DNS

DNS is an Internet service that translates domain names to IP addresses. Every time you query or use a domain name, a DNS server translates the domain name into its corresponding IP address. The DNS server uses cache to resolve queries. The server cache is a part of the memory that stores the recently accessed information. Caching enables fast responses to the DNS queries. It also reduces network traffic because the DNS server can gather responses for queries from its cache, rather than sending the queries to the other DNS servers. The DNS server collects and stores all the information that it receives when a query is processed. The server retains this information in the server cache till the specified time-period in the resource record. This time-period is called the time-to-live (TTL) value of the returned record information. After caching, the TTL value starts decreasing so that the server knows when to delete the resource record. The record is marked for deletion, when the TTL value reaches zero. Consider an example. An organization has a 1,000 machine setup with a domain controller, three additional domain controllers, and few application servers, such as web servers, database servers, and few file servers. Domain controller is also a DNS server for the organization. Software developers access these servers and other machines for their day-to-day work. They notice that it takes a longer time to access servers and machines with the machine name as compared to the time taken when they access machines with the IP addresses. The reason for this is that the DNS server is loaded and therefore, it slows down while resolving queries. After a query is resolved, the DNS server cache gets deleted. This can be resolved by creating a cache on another DNS server. This will help the DNS server to resolve queries faster. The TTL value indicates the time for which a DNS client can use a DNS record before deletion of the record or before the record expires. Users can specify the TTL value for a DNS record in seconds. The minimum default value of the TTL for records created by the DNS server is 3600 seconds. A short TTL value results in heavy DNS traffic. A large TTL value causes the server to reply to queries by using outdated resource records. Troubleshooting DNS Server
nslookup is a command line utility that enables you to perform tests to verify whether the resource records are added or updated correctly or not. The nslookup command helps resolve addresses for

resources on the DNS server, performs DNS queries, and examines the content of zone files on the DNS server. The command also helps diagnose and solve name resolution problems when the machine name does not get resolved while accessing the network. Syntax -- nslookup [-Subcommand ...] [{ComputerToFind| [-Server]}] The above parameters are explained below: Subcommand: Specifies one or more nslookup subcommands as a command-line option such as nslookup: exit, nslookup: finger, nslookup: ls, nslookup: lserver ComputerToFind: Looks up for complete information such as DNS name and IP address of a computer system by using the current default DNS name server. Server: Specifies to use this server as the DNS name server. If you omit Server parameter, the default DNS name server is used.

SMTP SMTP is a protocol that is used for sending e-mail messages. Whenever a user sends an e-mail by using e-mail clients such as Outlook Express, the client uses SMTP to transfer the e-mail to the mail server. E-mail is routed to an intermediate mail server, which then delivers it to the recipient's mail server. For example, a company with several servers has designated one server as a mail gateway to the Internet. Any e-mail sent to the company would arrive at the gateway server, and then be relayed to the appropriate server for delivery to the recipient.

However, malicious users sometimes try to perform unauthorized mail relaying. For example, a spammer who has a low-end server and a slow network connection might use mail relaying in order to get other companys higher-powered mail server and a fast network connection to send spam mail on their behalf. Even worms can use some other server and network to send mass mails. Many worm programs are used today to send mass junk e-mails to disturb networks. Sending mass spam mails is an unlawful activity. The following table lists ports about a few more protocols. PROTOCOLS POP3 ftp-data File Transfer Protocol (FTP) HTTP TELNET Nameserver Trivial File Transfer (TFTP) Internet Message Access Protocol (IMAP) Lightweight Directory Access Protocol (LDAP) 110 20 file transfer[default data] 21 file transfer [control] 80 23 42 69 143 389 PORTS

Protocols and Their Corresponding Ports

Solutions to Chapter One Questions

1. List the functions of the application layer. Ans. The functions of the application layer are: It is responsible for facilitating interaction between many applications like WWW, EMAIL, FTP, and DNS, and servers like mail server and FTP server. It interfaces directly to and performs common application services for the application processes; it also issues requests to the presentation layer.

