecomputers connected to aswitch using Cat-5 cables?With a switch, each com-puter is connected to a central node, much like a star topology, but thebackplane of the switch is essentially a shared medium. With a switch, eachcomputer has its own exclusive connection to the switch like a star topology,but has to share the switch’s communications backbone with all the othercomputers, much like a bus topology. To avoid this type of confusion, manypeople use topology definitions only to identify the physical layout of thenetwork, focusing on how the devices are connected to the network. If weapply this line of thinking to our example, the five-computer network be-comes a star topology whether we use a hub or a switch.

■ Network ProtocolsHow do all these interconnected devices communicate? What makes a PC inChina able to view web pages on a server in Brazil? When engineers firststarted to connect computers together via networks, they quickly realizedthey needed a commonly accepted method for communicating—a protocol.A protocol is an agreed-upon format for exchanging or transmitting data be-tween systems. A protocol defines a number of agreed-upon parameters,such as the data compression method, the type of error checking to use, andmechanisms for systems to signal when they have finished either receiving ortransmitting data. There is a wide variety of protocols, each designed withcertain benefits and uses in mind. Some of the more common protocols are

■ AppleTalk The communications protocol developed by Apple toconnect Macintosh computers and printers.

■ Asynchronous Transfer Mode (ATM) A protocol based ontransferring data in fixed-size packets. The fixed packet sizes helpensure that no single data type monopolizes the available bandwidth.



• Figure 9.5 Mixed topology

Wireless networks use radiowaves as their medium to trans -mit packets, and those radiowaves don’t stop at the walls ofyour house or your organization.Anyone within range can “see”those radio waves and attemptto either sniff your traffic or con-nect to your network. Encryp-tion, MAC address filtering, andsuppression of beacon framesare all security mechanisms toconsider when using wirelessnetworks.



■ DECnet Protocol developed by Digital Equipment Corporationthat’s used to connect PDP and VAX systems.

■ Ethernet The LAN protocol developed jointly by Xerox, DEC, andIntel—the most widely implemented LAN standard.

■ Fiber Distributed Data Interface (FDDI) The protocol for sendingdigital data over fiber-optic cabling.

■ Internet protocols (IP) The protocols for managing and transmittingdata between packet-switched computer networks originally developedfor the Department of Defense. Most users are familiar with Internetprotocols such as e-mail, File Transfer Protocol (FTP), Telnet, andHypertext Transfer Protocol (HTTP).

■ Internetwork Packet Exchange (IPX) The networking protocolcreated by Novell for use with Novell NetWare operating systems.

■ Signaling System 7 (SS7) The telecommunications protocol usedbetween private branch exchanges (PBXs) to handle tasks such ascall setup, routing, and teardown.

■ Systems Network Architecture (SNA) A set of network protocolsdeveloped by IBM, originally used to connect IBM’s mainframesystems.

■ Token Ring A LAN protocol developed by IBM that requiressystems to possess the network “token” before transmitting data.

■ Transmission Control Protocol/Internet Protocol (TCP/IP) Thecollection of communications protocols used to connect hosts on theInternet. TCP/IP is by far the most commonly used networkprotocol and is a combination of the TCP and IP protocols.

■ X.25 A protocol developed by the Comité Consultatif InternationalTéléphonique et Télégraphique (CCITT) for use in packet-switchednetworks. The CCITT was a subgroup within the InternationalTelecommunication Union (ITU) before the CCITT was disbandedin 1992.

In most cases, communications protocols were developed around theOpen System Interconnection (OSI) model. The OSI model, or OSI Refer-ence Model, is an International Organization for Standardization (ISO) stan-dard for worldwide communications that defines a framework forimplementing protocols and networking components in seven distinct lay-ers. Within the OSI model, control is passed from one layer to another (top-down) before it exits one system and enters another system, where control ispassed bottom-up to complete the communications cycle. It is important tonote that most protocols only loosely follow the OSI model; several proto-cols combine one or more layers into a single function. The OSI model alsoprovides a certain level of abstraction and isolation for each layer, whichonly needs to know how to interact with the layer above and below it. Theapplication layer, for example, only needs to know how to communicatewith the presentation layer—it does not need to talk directly to the physicallayer. Figure 9.6 shows the different layers of the OSI model.



A little history on the IP pro-tocol from Wikipedia: “In May,1974, the Institute of Electricaland Electronic Engineers (IEEE)published a paper entitled ‘AProtocol for Packet Network In-terconnection.’ The paper’s au-thors, Vint Cerf and Bob Kahn,described an internetworkingprotocol for sharing resourcesusing packet-switching amongthe nodes.”

• Figure 9.6 The OSI Reference Model



PacketsNetworks are built to share information and resources, but like other formsof communication, networks and the protocols they use have limits andrules that must be followed for effective communication. For example, largechunks of data must typically be broken up into smaller, more manageablechunks before they are transmitted from one computer to another. Breakingthe data up has advantages—you can more effectively share bandwidthwith other systems and you don’t have to retransmit the entire dataset ifthere is a problem in transmission. When data is broken up into smallerpieces for transmission, each of the smaller pieces is typically called apacket. Each protocol has its own defini-tion of a packet—dictating how muchdata can be carried, what information isstored where, how the packet should beinterpreted by another system, and soon. A standard packet structure is a cru-cial element in a protocol definition.Without a standard packet structure,systems would not be able to interpretthe information coming to them fromother systems. To better understandpacket structure, let’s examine thepacket structure defined by the IP proto-col. An IP packet, often called a datagram,has two main sections: the header andthe data section (sometimes called thepayload). The header section contains allof the information needed to describe thepacket (see Figure 9.7).

■ What kind of packet it is (protocol version number)

■ How large the header of the packet is (packet header length)

■ How to process this packet (type of service telling the networkwhether or not to use options such as minimize delay, maximizethroughput, maximize reliability, and minimize cost)

■ How large the entire packet is (overall length of packet—since this isa 16-bit field, the maximum size of an IP packet is 65,535 bytes, butin practice most packets are around 1500 bytes)

■ A unique identifier so that this packet can be distinguished fromother packets

■ Whether or not this packet is part of a longer data stream and shouldbe handled relative to other packets

■ Flags that indicate whether or not special handling of this packet isnecessary

■ A description of where this packet fits into the data stream ascompared to other packets (the fragment offset)

■ A “time to live” field that indicates the packet should be discarded ifthe value is zero



• Figure 9.7 Logical layout of an IP packet



■ A protocol field that describes the encapsulated protocol

■ A checksum of the packet header (to minimize the potential for datacorruption during transmission)

■ Where the packet is from (source IP address, such as 10.10.10.5)

■ Where the packet is going (destination IP address, such as 10.10.10.10)

■ Option flags that govern security and handling restrictions, whetheror not to record the route this packet has taken, whether or not torecord time stamps, and so on

■ The data this packet carries

As you can see, this standard packet definition allows systems to com-municate. Without this type of “common language,” the global connectivitywe enjoy today would be impossible—the IP protocol is the primary meansfor transmitting information across the Internet.

