DCN : Section 7

1
DCN Section 7

• Internet Technology

2
Learning Objectives

• Introduction to Internet and classful IP
  addressing
• Internet and Intranet
• Understand of subnet and subnet mask
• Understand the relationship between domain name
  and DNS
• Introduction to the components of Intranet such
  as web servers, routers and proxy service
• Familiar with with TCP/IP protocol suite
• Introduction to security issues, such as
  cryptography, PKI and CA, etc.

3
Internet (1)

• The Internet is
• A network of networks.
• Connecting networks from homes, schools, and
  businesses worldwide.
• A decentralized, global collection of networks
  using TCP/IP suite protocols for communication.
• The Internet (capital I) refers to a specific WAN
  made up of many interconnected networks around
  the globe, including servers and routers.

4
Internet (2)

• The Internet provides the following
• A global collection of text files, multimedia
  files, etc.
• A collection of network services interconnected
  by a system of hypertext documents.
• Web browsers to access WWW
• Hypertext documents formatted in HTML supported
  by Internet WWW servers.

5
Internet (3)
6
Internet Addressing
7
Internet Scaling Problems (1)

• IP version 4 (IPv4) addressing mechanism for
  addressing packets and directing information on a
  network.
• The current IPv4 defines 232 (4,294,967,296)
  addresses available.
• IP addressing shortage has caused the following
• Continuing depletion of IP v4 address space
• Difficulty in routing traffic between more
  networks on the Internet Super Highway.

8
Internet Scaling Problems (2)

• The address shortage problem is aggravated by the
  fact that portions of the IP addresses have not
  been efficiently allocated due to the significant
  amount of organizations have their own IP
  addresses.
• Also, the traditional model of classful
  addressing does not allow the address space to be
  used to its maximum potential.
• The long term solution to these problems can be
  deployed IPv6.

9
Classful IP Addressing (1)

• A unique IP address for each network
• The 32 bits are divided into network number and
  host number.
• Two-level Address Structure
• The network number (also called network-prefix)
  identifies the network on which the host resides.
• The host number identifies the particular host on
  the given network.

10
Classful IP Addressing (2)

• All hosts on a given network share the same
  network number, but have a unique host number.
• Any two hosts on different networks may possess
  different network number, but may have the same
  host number.

11
Classful IP Addressing (3)

• Developed to support different size of networks.
  It is decided that the IP address space should be
  divided into classes.
• Addressing scheme of each class specifies a
  boundary between the network number and the host
  number at a different point within the 32-bit
  address.
• Connecting the private network to the Internet,
  however, requires using a registered IP address
  to avoid duplicates.

12
Classful IP Addressing (4)

• To prevent duplication, an organisation called
  Internet Information Center (InterNIC) assigns
  Internet addresses to organizations and
  individuals that requires an Internet site.
• IP address space was divided primarily into
• Class A for network with more than 216 hosts
• Class B for network with between 28 and 216
  hosts
• Class C for network with fewer than 28 hosts

13
Classful IP Addressing (5)

• The host calculation requires that 2 is
  subtracted because of the all 0s (this network)
  and all 1s (broadcast) host numbers cannot be
  assigned to individual hosts.

14
Class A Networks (/8 Prefixes)

• Each Class A (/8) network address has a 8-bit
  network -prefix with the highest order bit is set
  to zero and a 7-bit network number, followed by
  24-bit host number.
• A maximum of 126 (27-2) /8 networks can be
  defined.
• The calculation requires that the 2 is subtracted
  because the /8 network 0.0.0.0 is reserved for
  use as the default route and /8 network 127.0.0.0
  (also written 127.0.0.0/8) has been reserved.

15
Class A Networks (/8 Prefixes)

• Each /8 supports a maximum of 16,777,214 (224-2)
  hosts per network.
• Since the /8 address block contains 231
  (2,147,483,648) individual addresses and the IPv4
  address space a max of 232 (4,294,967,296)
  addresses, the /8 address space is 50 of the
  total address space.