2. What is DNS? Ans. DNS is a name resolution service that resolves host names to the IP addresses. DNS has a hierarchical and distributed database that contains mappings of host names with the corresponding IP addresses. 3. Explain the working of DNS with an example. Ans. DNS is a name resolution service that resolves host names to IP addresses. A DNS server resolves host names to IP addresses for DNS queries sent by the DNS clients. These queries can be in the form of a name resolution query or a resource record. The resolver sends a User Datagram Protocol (UDP) packet to the local DNS server. The DNS server searches its table and returns the IP address, which matches the domain name. DNS has a hierarchical and distributed database that contains mappings of host names with the corresponding IP addresses.

Resource records are stored in a specific portion of the DNS database called the DNS zone. A DNS zone contains resource records along with the owner names. For example, an application program calls a procedure with its domain name as parameter. The procedure sends an UDP packet to the local DNS server. The DNS server searches its table and returns the IP address which matches the Domain name. The program can now establish a TCP connection or send UDP packets. 4. What is an iterative resolution? Ans. Iterative resolution refers to the name resolution technique in which a server sends back the information to a client or sends the name of the server that has the information. The client then iterates by sending a request to this referred server. This server may return the information itself or send the name of another server. This process continues till the time the client receives the required information. 5. What are the functions of the user agent in the e-mail architecture? Ans. In the e-mail architecture, the user agent helps users to interact with the e-mail systems. The functions of the user agent in e-mail architecture are: Composition: It refers to writing the mail. Here users type the message that they want to convey. The users have to mention the recipients e-mail address. Receiving: It refers to retrieving the e-mails from the POP3 server. Replying to messages: It refers to replying to a received e-mail. To reply to the e-mail, the user has to click reply, type the message, and send it back. Support manipulation of mail box: It refers to customization of the mail box. Here users can create folders and manage the mail according to the sender.

6. Discuss the sending and receiving process of e-mail. Ans. The prerequisites for sending and receiving an e-mail are: 1. 2. Both the sender and recipient should have an e-mail account. The sender must provide the destination address and write a message. When the sender clicks send, the machine establishes a connection with the SMTP server by using port 25. An SMTP configured e-mail daemon/process uses this port. This daemon/process accepts incoming connections and sends the mails to its appropriate domain. For example if you send the mail from yahoo.com to hotmail.com, the mail goes to the yahoo SMTP server, and then the SMTP server sends it to the POP3 server of hotmail.com. If a message cannot be delivered, an error report containing the first part of the undeliverable message is returned to the sender.

The following is the sequence of the e-mail sending process:

3.

In the implementations of POP3, the server maintains a collection of text files, one for each e-mail account. When a message arrives, the POP3 server simply appends it to the bottom of the recipient's file. The following is the sequence of the e-mail receiving process: 1. 2. 3. The e-mail client connects to the POP3 server by using port 110. The POP3 server requires an account name and a password. After providing a valid username and password, the user gets verified by the POP3 server. If the username and password are valid, the POP3 server opens your text file and allows you to access it.

7. Write a brief note on SMTP. Ans. SMTP is a protocol that transfers mail reliably and efficiently. SMTP is independent of a particular transmission subsystem and needs only a reliable ordered data stream channel. An important feature of SMTP is its capability to relay mail across transport service environments. 8. Discuss the working of POP3 in an e-mail system. What are its limitations? Ans. When users check their e-mail, the e-mail client connects to the POP3 server by using port 110. The POP3 server requires an account name and a password. The POP3 server issues a series of commands to bring copies of user e-mail messages to users local machine. Generally, it will then delete the messages from the server (unless the user chooses the not to option in the e-mail client). Once the connection has been established, the POP3 protocol goes through three stages in sequence: 1. 2. 3. Authorization Transactions Update

The authorization state deals with the user log in. The transaction state deals with the user collecting e-mail messages and marking them for deletion from the mailbox. The update state causes the e-mail messages to be deleted. During the authorization state, at times, when the server is set for three passwords trials, if you give the wrong password thrice, your mail box will get locked. POP3 servers have certain limitations such as: There is no folder structure for sorting e-mail messages that are saved on the POP3 server. The server has only one folder for incoming mails, which is the inbox. No rules can be set at the POP3 server. All rules are set at the client end only. If a users machine crashes, e-mail messages can only be recovered if a copy of them is left on the server. To check e-mail, users have to download them first and only then they can view their mails on the e-mail client software. User cannot see mails first and then download the required mails. If there are spam e-mail messages in the inbox that can be dangerous for the computer, these will also get downloaded and the user has to delete them.