TCP vs. UDPProtocols are typically developed to enable a certain type of communicationor solve a specific problem. Over the years, this approach has lead to the de-velopment of many different protocols, each critical to the function or pro-cess it supports. However, there are two protocols that have grown so muchin popularity and use that without them, the Internet as we know it wouldcease to exist. These two protocols, the Transmission Control Protocol (TCP)and User Datagram Protocol (UDP), are protocols that run on top of the IPnetwork protocol. As separate protocols, they each have their own packet def-initions, capabilities, and advantages, but the most important difference be-tween TCP and UDP is the concept of “guaranteed” reliability and delivery.

UDP is known as a “connectionless” protocol as it has very few error-recovery services and no guarantee of packet delivery. With UDP, packetsare created and sent on their way. The sender has no idea whether the pack-ets were successfully received or whether they were received in order. Inthat respect, UDP packets are much like postcards—you address them anddrop them in the mailbox, not really knowing if, when, or how the postcardsreach your intended audience. Even though packet loss and corruption arerelatively rare on modern networks, UDP is considered to be an unreliableprotocol and is often only used for network services that are not greatly af-fected by the occasional lost or dropped packet. Time synchronization re-quests, name lookups, and streaming audio are good examples of networkservices based on the UDP protocol. UDP also happens to be a fairly “effi-cient” protocol in terms of content delivery versus overhead. With UDP,more time and space is dedicated to content (data) delivery than with otherprotocols such as TCP. This makes UDP a good candidate for streaming pro-tocols, as more of the available bandwidth and resources are used for datadelivery than with other protocols.

TCP is a “connection-oriented” protocol and was specifically designedto provide a reliable connection between two hosts exchanging data. TCPwas also designed to ensure that packets are processed in the same order inwhich they were sent. As part of the TCP protocol, each packet has a se-quence number to show where that packet fits into the overall conversation.With the sequence numbers, packets can arrive in any order and at different



Tech Tip

The Importance ofUnderstanding TCP/IPProtocolsA security professional must un-derstand how the various TCP/IPprotocols operate. For example, ifyou’re looking at a packet captureof a suspected port scan, you needto know how “normal” TCP andUDP traffic work so you will beable to spot “abnormal” traffic.This chapter provides a very basicoverview of the most popular pro-tocols: TCP, UDP, and ICMP.

Exam Tip: TCP is a“connection-oriented” protocoland offers reliability and guaran -teed delivery of packets. UDP isa “connectionless” protocol withno guarantees of delivery.



times and the receiving system will still know the correct order for process-ing them. The sequence numbers also let the receiving system know if pack-ets are missing—receiving packets 1, 2, 4, and 7 tells us that packets 3, 5, and6 are missing and needed as part of this conversation. The receiving systemcan then request retransmission of packets from the sender to fill in anygaps.

The “guaranteed and reliable” aspect of the TCPprotocol makes it very popular for many networkapplications and services such as HTTP, FTP, andTelnet. As part of the connection, TCP requires thatsystems follow a specific pattern when establishingcommunications. This pattern, often called thethree-way handshake (shown in Figure 9.8), is a se-quence of very specific steps:

1. The originating host (usually called the client) sends a SYN(synchronize) packet to the destination host (usually called theserver). The SYN packet tells the server what port the client wants toconnect to and the initial packet sequence number of the client.

2. The server sends a SYN/ACK packet back to the client. This SYN/ACK(synchronize/acknowledge) tells the client “I received your request”and also contains the server’s initial packet sequence number.

3. The client responds to the server with an ACK packet to completethe connection establishment process.

ICMPWhile TCP and UDP are arguablythe most common protocols, theInternet Control Message Protocol(ICMP) is probably the third mostcommonly used protocol. Duringthe early development of large net-works, it was quickly discoveredthat there needed to be some mech-anism for managing the overallinfrastructure—handling connec-tion status, traffic flow, availabil-ity, and errors. This mechanism isthe ICMP protocol. ICMP is a con-trol and information protocol andis used by network devices to de-termine such things as a remotenetwork’s availability, the lengthof time to reach a remote network,and the best route for packets totake when traveling to that remotenetwork (using ICMP redirectmessages, for example). ICMP canalso be used to handle the flow of



• Figure 9.8 TCP’s three-way handshake

Think of the three-way hand-shake as being similar to aphone call. You place a call toyour friend—that ’s the SYN.Your friend answers the phoneand says “hello”—that ’s theSYN/ACK. Then you say “Hi, it’sme”—that ’s the ACK. Your con-nection is established and youcan start your conversation.

Tech Tip

TCP Packet FlagsTCP packets contain flags—dedicated fields that are used to help the TCP protocolcontrol and manage the TCP session. There are eight different flags in a TCP packet,and when a flag is “set,” it is set to a value of 1. The eight different flags are

■ CWR (Congestion Window Reduced) Set by a host to indicate that itreceived a packet with the ECE flag set and is taking action to help reducecongestion.

■ ECE (ECN-Echo) Indicates that the TCP peer is ECN capable when usedduring the three-way handshake. During normal traffic, this flag means that apacket with a Congestion Experienced flag in its IP header was received by thehost sending this packet.

■ URG (Urgent) When set, the urgent pointer in the packets should be read asvalid and followed for additional data.

■ ACK (Acknowledgment) Indicates that the data in the ACK field should beprocessed.

■ PSH (Push) Indicates that data delivery should start immediately ratherthan waiting for buffers to fill up first.

■ RST (Reset) Resets the current connection—a start-over feature often usedby IPS/IDS devices to interrupt sessions.

■ SYN (Synchronize) Used to help synchronize sequence numbers.

■ FIN (Finish) Indicates the sender is finished and has no more data to send.



traffic, telling other network de-vices to “slow down” transmis-sion speeds if packets are comingin too fast.

ICMP, like UDP, is aconnectionless protocol. ICMPwas designed to carry small mes-sages quickly with minimal over-head or impact to bandwidth.ICMP packets are sent using thesame header structure as IP pack-ets, with the protocol field set to 1to indicate that it is an ICMPpacket. ICMP packets also havetheir own header, which followsthe IP header and contains type,code, checksum, sequence num-ber, identifier, and data fields. The“type” field indicates what type ofICMP message it is, and the“code” field tells us what the mes-sage really means. For example,an ICMP packet with a type of 3and a code of 2 would tell us this isa “destination unreachable” mes-sage and, more specifically, a“host unreachable” message—usually indicating that we are un-able to communicate with the in-tended destination.