16
Class B Networks (/16 Prefixes)

• Each Class B (/16) network address has a 16-bit
  network-prefix, with the two highest order bits
  set to 1-0, and a 14-bit network number, followed
  by a 16-bit host number.
• A maximum of 16,384 (214) /16 networks can be
  defined with up to 65,534 (216-2) hosts per
  network.
• Since the entire /16 address block containing
  230 (1,073,741,824) addresses, it represents 25
  of the total IPv4 address space.

17
Class C Networks (/24 Prefixes)

• Each Class C (/24) network address has a 24-bit
  network-prefix, with the three highest order bits
  set to 1-1-0, and a 21-bit network number,
  followed by a 8-bit host number.
• A maximum of 2,097,152 (221) /24 networks can be
  defined with up to 254 (28-2) hosts per network.
• Since the entire /24 address block containing
  229 (536,870,912) addresses, it represents 12.5
  of the total IPv4 address space.

18
Other Classes

• There are two additional classes Class D and
  E.
• Class D addresses have their leading four bits
  set to 1-1-1-0. It is used to Support IP
  multicasting.
• Class E addresses have their leading four bits
  set to 1-1-1-1. It is used for research and
  experimental purposes

19
Dotted Decimal Notation (1)

• To make Internet address easier for human users
  to read and write, it can be expressed as 4
  decimal numbers, each separated by a dot. This is
  called dotted decimal notation.
• It divides the 32-bit Internet address into four
  8-bit (byte) fields and specifies the value of
  each field.

20
Dotted Decimal Notation (2)

• /8 (A) 1.xxx.xxx.xxx through 126.xxx.xxx.xxx
• /16 (B) 128.0.xxx.xxx through 191.255.xxx.xxx
• /24(C) 192.0.0.xxx through 223.255.255.xxx
• xxx represents the host number field, which is
  assigned by the local network administrator.
• Note that 127.xxx.xxx.xxx has been reserved for
  looping test purpose.

21
Problems of two-level classical hierarchy (1)

• The present two-level classical hierarchy faces
  the problem of
• Global routing tables were beginning to grow very
  fast.
• Local administrators had to request another
  network before a new network could be installed
  at their own site.
• Subnetting, which supports three-level hierarchy,
  was introduced.
• It increases addressing capacity.
• It divides private network into smaller
  components, called subnets.

22
Problems of two-level classical hierarchy (2)
23
Subnets (1)

• Based on a three-level hierarchy a network
  number, a subnet number, and a host number
  created from the bits allocated for your host
  number.
• Subnetting attacked the expanding routing table
  problem by ensuring that the subnet structure is
  NEVER visible outside of the organizations
  private network. (ie Subnet number of a network
  is not advertised to external networks).

24
Subnets (2)

• It routes from a public network to any subnet of
  an IP address is the same, regardless of the
  subnet on which the destination host resides.
• It is used the same network number but different
  subnet numbers.
• Routers in private network must differentiate
  between each subnet.
• All of the subnets in the organisation are
  collected into a single routing table entry.

25
Subnets (3)

• Router is set to accept all traffic from the
  Internet to your designated IP address (for
  example, 132.132.0.0).
• Traffic is received and forwarded to the interior
  subnets you have set up (for example,
  132.132.32.0, 132.132.64.0, 132.132.96.0,
  132.132.128.0 and ...., which are using 3-bit in
  the third octet of the IP as subnets).

26
Subnets (4)

• Internet routers use only the network-prefix of
  the destination address for routing traffic to a
  subnet configuration.
• Routers use the extended network-prefix to route
  traffic between subnets.
• Extended network prefix consists of the class
  network prefix and the subnet number.
• Extended network prefix is identified by a subnet
  mask.

27
Using Subnet Masks (1)

• If you are given a network address
  132.132.0.0/16, the default subnet mask for /16
  (class B) is to be 255.255.0.0.
• The host ID can be ranged from 132.132.0.1 to
  132.132.255.254.
• A total of 216-2 (65534) hosts can be placed to
  this network.
• ( network-prefix) ( host
  )
• 132.132.0.0/16 10000100.10000100. 00000000.
  00000000
• subnet mask 10000100.10000100. 00000000.
  00000000

28
Using Subnet Masks (2)

• You are also given a network address
  132.132.0.0/16 and want to use the first 3 bits
  of third octet to represent the subnet number.
• Since 823, three bits are required to achieve
  eight subnets.
• This network is subnetting a /16 so it will need
  three more bits, or /19, as the extended
  network-prefix.
• A 19-bit extended network-prefix can be expressed
  in 255.255.224.0.