Reference (http://www.evenmail.com/pop3.imap.html) 9. What is WWW? Ans. The WWW is a hypertext-based system that provides a uniform and a user-friendly interface for accessing the resources on the Internet. It is an information space in which the items of interest, referred to as resources, are identified by global identifiers called Uniform Resource Identifiers (URI). 10. Discuss the architecture of WWW. Ans. The architecture of WWW is two tiered. It consists of the client and the server. The client (web browser) requests for a web page. This page is retrieved from the server. The architecture depends on three key standards: HTML for encoding document content, Uniform Resource Locator (URL) for naming remote information objects in a global namespace, and HTTP for staging the transfer. The following figure shows the two-tiered architecture of WWW.

Request CLIENT Response SERVER

Two-Tier Architecture of WWW

If the web pages are interacting with the database, then the architecture becomes three-tiered, as shown in the following figure. Request CLIENT Response
Three-Tier Architecture of WWW

SERVER

DATABASE

11. Explain the client side and server side events when a user clicks on a URL. Ans. The client side events when a user clicks on a URL are as follows: 1. 2. 3. 4. 5. 6. 7. 8. 9. 1. 2. 3. 4. 5. The browser locates the URL. The browser asks DNS for the IP address. DNS replies with the IP address. The browser makes the Transmission Control Protocol (TCP) connection to Port 80 on the machine with the above IP address. The browser sends a request for the specific file. The server sends the required file. The TCP connection is closed. The browser displays all text information. The browser displays all images. Server accepts a TCP connection from a client. Server searches the file associated with the web page. File from the disk is retrieved. The web page is returned to the client. TCP connection is released.

When a user clicks on a URL, the server side events are as follows:

12. Explain a server farm with an example. Ans. A server farm is a group of networked servers that are housed in one location. A server farm streamlines internal processes by distributing the workload between the individual components of the farm and expedites computing processes by harnessing the power of multiple servers. The farms rely on load balancing software that accomplishes the following tasks: Tracking demand for processing power from different machines. Prioritizing the tasks.

Scheduling and rescheduling tasks depending upon priority and demand that users put on the network. When one server in the farm fails, another can step in as a backup. Combining servers and processing power into a single entity has been relatively common for many years in research and academic institutions. Today, more and more companies are utilizing server farms as a way of handling the enormous amount of computerization of tasks and services that they require.

Server farm, or web farm, refers to either a web site that runs on more than one server or an Internet Service Provider (ISP) that provides web hosting services by using multiple servers. Server compute farms are making their way into large manufacturing environments for electronic design automation, and to accelerate processes and complete tasks. A server farm accomplishes this by harnessing computing power from multiple machines and combining that power. Example of a server farm includes Google. Googles services run on several server farms.

FAQs
1. What is FTP? Ans: FTP is a standard protocol for transferring files between remote computers. It uses the Internet's TCP/IP protocols to enable data transfer. 2. What is IMAP? Ans: IMAP is an application layer Internet protocol used for accessing e-mail on a remote server from a local client. 3. What is the difference between SMTP and POP3? Ans: SMTP (Simple Mail Transfer Protocol) is used for the relaying and delivery of messages. SMTP by default works on 25 port. An email client sends the email to SMTP server, The server accepts incoming connections and copies message from them into the appropriate mailboxes. If a message cannot be delivered, an error report containing the first part of the undeliverable message is returned to the sender. SMTP is a simple ASCII protocol. POP3 (Post Office Protocol) is used for retrieving mails from the mail server. POP3 by default works on 110 port. POP3 begins when the user starts the mail client. The mail client establishes a TCP connection with the message transfer agent at port 110. Once the connection has been established, the POP3 protocol goes through three states in sequence: 1. 2. 3. Authorization. Transactions. Update.

Static Routing Vs. Dynamic Routing

Staic and dynamic routing is compared in the following table. Static Routing Static routing allows routing tables in specific routers to be set up in a static manner so that the network routes for packets are set. Dynamic Routing Dynamic routing performs the same function as static routing except it is more robust.