Unfortunately, the ICMP pro-tocol has been greatly abused byattackers over the last few years toexecute denial-of-service (DoS) at-tacks. Because ICMP packets arevery small and connectionless,thousands and thousands ofICMP packets can be generated bya single system in a very short pe-riod of time. Attackers have devel-oped methods to trick manysystems into generating thou-sands of ICMP packets with acommon destination—the at-tacker’s target. This creates a lit-eral flood of traffic that the target,and in most cases the network the

target sits on, is incapable of dealing with. The ICMP flood drowns out anyother legitimate traffic and prevents the target from accomplishing its



Tech Tip

ICMP Type CodesWith ICMP packets, the real message of the packet is contained in the “type and code”fields, not the data field. Here are some of the more commonly seen ICMP type codes:

Type Name

0 Echo reply

3 Destination unreachable

4 Source quench

5 Redirect

8 Echo

11 Time exceeded

13 Timestamp

30 Traceroute

Some of the types have associated code values that make the message more specific.For example, ICMP messages with a type of 3 can have any of the following codes:

Code Name

1 Net unreachable

2 Host unreachable

3 Protocol unreachable

4 Port unreachable

5 Fragmentation needed and DF bit set

6 Source route failed

7 Destination network unknown

8 Destination host unknown

9 Source host isolated

10 Communication with destination network is administrativelyprohibited

11 Communication with destination host is administrativelyprohibited

12 Destination network unreachable for TOS

13 Destination host unreachable for TOS

As a security professional, knowing how protocols, such as ICMP, work and howto interpret them is extremely important. Imagine you’re configuring a firewall. Youcould configure it to drop all ICMP packets, but that would prevent your users frombeing able to receive echo replies, traceroute results, and so on. If you know howICMP works, you could block most ICMP packets and only allow the ones you’re re-ally interested in, such as echo replies, past your firewall. This gives you the ability tokeep using parts of the protocol and reject others.



normal duties—denying access to the service the target normally provides.This has lead to many organizations blocking all external ICMP traffic at theperimeter of their organization.

■ Packet DeliveryProtocols are designed to help information get from one place to another,but in order to deliver a packet we have to know where it is going. Packetdelivery can be divided into two sections: local and remote packet delivery.Local delivery applies to packets being sent out on a local network while re-mote delivery applies to packets being delivered to a remote system, such asacross the Internet. Ultimately, packets may follow a local delivery, remotedelivery, local delivery pattern before reaching their intended destination.The biggest difference in local versus remote delivery is how packets are ad-dressed. Network systems have addresses, not unlike office numbers orstreet addresses, and before a packet can be successfully delivered, thesender needs to know the address of the destination system.

Local Packet DeliveryPackets delivered on a network, such as an office LAN, are usually sent us-ing the destination system’s hardware address, or Media Access Control(MAC) address. Each network card or network device is supposed to have aunique hardware address so that it can be specifically addressed for net-work traffic. MAC addresses are assigned to a device or network card by themanufacturer, and each manufacturer is assigned a specific block of MAC ad-dresses to prevent two devices from sharing the same MAC address. MACaddresses are usually expressed as six pairs of hexadecimal digits, such as00:07:e9:7c:c8:aa. In order for a system to send data to another system on thenetwork, it must first find out the destination system’s MAC address.

Maintaining a list of every local system’s MAC address is both costlyand time consuming, and although a system may store MAC addresses tem-porarily for convenience, in manycases the sender must find thedestination MAC address beforesending any packets. To find an-other system’s MAC address, theAddress Resolution Protocol (ARP)is used. Essentially, this is thecomputer’s way of finding out“who owns the blue convertiblewith license number 123JAK.”



Cross CheckPing Sweep

In Chapter 1 you learned about a “ping sweep.” What is a ping sweepand what is it used for? What types of ICMP packets could you use toconduct a ping sweep?

In February 2000 a 17-year-old Canadian script kiddiebrought down 11 sites using75 computers in 52 countries tosend 10,700 ICMP messages in10 seconds. The targeted sitesincluded Yahoo, Buy.com, eBay,CNN, Amazon.com, ZDNet,ETrade, Dell, and Excite.

Tech Tip

MAC AddressesEvery network device should havea unique MAC address. Manu-facturers of network cards andnetwork chipsets have blocks ofMAC addresses assigned to them,so you can often tell what type ofequipment is sending packets bylooking at the first three pairs ofhexadecimal digits in a MAC ad-dress. For example “00-00-0C”would indicate the network devicewas built by Cisco Systems.

Try ThisFinding MAC Addresses on Windows Systems

Open a command prompt on a Windows system. Type the commandipconfig /all and find your system’s MAC address. Hint: It should belisted under “Physical Address” on your network adapters. Now typethe command arp –a and press ENTER. What information does this dis-play? Can you find the MAC address of your default gateway?



In most cases, systems know the IP address they wish to send to, but not theMAC address. Using an ARP request, the sending system will send out aquery: Who is 10.1.1.140? This broadcast query is examined by every systemon the local network, but only the system whose IP address is 10.1.1.140 willrespond. That system will send back a response that says “I’m 10.1.1.140 andmy MAC address is 00:07:e9:7c:c8:aa.” The sending system will then formatthe packet for delivery and drop it on the network media, stamped with theMAC address of the destination workstation.

Remote Packet DeliveryWhile packet delivery on a LAN is usually accomplished with MAC ad-dresses, packet delivery to a distant system is usually accomplished usingInternet Protocol (IP) addresses. IP addresses are 32-bit numbers that usu-ally are expressed as a group of four numbers (such as 10.1.1.132). In orderto send a packet to a specific system on the other side of the world, you haveto know the remote system’s IP address. Storing large numbers of IP ad-dresses on every PC is far too costly, and most humans are not good at re-membering collections of numbers. However, humans are good atremembering names, so the Domain Name System (DNS) protocol wascreated.

DNS translates names into IP addresses. When you enter the name ofyour favorite web site into the location bar of your web browser and pressENTER, the computer has to figure out what IP address belongs to that name.Your computer takes the entered name and sends a query to a local DNSserver. Essentially, your computer asks the DNS server “What IP addressgoes with www.myfavoritesite.com?” The DNS server, whose main pur-pose in life is to handle DNS queries, looks in its local records to see if itknows the answer. If it doesn’t, the DNS server queries another, higher-leveldomain server. That server checks its records and queries the server aboveit, and so on until a match is found. That name-to-IP address matching ispassed back down to your computer so it can create the web request, stampit with the right destination IP address, and send it.