29
Using Subnet Masks (3)

• The eight subnet numbers are given below. The
  19-bit extended network-prefix has been shown
  italics.
• subnet 0 10000100.10000100. 00000000. 00000000
  
• 132.132.0.0/19
• subnet 1 10000100.10000100. 00100000. 00000000
• 132.132.32.0/19
• subnet 2 10000100.10000100. 01000000. 00000000
• 132.132.64.0/19
• subnet 3 10000100.10000100. 01100000. 00000000
• 132.132.96.0/19
• subnet 4 10000100.10000100. 10000000. 00000000
• subnet 5 10000100.10000100. 10100000. 00000000
• subnet 6 10000100.10000100. 11000000. 00000000
• subnet 7 10000100.10000100. 11100000. 00000000

30
Using Subnet Masks (4)

• subnet 4 10000100.10000100. 10000000. 00000000
• 132.132.128.0/19
• subnet 5 10000100.10000100. 10100000. 00000000
• 132.132.160.0/19
• subnet 6 10000100.10000100. 11000000. 00000000
• 132.132.192.0/19
• subnet 7 10000100.10000100. 11100000. 00000000
• 132.132.224.0/19

31
Using Subnet Masks (5)

• An easy way to check if the subnets are correct
  is to ensure they are multiples of the subnet1
  address. In this case, they are of multiples of
  32 0, 32, 64, 96, 128, .
• The lowest and highest number of subnet will not
  be used. In fact, there are only SIX possible
  subnets in the above case.
• In general,
• Possible subnets 2 (number of masked bits) - 2
• Possible hosts per subnet 2 (number of masked
  bits) - 2

32
Using Subnet Masks (6)

• After two examples, we have done the following
• Set the subnet mask bits to 1 if your network
  treats the corresponding bit in the IP address as
  part of the extended network prefix
• Set the subnet mask bits to 0 if your network
  treats the bit as part of the host number.
• The internal network address is the logical AND
  of the subnet mask with the IP address.
• The host number within the subnet is the
  remaining host address portion of the IP address.

33
DNS (1)

• Because IP addresses are hard to remember, the
  text version of the IP address is always used.
  This text version is called a domain name.
• For example, the IP address 198.105.232.4 would
  be translated to microsoft.com
• To translate and track domain names, InterNIC
  uses the Domain Name Service (DNS).

34
DNS (2)

• DNS is a set of distributed databases containing
  IP addresses and their corresponding domain
  names.
• DNS, with servers located all over the Internet,
  performs the translation back and forth between
  names and numbers.
• A user can type in a domain name instead of the
  IP address.

35
DNS (3)
36
Domain Name (1)

• DNS uses several levels of naming conventions,
  each of which is called a domain.
• A domain refers to a group of computers and
  devices on a network that is administered as a
  unit with common rules and procedures.
• Top-Level Domain (TLD) it indicates the class of
  institution, such as .com, .edu, .gov, .org
• Second-Level Domain (SLD) it is registered by an
  organisation or entity by InterNIC, such as ibm,
  microsoft

37
Domain Name (2)
38
Domain Name (3)
39
World Wide Web (1)

• The collection of hyperlinked documents
  accessible on the Internet is known as the World
  Wide Web, WWW, W3 or simply Web.
• A Web site is where a related collection of web
  pages or files stored on a web server.
• Web Browser a client program which requests a
  web page from a web server and displays it on the
  local computer

40
World Wide Web (2)

• Uniform resource locator (URL) it is the address
  of a file accessible on the WWW, such as an HTML
  web pages or any file supported by the HTTP.

41
Intranet

• It is used to be an internal corporate network
  enhanced with Internet technology, such as
  adopting a WWW browser, email and newsgroup
  system.
• It emphasizes in secured against inappropriate
  access, such as password control.
• So that, it is often connected to outside
  Internet via a firewall and/or a router for
  protecting any intruders attack.