Static Routing In static routing, routing is done manually in routers. Routers do not update routing table themselves in case of downtime or change in route. If a router on the route goes down, the destination may become unreachable. A network administrator manually builds and updates the routing table and handles the programming of all the routes in the routing table. Static routers can work well for small internetworks but they do not scale well for large or dynamically changing inter-networks because of the manual administration required.

Dynamic Routing Dynamic routing allows routing tables in routers to change as the possible routes change. There are several protocols used to support dynamic routing including RIP and OSPF. Dynamic routing consists of routing tables that are built and maintained automatically through an ongoing communication between routers. This communication is facilitated by a routing protocol, a series of periodic or on-demand messages containing routing information that is exchanged between routers. Except for routers initial configuration, dynamic routers require little ongoing maintenance and, therefore, can scale to larger internetworks. Routers are fault tolerant in case of dynamic routing. Dynamic routes have a finite lifetime. If a router or link goes down, the routers sense the change in the inter-network topology through the expiration of the lifetime of the route in the routing table. This change can then be propagated to other routers so that all the routers on the inter-network become aware of the new inter-network topology.

Routers are not fault tolerant in case of static routing. The lifetime of a manually configured static route is infinite and, therefore, static routers do not sense and recover from downed routers or downed links.

Static Routing Versus Dynamic Routing

Routing Protocols
Routing protocol refers to a protocol that enables routing through implementation of a routing algorithm. A routing algorithm is an algorithm that determines the possible route through which data packets would reach the destination. Some of the routing protocols are: Interior Gateway Routing Protocol (IGRP) Cisco Discovery Protocol (CDP) Hot Standby Router Protocol (HSRP)

IGRP IGRP is a distance vector Interior Gateway Protocol (IGP). IGRP mathematically compare routes by using some measurements of distance. This measurement is known as the distance vector. Routers send all or a portion of their routing table in a routing-update message at regular intervals to each of their neighboring routers if the router is using a distance vector protocol. As routing information propagates through the network, routers can identify new destinations as they are added to the network, learn about the failures in the network, and calculate distances to all known destinations. Reference (http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/igrp.htm) CDP CDP is a media and protocol-independent device-discovery protocol that runs on all Cisco-manufactured equipment including routers, access servers, bridges, and switches. By using CDP, a device can advertise its existence to other devices and receive information about other devices on the same Local Area Network (LAN) or on the remote side of a Wide Area Network (WAN).

HSRP HSRP is a routing protocol that provides backup to a router in the event of the failure of the router. HSRP provides network redundancy for IP networks. It ensures that user traffic recovers immediately and transparently from first hop failures in network edge devices or access circuits.

TIMERS IN RIP
RIP uses three timers to support its operation: Periodic Timer: The Periodic timer controls the advertising of regular update messages. Although the protocol specifies that the timer must be set to 30 seconds, the working model uses a random number between 25 and 35 seconds. This is to prevent any possible synchronization and, therefore, prevent overload on the network if the routers update simultaneously. Each router has one periodic timer that is set randomly to a number between 25 and 35 seconds. When the counter reaches zero, the update message is sent to the other routers and the timer is randomly set once again. Expiration Timer: The expiration timer checks the validity of a route. When a route receives the update information from the other routers for a specific route, the expiration timer is set to 180 seconds. Every time a new update for the route is received, the timer is reset. In normal situations, this occurs every 30 seconds. However, if there is a problem on the Internet and no update is received within the allocated 180 seconds, the route is considered expired and the hop count of the route is set to 16. Garbage Collection Timer: When the information about a route becomes invalid, the router does not immediately purge that route from its table. Instead, it continues to advertise the route with a metric value of 16. At the same time, a timer called Garbage Collection Timer is set to 120 seconds for that route. When the count reaches zero, the route is purged from the table. This timer allows the neighboring routers to become aware of the invalidity of a route prior to purging.

Solutions to Chapter Two Questions

1. What is routing? Differentiate between the two types of routing, direct routing and indirect routing. Ans. Routing is the process of moving information across an internetwork from a source router to a destination router. Routing occurs at the third layer of the Open System Interconnect (OSI) model, known as the network layer. Routing protocols use metrics to evaluate what path will be the best for a packet to travel. The differences between direct routing and indirect routing are as follows. Direct Routing In direct routing, packet delivery occurs when the source and destination of the packet is located on the same physical network or if the packet delivery is between the last router and the destination host. In direct routing, the address mapping is between the IP address of the final destination and the physical address of the final destination. A packet delivery always involves one direct routing. Indirect Routing In indirect routing, the packet goes from router to router until it reaches the router connected to the same physical network as its final destination.