Before sending the packet, your system will first determine if the desti-nation IP address is on a local or remote network. In most cases, it will be ona remote network and your system will not know how to reach that remotenetwork. Again, it would not be practical for your system to know how todirectly reach every other system on the Internet, so your system will for-ward the packet to a network gateway. Network gateways, usually calledrouters, are devices that are used to interconnect networks and move pack-ets from one network to another. That process of moving packets from onenetwork to another is called routing and is critical to the flow of informationacross the Internet. To accomplish this task, routers use forwarding tables to



MAC addresses can be“spoofed” or faked. Some oper -ating systems allow users withadministrator-level privileges toexplicitly set the MAC addressfor their network card(s). For ex-ample, in Linux operating sys -tems you can use the ifconfigcommand to change a networkadapter ’s MAC address. Thecommand ifconfig eth0 hwether 00:07:e9:7c:c8:aa willset the MAC address of adaptereth0 to 00:07:e9:7c:c8:aa. Thereare also a number of softwareutilities that allow you to do thisthrough a GUI, such as the GNUMAC Changer. GUI utilities tochange MAC addresses on Win -dows systems are also available.

Cross CheckMandatory Access Control

In Chapter 2 you learned about a different MAC—mandatory accesscontrol. What is the difference between mandatory access control andMedia Access Control? What is each used for?

The Domain Name System iscritical to the operation of theInternet—if your computer can ’ttranslate www.espn.com into199.181.132.250, then your webbrowser won’t be able to accessthe latest scores.



determine where a packet should go. When a packet reaches a router, therouter looks at the destination address to determine where to send thepacket. If the router’s forwarding tables indicate where the packet shouldgo, the router sends the packet out along the appropriate route. If the routerdoes not know where the destination network is, it forwards the packet to itsdefined gateway, which repeats the same process. Eventually, after travers-ing various networks and being passed through various routers, our packetarrives at the router serving the network with the web site we are trying toreach. This router determines the appropriate MAC address of the destina-tion system and forwards the packet accordingly.

IP Addresses and SubnettingThe last section mentioned that IP addresses are 32-bit numbers. Those32 bits are represented as four groups of 8 bits each (called octets). You willusually see IP addresses expressed as four sets of decimal numbers indotted-decimal notation, 10.120.102.15 for example. Of those 32 bits in an IPaddress, some are used for the network portion of the address (the networkID), and some are used for the host portion of the address (the host ID).Subnetting is the process that is used to divide those 32 bits in an IP addressand tell you how many of the 32 bits are being used for the network ID andhow many are being used for the host ID. As you can guess, where and howyou divide the 32 bits determines how many networks and how many hostaddresses you may have. To interpret the 32-bit space correctly, we mustuse a subnet mask, which tells us exactly how much of the space is the net-work portion and how much is the host portion. Let’s look at an example us-ing the IP address 10.10.10.101 with a subnet mask of 255.255.255.0.

First you must convert the address and subnet mask to their binaryrepresentations:

Subnet Mask: 11111111.11111111.11111111.00000000IP Address: 00001010.00001010.00001010.01100101

Then, you perform a bitwise AND operation to get the network address. Thebitwise AND operation examines each set of matching bits from the binaryrepresentation of the subnet mask and the binary representation of the IPaddress. For each set where both the mask and address bits are 1, the resultof the AND operation is a 1. Otherwise, if either bit is a 0, the result is a 0. So,for our example we get

Network Address: 00001010.00001010.00001010.00000000

which in decimal is 10.10.10.0, the network ID of our IP network address(translate the binary representation to decimal).

The network ID and subnet mask together tell us that the first threeoctets of our address are network-related (10.10.10.), which means thatthe last octet of our address is the host portion (101 in this case). In our ex-ample, the network portion of the address is 10.10.10 and the host portionis 101. Another shortcut in identifying which of the 32 bits is being usedin the network ID is to look at the subnet mask after it’s been converted toits binary representation. If there’s a 1 in the subnet mask, then the corre-sponding bit in the binary representation of the IP address is being used





as part of the network ID. In the preceding example, thesubnet mask of 255.255.255.0 in binary representation is11111111.11111111.11111111.00000000. We can see thatthere’s a 1 in the first 24 spots, which means that the first 24bits of the IP address are being used as the network ID (whichis the first three octets of 255.255.255).

Network address spaces are usually divided into one ofthree classes:

■ Class A Supports 16,777,214 hosts on each network witha default subnet mask of 255.0.0.0Subnets: 0.0.0.0 to 126.255.255.255 (127.0.0.0 to127.255.255.255 is reserved for loopback)

■ Class B Supports 65,534 hosts on each network with adefault subnet mask of 255.255.0.0Subnets: 128.0.0.0 to 191.255.255.255

■ Class C Supports 253 hosts on each network with adefault subnet mask of 255.255.255.0 (see Figure 9.9)Subnets: 192.0.0.0 to 223.255.255.255Everything above 224.0.0.0 is reserved for eithermulticasting or future use.

In addition, certain subnets are reserved for private use and are notrouted across public networks such as the Internet:

■ 10.0.0.0 to 10.255.255.255

■ 172.16.0.0 to 172.31.255.255

■ 192.168.0.0 to 192.168.255.255

■ 169.354 network (APIPA)

■ 169.254.0.1 to 169.254.255.254

Finally, when determining the valid hosts that can be placed on a partic-ular subnet, you have to keep in mind that the “all 0s” address of the hostportion is reserved for the network address and the “all 1s” address of thehost portion is reserved for the broadcast address of that particular subnet.Again from our earlier example:

Subnet Network Address:10.10.10.000001010.00001010.00001010.00000000

Broadcast Address:10.10.10.25500001010.00001010.00001010.11111111

In their forwarding tables, routers maintain lists of networks and the ac-companying subnet mask. With these two pieces, the router can examine thedestination address of each packet and then forward the packet on to the ap-propriate destination.

As mentioned earlier, subnetting allows us to divide networks intosmaller logical units, and we use subnet masks to do this. But how does thiswork? Remember that the subnet mask tells us how many bits are beingused to describe the network ID—adjusting the subnet mask (and the



• Figure 9.9 A subnet mask of 255.255.255.0 indicatesthis is a Class C address space.

Tech Tip

RFC 1918—PrivateAddress SpacesRFC 1918 is the technical specifi-cation for private address space.RFC stands for “Request ForComment” and there are RFCsfor just about everything to dowith the Internet—protocols,routing, how to handle e-mail,and so on. You can find RFCs atwww.ietf.org/rfc.html.



number of bits used to describe the network ID) allows us to divide an ad-dress space into multiple, smaller logical networks. Let’s say you have a sin-gle address space of 192.168.45.0 that you need to divide into multiplenetworks. The default subnet mask is 255.255.255.0, which means you’re us-ing 24 bits as the network ID and 8 bits as the host ID. This gives you 254 dif-ferent hosts addresses. But what if you need more networks and don’t needas many host addresses? You can simply adjust your subnet mask to borrowsome of the host bits and use them as network bits. If you use a subnet maskof 255.255.255.224, you are essentially “borrowing” the first 3 bits from thespace you were using to describe host IDs and using them to describe thenetwork ID. This gives you more space to create different networks butmeans that each network will now have fewer available host IDs. With a255.255.255.224 subnet mask, you can create six different subnets, but eachsubnet can only have 30 unique host IDs. If you borrow 6 bits from the hostID portion and use a subnet mask of 255.255.255.252, you can create 62 dif-ferent networks but each of them can only have two unique host IDs.