42
Web Server

• Application that publishes HTML and other types
  of documents on the World Wide Web.
• It receives an HTTP, FTP, or other type of
  request for a document from a browser, it
  responds by sending the document to the browser.
• A secure web server is a server on the WWW that
  supports one or more of the major security
  protocols such as Secure Socket Layer (SSL) or
  HTTPS.

43
Firewall

• A firewall sets an electronic boundary that
  prevents unauthorized users from accessing
  certain location on a network
• It can examine each packet in the stream to see
  whether if the sender is authorized access
• It is designed to control the flow of packets
  based on the source, destination, port and packet
  type information in each packet
• It can be implemented in hardware, software, or a
  combination of both.

44
Router

• A router is a device that connects two or more
  networks.
• It sorts addressed data packets and sends them to
  the correct destinations with the built-in
  routing table.
• It can connect networks that use different
  network adapters or transmission media as long as
  both sides of connection use same protocols.

45
Proxy Server

• It is used to overcome delays, slower response
  times, and security concerns.
• Traffic problems are partly due to the repeated
  retrieving of objects from remote Web servers.
• Caching frequently requested Internet
  information.
• It reduces the number of times the same
  information is accessed over an Internet
  connection, the download time, and the load on
  the remote server.

46
Proxy Service Benefits (1)

• It reduces WAN traffic to the Internet and on the
  primary Web server by providing local LAN access
  to cached information.
• It reduces the load on Web Internet servers and
  increases Internet and intranet performance.
• It enhances intranet security with access control
  and content filtering, which can avoid users to
  indecent web sites.

47
Proxy Services Benefits (2)

• It distributes LAN client requests across
  multiple proxy servers, for example, FTP requests
  on one server and HTTP requests on another
  server.
• Proxy servers receive your requests, check for
  authorization, then go to get information. If
  you are not authorized, your request will be
  denied.
• ISPs can use proxy servers to stop users from
  going to certain sites, too.

48
OSI Model versus TCP/IP
49
TCP/IP Suite of Protocols (1)

• TCP/IP is the Internet suites of network
  protocols that allows different computers to
  communicate.
• Underneath TCP/IP, there are various media
  protocols that help move the data over the
  various networks on the Internet.
• TCP/IP also works in conjunction with the
  following protocols for specific applications.

50
TCP/IP Suite of Protocols (2)

• FTP (File Transfer Protocol) for file transfer
• HTTP (HyperText Transfer Protocol) for browsing
  in WWW
• HTTPS (http with Secure Socket Layer) for secure
  data transfer in WWW
• NNTP (Network News Transfer Protocol) for news
  group reading
• SMTP (Simple Mail Transfer Protocol) for
  delivering e-mail

51
TCP/IP Suite of Protocols (3)

• TCP/IP stands for Transmission Control
  Protocol/Internet Protocol.
• It is the most popular open-system (non
  proprietary protocol suite.
• It can be used to communicate across any set of
  interconnected networks and is suited for LAN and
  WAN communication.

52
TCP/IP Suite of Protocols (4)

• Roughly correspond to a network communications
  model defined by the International Organization
  for Standardization (ISO) called the OSI model.
• TCP/IP Suite of Protocols can map to a four-layer
  conceptual model, which is known as DARPA model
  Application, Transport, Internet and Network
  Interface.
• Each layer in the DARPA model corresponds to one
  or more layers of the seven-layer OSI model.

53
TCP/IP Protocol Layers (1)
54
TCP/IP Protocol Layers (2)

• User applications communicate with the top layer
  of the protocol suite.
• Top-level protocol layer on the source computer
  passes information to the lower layers of the
  protocol stack, which in turn pass it to the
  physical network.
• Physical network transfers the information to the
  destination computer.

55
Network Interface Layer

• It is responsible for placing TCP/IP packets on
  the network medium and receiving packets.
• It was designed to be independent of the network
  access method, frame format and medium.
• In this way, TCP/IP can be used to connect
  different network types, such as Ethernet, Token
  ring, X.25 or Frame Relay.
• It encompasses the Data Link and Physical layers
  of OSI model.