In an indirect routing, the address mapping is between the IP address of the next router and the physical address of the next router. A packet delivery may or may not involve indirect routing.

Direct Routing Versus Indirect Routing

2. Discuss the different approaches that are used to make a routing table more efficient. Ans.

There are many approaches to make a routing table efficient such as: Next hop routing: In this technique, the routing table holds only the address of the next hop instead of holding information about the complete route. Routing tables are thereby consistent with each other. Network specific routing: In this technique, routing tables are made smaller so that the search process becomes simpler. Instead of having an entry for every host connected to the same physical network, we have only one entry to define the address of the network itself.

3. Discuss the various stability features of RIP. Ans. The stability features of RIP are: Hop-count limit: This feature limits the number of hops allowed in a path from source to destination. The maximum number of hops in a path is 15. If for some reasons the router receives a routing update that contains a new or changed entry, and if increasing the metric value by 1 causes the metric to be infinity (that is, 16), the network destination is considered unreachable. Hold-down timers: This feature is useful in preventing routing information from flooding the network when network links are unstable. Split horizons: This feature prevents routing loops within the network.

4. What is the purpose of the route timeout timer? Ans. The purpose of the route timeout timer is to help purge invalid routes from a RIP node. Routes that are not refreshed for a given period of time are likely to be invalid because of some change in the network. Thus, RIP maintains a timeout timer for each known route. When a route's timeout timer expires, the route is marked invalid but is retained in the table until the route-flush timer expires. 5. Which two capabilities are supported by RIP2 but are not supported by RIP1? Ans. Two capabilities, which are supported by RIP2 but not by RIP1, are: RIP1 cannot increase the network diameter or disseminate network bit masks needed to properly interpret routes. Therefore, using RIP1 is a poor choice for modern networks. An updated version of RIP1, known as RIPv2 (RIP2) can do this. RIP Version 2 (RIPv2) adds a "network mask" and "next hop address" field to the original RIP packet while remaining completely compatible with RIP. Thus RIPv2 routers can coexist with RIP routers without any problems. The other improvement that RIPv2 offers over RIP1 is authentication, which defines the password authentication mechanism for RIPv2 routers to prevent accidental updates for wrongly configured hosts.

6. What is the maximum network diameter of a RIP network? Ans. The maximum network diameter of a RIP network is 15 hops. 7. When using OSPF, can you have two areas attached to each other where only one autonomous system (AS) has an interface in Area 0? Ans. Yes, you can. This describes the use of a virtual path. One area has an interface in Area 0 (legal), and the other AS is brought up and attached off an ABR in Area 1, so you can call it Area 2. Area 2 has no interface in Area 0, so it must have a virtual path to Area 0 through Area 1. When this is in place, Area2

looks like it is directly connected to Area 0. When Area 1 wants to send packets to Area 2, it must send them to Area 0, which in turn redirects them back through Area 1 by using the virtual path to Area 2. 8. Area 0 contains five routers (A, B, C, D, and E). Area 1 contains three routers (R, S, and T). What router does router T knows? Router S is the ABR. Ans. Router T knows about routers R and S only. Likewise, Router S only knows about R and T, as well as routers to the ABR in Area 0. The ASs separate the areas so that router updates contain only information needed for that AS. 9. Can IBGP be used in place of an IGP (RIP, IGRP, EIGRP, OSPF, or IS-IS)? Ans. Use of IBGP in place of IGP is conditional. The next-hop information from EBGP is carried into IBGP. If IBGP does not have a route to reach the next hop, then the route will be discarded. Typically, an IGP needs to be used to exchange routes to the next hop, but this can be achieved by using static routes on all the routers running IBGP. So, the answer is yes if you want to use and maintain static routes. Otherwise, you can not use IBGP in place of IGP. Reference (http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/bgp.htm) 10. Assume that a BGP router is learning the same route from two different EBGP peers. The AS_path information from peer 1 is {2345, 86, 51}, and the AS_path information from peer 2 is {2346, 51}. What BGP attributes could be adjusted to force the router to prefer the route advertised by peer 1? Ans. Weight and local preference are two BGP attributes that make adjustments to force the router to prefer the route advertised by peer 1. Both have a higher preference than AS_path length. 11. Can BGP be used by Internet service providers only? Ans. No. BGP can also be used to scale large enterprise networks. A large network can be divided into segments, with each segment running an IGP. Routing information between segments could then be exchanged by using BGP. 12. If a directly connected interface is redistributed into BGP, what value will the original attribute have for the route? Ans. Any redistributed route will have an incomplete value of origin.