Network Address TranslationIf you’re thinking that a 32-bit address space that’s chopped up andsubnetted isn’t enough to handle all the systems in the world, you’re right.While IP address blocks are assigned to organizations such as companiesand universities, there usually aren’t enough Internet-visible IP addresses toassign to every system on the planet a unique, Internet-routable IP address.To compensate for this lack of available IP address space, we use NetworkAddress Translation (NAT). NAT translates private (nonroutable) IP ad-dresses into public (routable) IP addresses.

From our discussions earlier in this chapter, you may remember that cer-tain IP address blocks are reserved for “private use,” and you’d probablyagree that not every system in an organization needs a direct, Internet-routable IP address. Actually, for security reasons, it’s much better if most ofan organization’s systems are hidden from direct Internet access. Most orga-nizations build their internal networks using the private IP address ranges(such as 10.1.1.XXX) to prevent outsiders from directly accessing those inter-nal networks. However, in many cases those systems still need to be able toreach the Internet. This is accomplished by using a NAT device (typically afirewall or router) that translates the many internal IP addresses into one ofa small number of public IP addresses.

For example, consider a fictitious company, ACME.com. ACME has sev-eral thousand internal systems using private IP addresses in the 10.X.X.X



Tech Tip

Dynamic HostConfiguration ProtocolWhen an administrator sets up anetwork, they usually assign IPaddresses to systems in one of twoways: statically or throughDHCP. A static IP address as-signment is fairly simple; the ad-ministrator decides what IPaddress to assign to a server orPC, and that IP address stays as-signed to that system until the ad-ministrator decides to change it.The other popular method isthrough the Dynamic Host Config-uration Protocol (DHCP). UnderDHCP, when a system boots up oris connected to the network, itsends out a query looking for aDHCP server. If a DHCP serveris available on the network, it an-swers the new system and tempo-rarily assigns to the new systeman IP address from a pool of dedi-cated, available addresses. DHCPis an “as available” protocol—ifthe server has already allocated allthe available IP addresses in theDHCP pool, the new system willnot receive an IP address and willnot be able to connect to the net-work. Another key feature ofDHCP is the ability to limit howlong a system may keep itsDHCP-assigned IP address.DHCP addresses have a limitedlifespan, and once that time periodexpires, the system using that IPaddress must either renew use ofthat address or request another ad-dress from the DCHP server. Therequesting system either may endup with the same IP address ormay be assigned a completely newaddress, depending on how theDHCP server is configured andon the current demand for avail-able addresses. DHCP is very pop-ular in large user environmentswhere the cost of assigning andtracking IP addresses among hun-dreds or thousands of user systemsis extremely high.

Try ThisCalculating Subnets and Hosts

Given a network ID of 192.168.10.X and a subnet mask of255.255.255.224, you should be able to create eight networks with spacefor 30 hosts on each network. Calculate the network address, first usableIP address in that subnet, and the last usable IP address in that subnet.Hint: The first network will be 192.168.10.0. The first usable IP addressin that subnet is 192.168.10.1 and the last usable IP address in thatsubnet is 192.168.10.30.



range. To allow those IPs to communicate with the outside world, ACMEleases an Internet connection and a few public IP addresses, and deploys aNAT-capable device. ACME administrators configure all their internalhosts to use the NAT device as their default gateway. When internal hostsneed to send packets outside the company, they send them to the NAT de-vice. The NAT device removes the internal source IP address out of the out-

bound packets and replaces itwith the NAT device’s public,routable address and sends themon their way. When responsepackets are received from outsidesources, the device performsNAT in reverse, stripping off theexternal, public IP address in thedestination address field and re-placing it with the correct inter-nal, private IP address beforesending it on into the privateACME.com network. Figure 9.10illustrates this NAT process.

In Figure 9.10, we see an ex-ample of NAT being performed.

An internal workstation (10.10.10.12) wants to visit the ESPN web site atwww.espn.com. When the packet reaches the NAT device, the device trans-lates the 10.10.10.12 source address to the globally routable 63.69.110.110 ad-dress, the IP address of the device’s externally visible interface. When theESPN web site responds, it responds to the device’s address just as if theNAT device had originally requested the information. The NAT device

must then remember which in-ternal workstation requested theinformation and route the packetto the appropriate destination.

Security ZonesThe first aspect of security is alayered defense. Just as a castlehas a moat, an outside wall, aninside wall, and even a keep, so,too, does a modern secure net-work have different layers ofprotection. Different zones aredesigned to provide layers of de-fense, with the outermost layersproviding basic protection andthe innermost layers providingthe highest level of protection. Aconstant issue is that accessibilitytends to be inversely related tolevel of protection, so it is moredifficult to provide complete



• Figure 9.10 Logical depiction of NAT

Tech Tip

Different Approaches for Implementing NATWhile the concept of NAT remains the same, there are actually several different ap-proaches to implementing NAT. For example:

■ Static NAT Maps an internal, private address to an external, publicaddress. The same public address is always used for that private address. Thistechnique is often used when hosting something you wish the public to be ableto get to, such as a web server, behind a firewall.

■ Dynamic NAT Maps an internal, private IP address to a public IP addressselected from a pool of registered (public) IP addresses. This technique is oftenused when translating addresses for end-user workstations and the NAT devicemust keep track of internal/external address mappings.

■ Port Address Translation (PAT) Allows many different internal, privateaddresses to share a single external IP address. Devices performing PATreplace the source IP address with the NAT IP address and replace the sourceport field with a port from an available connection pool. PAT devices keep atranslation table to track which internal hosts are using which ports so thatsubsequent packets can be stamped with the same port number. When responsepackets are received, the PAT device reverses the process and forwards thepacket to the correct internal host. PAT is a very popular NAT technique andin use at many organizations.



protection and unfettered access at the same time. Trade-offs between ac-cess and security are handled through zones, with successive zonesguarded by firewalls enforcing ever-increasingly strict security policies. Theoutermost zone is the Internet, a free area, beyond any specific controls. Be-tween the inner, secure corporate network and the Internet is an area wheremachines are considered at risk. This zone has come to be called the DMZ,after its military counterpart, the demilitarized zone, where neither side hasany specific controls. Once inside the inner, secure network, separatebranches are frequently carved out to provide specific functionality; underthis heading, we will also discuss intranets, extranets, and virtual LANs(VLANs).