56
Internet Layer (1)

• It is responsible for addressing, packaging and
  routing functions. The core protocols are ARP,
  ICMP and IP.
• Address Resolution Protocol (ARP) it is to map
  the Internet Layer address to the network
  Interface Layer address, such as a hardware
  address.
• Internet Control Message Protocol (ICMP) it is
  to provide diagnostic functions and reporting
  errors or conditions between hosts and routers.

57
Internet Layer (2)

• Internet Protocol (IP) it is a routing protocol
  and responsible for IP providing packet delivery
  services (routing) between hosts.
• All packets are delivered by the IP datagram
  delivery service.

58
Internet Layer (3)

• IP will always make a best effort attempt to
  deliver a packet.
• All packets are transmitted independently of any
  other packets and IP does not attempt to recover
  from errors.

59
Internet Layer (4)

• The acknowledgement of packets and recovery is
  the responsibility of a higher-layer protocol,
  such as TCP.
• The Internet Layer is analogous to the Network
  Layer of the OSI model.

60
Internet Layer (5)

• Applications using the IP datagram delivery
  service expect to receive replies from the
  destination node.
• Packet takes the form called IP datagram.
• The datagram consists of a header and a data
  section.
• Header section contains the header information,
  the source IP address, the destination IP address
  and options.

61
Internet Layer (6)
62
Transport Layer (1)

• It is consisted of two protocols, UDP and TCP.
• UDP provides a one-to-one or one-to-many,
  unreliable and connectionless delivery service to
  send and receive messages.
• TCP provides a one-to-one, connection-oriented,
  reliable communications for byte stream-delivery
  services on top of the IP datagram delivery
  service.
• The transport layer encompasses the
  responsibilities of the OSI Transport Layer

63
Transport Layer (2)

• Applications can be identified through protocol
  ports.
• Two types of protocol ports
• Well-known port assignments
• port numbers between 1 and 1,023 for particular
  applications
• For example, 20 and 21 for FTP, 23 for Telnet, 80
  for HTTP
• Dynamically bound ports
• port number 1,024 to 65,535

64
Transport Layer (3)
65
Transport Layer (4)

• TCP segments are encapsulated in an IP datagram.
• TCP buffers the stream by waiting for enough data
  to fill a large datagram before sending the
  datagram.
• At the receiving end, TCP checks successive
  sequence numbers to ensure that all the segments
  are received and processed in the order of the
  sequence numbers.

66
Transport Layer (5)

• The receiving end sends an acknowledgment to the
  sender for the segments received.
• TCP enables the sender to have several
  outstanding segments before the receiver must
  return an acknowledgment.
• If the sender does not receive an acknowledgment
  for a segment within a certain time, it
  retransmits that segment as a recovery.

67
Application Layer (1)

• It provides applications the ability to access
  the services of the other layer.
• It defines the protocols that applications use to
  exchange data.
• The Application Layer is analogous to the
  Application, Presentation and Session Layers of
  the OSI model.
• The most widely used protocols here are HTTP,
  FTP, SMTP, Telnet, DNS and SNMP.

68
Application Layer (2)

• The HyperText Transfer Protocol (HTTP) it is
  used to transfer files that make up the web pages
  .
• File Transfer Protocol (FTP) it is used for
  interactive file transfer.
• Simple Mail Transfer Protocol (SMTP) it is used
  for the transfer of mail messages and attachments.

69
Application Layer (3)

• Telnet a terminal emulation protocol, for remote
  login to network hosts.
• DNS it is used to resolve a host name to an IP
  address.
• SNMP it is used between network management
  console and network devices (routers, bridges) to
  collect and exchange network management
  information.

70
Security Issues on Internet

• Since Internet is an open accessed network, there
  are insufficient security protection for
  confidential data.
• Data protection is to be essential and
  cryptography have to be enforced.
• Cryptography uses mathematical algorithms and
  processes to convert intelligible plaintext into
  unintelligible cliphertext, and vice versa.