FAQs
1. What are the drawbacks of RIP? Ans: The drawbacks of RIP are: RIP takes a long time to stabilize after a router failure or link failure. RIP uses more broadcasting than OSPF and hence requires more network bandwidth.

2. What is the difference between RIP and OSPF? Ans: The main difference between RIP and OSPF is that RIP only keeps track of the closest router for each destination address whereas OSPF keeps track of a complete topological database of all connections in the local network. 3. What is a metric? What are some of the metrics used by the routing protocols? Ans: A metric is a standard of measurement, such as path bandwidth, which is used by routing algorithms to determine the optimal path to a destination. Some of the metrics used by the routing protocols are path length, reliability, delay, bandwidth, load, and communication cost.

RTSP
The RTSP is a client-server application-level protocol that controls the delivery of data with real-time properties. RTSP establishes and controls either a single or several time-synchronized streams of continuous media, such as audio and video. RTSP uses the transport protocols such as User Datagram Protocol (UDP), multicast UDP, Transmission Control Protocol (TCP), and Real-Time Transport Protocol (RTP) to deliver the continuous streams. It acts as a network remote control for multimedia servers. Sources of data can include both live data feeds and stored clips.

Port Numbers used by RTSP

The following ports have been registered with the Internet Assigned Numbers Authority (IANA). 554/tcp 554/udp 8554/tcp 8554/udp RTSP RTSP RTSP Alternate RTSP Alternate

RTP
RTP defines a standardized packet format for delivering audio and video over the Internet. It was developed by the audio and video transport working group of the Internet Engineering Task Force (IETF) and first published in 1996 as RFC 1889. RTP does not have a standard TCP or UDP port from which it communicates. The only standard that it obeys is that UDP communications are done on an even port and the next higher odd port is used for TCP communications. RTP uses UDP and defines format for additional information required by an application such as sequence number and time stamp.

REAL-TIME TRANSPORT CONTROL PROTOCOL (RTCP)

RTCP is the protocol that gathers transmission statistics during the transmission of multimedia data from a streaming server to a client machine. RTCP gathers information such as bytes sent, packets sent, lost packets, jitter, feedback, and round trip delay. To get this information, RTCP monitors data delivery from the streaming server to the receivers machine and enables the receiver to detect if there is any packet loss and compensates for any delay jitter. RTCP works with RTP in the delivery and packaging of multimedia data but does not transport any data. It also does not provide any flow encryption or authentication means by itself. It is used periodically to

transmit control packets to participants in a streaming multimedia session. The primary function of RTCP is to provide feedback on the quality of service being provided by RTP.

Open Source Streaming Server - Product Information

Note: Because this chapter deals with multimedia data transmission and streaming servers, the products available in the market have also been discussed. Apple Computers, Inc. has developed a streaming server which is called Darwin Streaming Server. This is an open source version of streaming server technology that allows a user to make changes according to the requirement and to send multimedia data to clients across the Internet. Industry standard protocols such as RTP and RTSP are used for this purpose. Darwin Streaming Server supports a high level of customizability and runs on a variety of platforms that allows a user to manipulate the code. Darwin Streaming Server can be extended or modified. Darwin Streaming Server can be modified to alter MPEG-4 media and QuickTime Streaming Server (QTSS), which is Apple's commercial streaming server. QTSS is delivered as a part of Mac OS X Server on alternative platforms such as Windows, Linux, and Solaris. Darwin Streaming Server 5.5 is the latest version available and includes the following enhancements: Latest security update changes Latest 3GPP release 5 client support High-definition H.264 streaming Support for automatic bandwidth detection with QuickTime 7 Player A security update for Windows

The source code of Darwin Streaming Server 5.5 currently supports Mac OS X Server, Linux (Red Hat 8 or higher recommended), Solaris 9, and Windows 2000/2003 Server. The source code of Darwin Streaming Server can be compiled and run on these operating systems.