DMZThe DMZ is a military term for ground separating two opposing forces, byagreement and for the purpose of acting as a buffer between the two sides. ADMZ in a computer network is used in the same way; it acts as a buffer zonebetween the Internet, where no controls exist, and the inner, secure network,where an organization has security policies in place (see Figure 9.11). To de-marcate the zones and enforce separation, a firewall is used on each side ofthe DMZ. The area between these firewalls is accessible from either the inner,secure network or the Internet. Figure 9.11 illustrates these zones as caused byfirewall placement. The firewallsare specifically designed to preventaccess across the DMZ directly,from the Internet to the inner, securenetwork. It is important to note thattypically only filtered Internet traf-fic is allowed into the DMZ. For ex-ample, an organization hosting aweb server and an FTP server in itsDMZ may want the public to be ableto “see” those services but nothingelse. In that case the firewall may al-low FTP, HTTP, and HTTPS trafficinto the DMZ from the Internet andthen filter out everything else.

Special attention should be paid to the security settings of network de-vices placed in the DMZ, and they should be considered at all times to be atrisk for compromise by unauthorized use. A common industry term, hardenedoperating system, applies to machines whose functionality is locked down topreserve security—unnecessary services and software are removed or dis-abled, functions are limited, and so on. This approach needs to be applied tothe machines in the DMZ, and although it means that their functionality islimited, such precautions ensure that the machines will work properly in aless-secure environment.

Many types of servers belong in this area, including web servers that areserving content to Internet users, as well as remote access servers and exter-nal e-mail servers. In general, any server directly accessed from the outside,untrusted Internet zone needs to be in the DMZ. Other servers should not beplaced in the DMZ. Domain name servers for your inner, trusted networkand database servers that house corporate databases should not be



• Figure 9.11 The DMZ and zones of trust



accessible from the outside. Application servers, file servers, print servers—all of the standard servers used in the trusted network—should be behindboth firewalls and the routers and switches used to connect these machines.

The idea behind the use of the DMZ topology is to provide publicly visi-ble services without allowing untrusted users access to your internal net-work. If the outside user makes a request for a resource from the trustednetwork, such as a data element from an internal database that is accessedvia a publicly visible web page in the DMZ, then this request needs to followthis scenario:

1. A user from the untrusted network (the Internet) requests data via aweb page from a web server in the DMZ.

2. The web server in the DMZ requests the data from the applicationserver, which can be in the DMZ or in the inner, trusted network.

3. The application server requests the data from the database server inthe trusted network.

4. The database server returns the data to the requesting applicationserver.

5. The application server returns the data to the requesting web server.

6. The web server returns the data to the requesting user from theuntrusted network.

This separation accomplishes two specific, independent tasks. First, theuser is separated from the request for data on a secure network. By havingintermediaries do the requesting, this layered approach allows significantsecurity levels to be enforced. Users do not have direct access or control overtheir requests, and this filtering process can put controls in place. Second,scalability is more easily realized. The multiple-server solution can be madeto be very scalable, literally to millions of users, without slowing down anyparticular layer.

InternetThe Internet is a worldwide connection of networks and is used to transporte-mail, files, financial records, remote access—you name it—from one net-work to another. The Internet is not a single network, but a series of inter-connected networks that allows protocols to operate and enable data to flowacross it. This means that even if your network doesn’t have direct contactwith a resource, as long as a neighbor, or a neighbor’s neighbor, and so on,can get there, so can you. This large web allows users almost infinite abilityto communicate between systems.

Because everything and everyone can access this interconnected weband it is outside of your control and ability to enforce security policies, theInternet should be considered an untrusted network. A firewall should existat any connection between your trusted network and the Internet. This isnot to imply that the Internet is a bad thing—it is a great resource for all net-works and adds significant functionality to our computing environments.

The term World Wide Web (WWW) is frequently used synonymously torepresent the Internet, but the WWW is actually just one set of services avail-able via the Internet. WWW or “the Web” is more specifically the HypertextTransfer Protocol (HTTP)–based services that are made available over the



Exam Tip: DMZs act as abuffer zone between unpro -tected areas of a network (theInternet) and protected areas(sensitive company data stores),allowing for the monitoring andregulation of traffic betweenthese two zones.

There are over 1.5 billion us-ers on the Internet, English is themost used language, and the av -erage age of an Internet user is29.7 years.



Internet. This can include a variety of actual services and content, includingtext files, pictures, streaming audio and video, and even viruses and worms.

IntranetAn intranet describes a network that has the same functionality as theInternet for users but lies completely inside the trusted area of a networkand is under the security control of the system and network administrators.Typically referred to as campus or corporate networks, intranets are used ev-ery day in companies around the world. An intranet allows a developer anda user the full set of protocols—HTTP, FTP, instant messaging, and so on—that is offered on the Internet, but with the added advantage of trust fromthe network security. Content on intranet web servers is not available overthe Internet to untrusted users. This layer of security offers a significantamount of control and regulation, allowing users to fulfill business func-tionality while ensuring security.

Two methods can be used to make information available to outside us-ers: Duplication of information onto machines in the DMZ can make it avail-able to other users. Proper security checks and controls should be madeprior to duplicating the material to ensure security policies concerning spe-cific data availability are being followed. Alternatively, extranets can be usedto publish material to trusted partners.

Should users inside the intranet require access to information from theInternet, a proxy server can be used to mask the requestor’s location. Thishelps secure the intranet from outside mapping of its actual topology. AllInternet requests go to the proxy server. If a request passes filtering require-ments, the proxy server, assuming it is also a cache server, looks in its localcache of previously downloaded web pages. If it finds the page in its cache,it returns the page to the requestor without needing to send the request tothe Internet. If the page is not in the cache, the proxy server, acting as a clienton behalf of the user, uses one of its own IP addresses to request the pagefrom the Internet. When the page is returned, the proxy server relates it tothe original request and forwards it on to the user. This masks the user’s IPaddress from the Internet. Proxy servers can perform several functions for afirm; for example, they can monitor traffic requests, eliminating improperrequests such as inappropriate content for work. They can also act as a cacheserver, cutting down on outside network requests for the same object.Finally, proxy servers protect the identity of internal IP addresses usingNAT, although this function can also be accomplished through a router orfirewall using NAT as well.