71
Cryptography (1)

• Cryptography will depend very much on encryption
  and decryption mechanisms.
• To encrypt the plaintext to ciphertext, the
  originator of the plaintext applies a
  mathematical formula that uses encryption key.
  The recipient of the ciphertext then use the same
  encryption key to decrypt.
• There are two kinds of cryptography present
  secret key and public key cryptography.

72
Cryptography (2)

• There are some other applications of
  cryptography
• Data encryption is for confidentiality.
• Digital signatures are to provide accountability
  and verify data integrity.
• Digital certificates are used for authenticating
  people, applications and services, and for access
  control (authorization).

73
Secret key Cryptography (1)

• The sender (originator) and receiver (recipient)
  use the same or called symmetrical key for both
  encryption and decryption purpose.
• In large scale applications, many clients or
  users need to have the same secret key.
• Since encryption is presumably not available
  prior to key distribution, network based key
  distribution is not a secure option.

74
Secret key Cryptography (2)

• Owing to the disadvantage of key distribution
  among the receivers, secret key cryptography is
  not a secure way to protect data or message.
• The most common system is data encryption
  standard (DES) and is called symmetrical
  cryptography.

75
Public Key Cryptography (1)

• It will uses pairs of keys a widely available
  public key, and a different private key known
  only to the person, application or service that
  owns the keys.
• Public key can be transmitted unencrypted over
  insecure lines.
• Private key must be kept secret.
• Since this pair of keys is asymmetrical, it is
  called asymmetrical cryptography.

76
Public Key Cryptography (2)
77
Public Key Cryptography (3)
78
Benefits of Public Key Cryptography (1)

• The primary benefit is that it allows users who
  have no preexisting security arrangement to
  exchange messages securely.
• The need for sender and receiver to share secret
  keys via some secure channel is eliminated.
• All communications involve only public keys, and
  no private key is ever transmitted or shared. -
  It is much more safe.

79
Benefits of Public Key Cryptography (2)

• Public key cryptography requires a public key
  infrastructure (PKI) for managing digital
  certificates (or e-cert) and encryption keys for
  people, programs and systems.
• It provides confidentiality, authentication,
  access control, data integrity, and
  accountability.

80
Digital Signature (1)

• Digital signatures enable the receivers of
  information to verify the authenticity of the
  informations origin and also verify the
  information is intact.
• Thus public key digital signature provides
  authentication and data integrity.
• A digital signature also provides
  non-repudiation, which means that it prevents the
  sender from claiming that he or she did not
  actually send the information.

81
Digital Signature (2)

• It serves the same purpose as a handwritten
  signature.
• However, a handwritten signature is easy to
  counterfeit.
• It is superior to a handwritten signature in that
  it is nearly impossible to counterfeit, plus it
  attests to the contents of the information as
  well as to the identity of the signer.

82
Digital Signature (3)
83
Digital Certificate

• A digital certificate (or called e-cert) is an
  electronic file issued and digitally signed by a
  Certification Authority (CA), vouching for the
  identity of the certificate holder.
• It usually contains a serial number, an
  expiration date, the information about the
  rights, uses, and privileges associated with the
  certificate, together with information about the
  CA who issued the certificate.

84
Certification Authority (1)

• A Certification Authority (CA), or called
  Certificate Authority, is an organization, such
  as Hongkong Post, that issues independently
  authenticated digital certificates for use by
  individuals or organizations.
• The Electronic Transactions Bill was passed by
  the Legislative Council on 5 January 2000 and was
  published in the Gazette on 7 January 2000. The
  Bill aims to provide a legal framework to ensure
  the conduct of electronic transactions is in a
  secure and trusted environment.

85
Certification Authority (2)

• Hongkong Post Launches Public Certification
  Services.
• Hongkong Post has become the first public
  certification authority in Hong Kong to build a
  Public Key Infrastructure (PKI).
• It issues digital certificates, namely Hongkong
  Post e-Cert.

86
Certification Authority (3)

• CA manages the keys and digital certificates used
  to implement cryptography within applications
  such as
• Web browsers and web servers for authentication
  and confidentiality
• Secure network communications via protocol such
  as SSL for applications like online banking and
  online shopping and
• Functions such as digitally signed documents or
  code.

87
Certification Authority (4)
88
Certification Authority (5)
89
Certification Authority (6)