ExtranetAn extranet is an extension of a selected portion of a company’s intranet toexternal partners. This allows a business to share information with custom-ers, suppliers, partners, and other trusted groups while using a common setof Internet protocols to facilitate operations. Extranets can use public net-works to extend their reach beyond a company’s own internal network, andsome form of security, typically VPN, is used to secure this channel. The useof the term extranet implies both privacy and security. Privacy is requiredfor many communications, and security is needed to prevent unauthorizeduse and events from occurring. Both of these functions can be achieved



Exam Tip: An intranet is aprivate, internal network thatuses common network technolo -gies (such as HTTP, FTP, and soon) to share information andprovide resources to organiza -tional users.

Exam Tip: An extranet is asemiprivate network that usescommon network technologies(such as HTTP, FTP, and so on)to share information and pro -vide resources to business part -ners. Extranets can be accessedby more than one company,because they share informationbetween organizations.



through the use of technologies described in this chapter and other chaptersin this book. Proper firewall management, remote access, encryption, au-thentication, and secure tunnels across public networks are all methodsused to ensure privacy and security for extranets.

VLANsA LAN is a set of devices with similar functionality and similar communica-tion needs, typically co-located and operated off a single switch. This is thelowest level of a network hierarchy and defines the domain for certain pro-tocols at the data link layer for communication. A virtual LAN (VLAN) is alogical implementation of a LAN and allows computers connected to differ-ent physical networks to act and communicate as if they were on the samephysical network. A VLAN has many of the same characteristic attributes ofa LAN and behaves much like a physical LAN but is implemented usingswitches and software. This very powerful technique allows significant net-work flexibility, scalability, and performance and allows administrators toperform network reconfigurations without having to physically relocate orrecable systems.

TrunkingTrunking is the process of spanning a single VLAN across multiple switches.A trunk-based connection between switches allows packets from a singleVLAN to travel between switches, as shown in Figure 9.12. Two trunks are

shown in the figure:VLAN 10 is implementedwith one trunk and VLAN20 is implemented withthe other. Hosts on differ-ent VLANs cannot com-municate using trunksand thus are switchedacross the switch network.Trunks enable networkadministrators to set upVLANs across multipleswitches with minimal ef-fort. With a combinationof trunks and VLANs, net-work administrators cansubnet a network by userfunctionality without re-gard to host location onthe network or the need torecable machines.

Security ImplicationsVLANs are used to divide a single network into multiple subnets based onfunctionality. This permits accounting and marketing, for example, to sharea switch because of proximity yet still have separate traffic domains. The



Exam Tip: A broadcast do-main is a logical division of acomputer network. Systemsconnected to a broadcast do-main can communicate witheach other as if they were con-nected to the same physical net-work even when they are not.

• Figure 9.12 VLANs and trunks



physical placement of equipment and cables is logically and programmati-cally separated so that adjacent ports on a switch can reference separatesubnets. This prevents unauthorized use of physically close devices throughseparate subnets that are on the same equipment. VLANs also allow a net-work administrator to define a VLAN that has no users and map all of theunused ports to this VLAN (some managed switches allow administratorsto simply disable unused ports as well). Then, if an unauthorized usershould gain access to the equipment, that user will be unable to use unusedports, as those ports will be securely defined to nothing. Both a purpose anda security strength of VLANs is that systems on separate VLANs cannot di-rectly communicate with each other.

■ TunnelingTunneling is a method of packaging packets so that they can traverse a net-work in a secure, confidential manner. Tunneling involves encapsulatingpackets within packets, enabling dissimilar protocols to coexist in a singlecommunication stream, as in IP traffic routed over an Asynchronous Trans-fer Mode (ATM) network. Tunneling also can provide significant measuresof security and confidential-ity through encryption andencapsulation methods. Thebest example of this is a VPNthat is established over apublic network through theuse of a tunnel, as shown inFigure 9.13, connecting afirm’s Boston office to itsNew York City (NYC) office.

Assume, for example, that a company has multiple locations and de-cides to use the public Internet to connect the networks at these locations. Tomake these connections secure from outside unauthorized use, the com-pany can employ a VPN connection between the different networks. Oneach network, an edge device, usually a router or VPN concentrator con-nects to another edge device on the other network. Then, using IPsec proto-cols, these routers establish a secure, encrypted path between them. Thissecurely encrypted set of packets cannot be read by outside routers; only theaddresses of the edge routers are visible. This arrangement acts as a tunnelacross the public Internet and establishes a private connection, secure fromoutside snooping or use.

Because of ease of use, low-cost hardware, and strong security, tunnelsand the Internet are a combination that will see more use in the future. IPsec,VPN, and tunnels will become a major set of tools for users requiring securenetwork connections across public segments of networks. For more infor-mation on VPNs and remote access, refer to Chapter 11.



Trunks and VLANs have secu-rity implications that you needto heed so that firewalls andother segmentation devices arenot breached through their use.You also need to understandhow to use trunks and VLANs, toprevent an unauthorized userfrom reconfiguring them to gainundetected access to secure por-tions of a network.

• Figure 9.13 Tunneling across a public network

A VPN concentrator is a spe-cialized piece of hardware de -signed to handle the encryptionand decryption required for re -mote, secure access to an orga-nization 's network.



Chapter 9 Review■ For More Information■ The Internet Engineering Task Force

www.ietf.org

■ Wikipedia articles:Routing http://en.wikipedia.org/wiki/RoutingNAT http://en.wikipedia.org/wiki/Network_address_translation

ICMP http://en.wikipedia.org/wiki/Internet_Control_Message_ProtocolSubnetting http://en.wikipedia.org/wiki/Subnetting

■ Chapter SummaryAfter reading this chapter and completing theexercises, you should understand the following aboutnetworks.

Identify the basic network architectures

■ There are two broad categories of networks: LANsand WANs.

■ The physical arrangement of a network is typicallycalled the network’s topology.

■ There are four main types of network topologies:ring, bus, star, and mixed.

Define the basic network protocols

■ Protocols, agreed-upon formats for exchangingor transmitting data between systems, enablecomputers to communicate.

■ When data is transmitted over a network, it isusually broken up into smaller pieces calledpackets.

■ Most protocols define the types and format forpackets used in that protocol.

■ The TCP protocol is connection oriented, requiresthe three-way handshake to initiate a connection,and provides guaranteed and reliable datadelivery.

■ The UDP protocol is connectionless, lightweight,and provides limited error checking and nodelivery guarantee.

■ Each network device has a unique hardwareaddress known as a MAC address. The MACaddress is used for packet delivery.

■ Network devices are also typically assigned a32-bit number known as an IP address.

■ The Domain Name Service (DNS) translates names,like www.cnn.com, into IP addresses.

Explain routing and address translation

■ The process of moving packets from one enddevice to another through different networks iscalled routing.

■ Subnetting is the process of dividing a networkaddress space into smaller networks.

■ The DHCP protocol allows network devices to beautomatically configured on a network andtemporarily assigned an IP address.

■ Network Address Translation (NAT) convertsprivate, internal IP addresses to public, routable IPaddresses and vice versa.

Classify security zones

■ A DMZ is a buffer zone between networks withdifferent trust levels. Companies often place publicresources in a DMZ so that Internet users andinternal users may access those resources withoutexposing the internal company network to theInternet.

■ An intranet is a private, internal network that usescommon network technologies (such as HTTP,FTP, and so on) to share information and provideresources to organizational users.

■ An extranet is a semiprivate network that usescommon network technologies (such as HTTP,FTP, and so on) to share information and provideresources to business partners.





■ A VLAN (or virtual LAN) is a group of ports on aswitch that is configured to create a logical networkof computers that appears to be connected to thesame network even if they are located on differentphysical network segments. Systems on a VLANcan communicate with each other but cannotcommunicate directly with systems on otherVLANs.

■ Trunking is the process of spanning a single VLANacross multiple switches.

■ Tunneling is a method of packaging packets so thatthey can traverse a network in a secure, confidentialmanner.

■ Key TermsAddress Resolution Protocol (ARP) (217)bus topology (210)datagram (213)denial-of-service (DoS) (216)Domain Name System (DNS) (218)DMZ (223)Dynamic Host Configuration Protocol (DHCP) (221)extranet (225)Internet Control Message Protocol (ICMP) (215)Internet Protocol (IP) (218)intranet (225)local area network (LAN) (209)Media Access Control (MAC) address (217)Network Address Translation (NAT) (221)network (208)packet (213)

protocol (211)ring topology (210)routing (218)star topology (210)storage area network (SAN) (209)subnetting (219)subnet mask (219)three-way handshake (215)topology (210)Transmission Control Protocol (TCP) (214)trunking (226)tunneling (227)User Datagram Protocol (UDP) (214)virtual local area network (VLAN) (210)wide area network (WAN) (209)

■ Key Terms QuizUse terms from the Key Terms list to complete thesentences that follow. Don’t use the same term morethan once. Not all terms will be used.

1. A(n) _______________ is a group of two or moredevices linked together to share data.

2. A packet in an IP network is sometimes calleda _______________.

3. Moving packet from source to destination acrossmultiple networks is called ____________.

4. The _______________ is the hardware address usedto uniquely identify each device on a network.

5. A(n) _______________ tells you what portion of a32-bit IP address is being used as the network IDand what portion is being used as the host ID.

6. The shape or arrangement of a network, suchas bus, star, ring, or mixed, is known as the_______________ of the network.

7. A small, typically local network covering arelatively small area such as a single floor of anoffice building is called a(n) _______________.

8. A(n) _______________ is an agreed-upon formatfor exchanging information between systems.

9. The packet exchange sequence (SYN, SYN/ACK,ACK) that initiates a TCP connection is called the_______________.

10. _______________ is the protocol that allows theuse of private, internal IP addresses for internaltraffic and public IP addresses for external traffic.





■ Multiple-Choice Quiz1. Which of the following topologies connects all

the network devices to a central point?

A. Mixed

B. Ring

C. Bus

D. Star

2. As it relates to networking, what does WANstand for?

A. Wide area node

B. Wide alternate network

C. Wide area network

D. Wide automated network

3. What is Layer 1 of the OSI model called?

A. The physical layer

B. The network layer

C. The initial layer

D. The presentation layer

4. The UDP protocol:

A. Provides excellent error-checking algorithms

B. Is a connectionless protocol

C. Guarantees delivery of packets

D. Requires a permanent connection betweensource and destination

5. The process that dynamically assigns an IPaddress to a network device is called:

A. NAT

B. DNS

C. DHCP

D. Routing

6. What is the three-way handshake sequence usedto initiate TCP connections?

A. ACK, SYN/ACK, ACK

B. SYN, SYN/ACK, ACK

C. SYN, SYN, ACK/ACK

D. ACK, SYN/ACK, SYN

7. For transmission, large amounts of data arenormally broken up into smaller pieces known as:

A. UDPs

B. ICMPs

C. Packets

D. Subnets

8. Which of the following is a control and informationprotocol used by network devices to determinesuch things as a remote network’s availabilityand the length of time required to reach a remotenetwork?

A. UDP

B. NAT

C. TCP

D. ICMP

9. What is the name of the protocol that translatesnames into IP addresses?

A. TCP

B. DNS

C. ICMP

D. DHCP

10. Dividing a network address space into smaller,separate networks is called what?

A. Translating

B. Network configuration

C. Subnetting

D. Address translation

11. Which protocol translates private (nonroutable)IP addresses into public (routable) IP addresses?

A. NAT

B. DHCP

C. DNS

D. ICMP

12. The TCP protocol:

A. Is connectionless

B. Provides no error checking

C. Allows for packets to be processed in theorder they were sent

D. Has no overhead





13. What is the most widely used network protocol?

A. SS7

B. Token Ring

C. Ethernet

D. SNA

14. Which of the following would be a valid MACaddress?

A. 00:07:e9

B. 00:07:e9:7c:c8

C. 00:07:e9:7c:c8:aa

D. 00:07:e9:7c:c8:aa:ba

15. To divide a single switch into multiple broadcastdomains and/or multiple network segments,you might use:

A. DHCP

B. Tunneling

C. NAT

D. VLANs

■ Essay Quiz1. A developer in your company is building a new

application and has asked you if it should useTCP- or UDP-based communications. Provideher with a brief discussion of the advantages anddisadvantages of each protocol.

2. Your boss wants to know if DHCP is appropriatefor both server and PC environments. Provideher with your opinion and be sure to include adiscussion of how DCHP works.

3. Describe the three basic types of networktopologies and provide a sample diagramof each type.

4. Describe the three-way handshake process usedto initiate TCP connections.

5. Your boss wants to know how subnetting works.Provide her with a brief description and be sureto include an example to illustrate howsubnetting works.



Lab Projects

• Lab Project 9.1A client of yours only has five external, routable IPaddresses but has over 50 systems that it wants to beable to reach the Internet for web surfing, e-mail,

and so on. Design a network solution for the clientthat addresses their immediate needs but will still letthem grow in the future.

• Lab Project 9.2Your boss wants you to learn how to use the arp andnslookup commands. Find a Windows 2000 or XPmachine and open a command/DOS prompt. Typein arp and press ENTER to see the options for the arpcommand. Use the arp command to find the MACaddress of your system and at least five othersystems on your network. When you are finished

with arp, type in nslookup and press ENTER. At theprompt, type in the name of your favorite web site,such as www.cnn.com. The nslookup command willreturn the IP addresses that match that domainname. Find the IP addresses of at least five differentweb sites.



9 network fundamentals - union county vocational ... within their organization. internet the...

Documents