Solutions to Chapter Three Questions

1. What is multimedia? Give examples of multimedia data. Ans. Multimedia defines applications and technologies that manipulate text, data, images, and voice and full motion video objects. Classic example of multimedia is the games available on CDs or songs and music available on sites. 2. How does an audio medium differ from a video medium? Ans. Audio: It deals with only voice. For example, a song or a lecture on any university site. Video: It has got both voice and live image, such as a movie, a song, or a clipping of a lecture. 3. What is streaming? Ans. Streaming is the process of receiving stored audio/video application from a server where they are placed. A client begins to play either an audio or a video once the media player of the clients PC begins receiving the audio or video file from the server. During the process, the client will be playing audio/video from one location in the file while it is receiving the remaining parts of the file from the server. In other words, streaming avoids long download times and the need to store the entire file on the user's computer. 4. What are the drawbacks of the present Internet to drive the multimedia data?

Ans. The Internet has some drawbacks with regard to multimedia data. For example, the media player does not communicate with the streaming server directly. This delay, before play-out begins, is typically unacceptable for audio/video clips of moderate length. For this reason, audio/video streaming implementations typically have the server send the audio/video file directly to the media player process. In other words, a direct socket connection is made between the server process and the media player process. 5. How can the present Internet be made to port multimedia data? Ans. For making the existing Internet portable to multimedia data, the following modifications need to be done: A protocol is required that reserves bandwidth on behalf of the streaming server applications. The scheduling policies in the router queues should be modified so that the bandwidth reservations can be done. With the new scheduling policies, not all packets get equal treatment, instead the packets from the multimedia provider sites that reserve and pay more, get more bandwidth. The applications must give the network a description of the traffic that they intend to send to the network. The bandwidth and switching capacity should be enhanced to provide satisfactory delay and packet loss performance within the network. Caches must be installed in the networks. Caches bring stored content (web pages as well as stored audio and video) closer to users, thereby reducing the traffic in the higher-tier ISPs. Content providers that pay for a Content Distribution Networks (CDN) service should deliver content faster and more effectively. Multicast overlay networks can be deployed. A multicast overlay network consists of servers scattered throughout the ISP network and potentially throughout the entire Internet. Servers and the logical links between servers collectively form an overlay network, which multicasts traffic from a source to millions of users.

6. Why do audio and video file need to be compressed? Ans. Compression is required to reduce the size of audio and video so that they can be easily transmitted over the Internet. For example, a single image consisting of 1024 pixel * 1024 pixels, with each pixel encoded into 24 bits requires 3 MB of storage without compression. There are eight bits, three each for the colors red, green, and blue. It would take approximately seven minutes to send the image over a 64 kbps link. If the image is compressed at a modest 10:1 compression ratio, the storage requirement is reduced to 300 Kbytes and the transmission time also drops by a factor of 10. 7. Explain the audio streaming process. Ans. Audio streaming is the transfer of audio-encoded packets that are decoded and sent to the clients soundcard upon reception. The host side is responsible for encoding and packetizing the audio stream. The client side is responsible for decoding the packets and sending the decoded audio to the sound card. There are delays inherent in the overall system. These delays are contributed by the encode/decode delay, transfer delay, buffer delay, modem delay, sound card delay, and other delays. As long as the delays are kept constant, then the audio will be delivered uninterrupted.

8. What is a streaming server? Ans. Streaming servers are meant for the audio/video streaming applications. Upon client request, a server directs an audio or a video file to the client by sending the file into a socket. Both the TCP and UDP socket connections are used. Before sending the audio/video file to a network, the file is segmented, and the segments are typically encapsulated with special headers appropriate for audio and video traffic. Streaming servers send digital video for news, entertainment, or educational content over the Internet by using RTP/RTSP. A multimedia file gets uploaded on the server and streaming servers encodes content in the latest media formats including MPEG- 4 (Moving Picture Expert Group) and the AAC (Advanced Audio Coder) audio. 9. What are the limitations of the best effort service? Explain. Ans. Limitations of the best effort service are: Packet loss: As a IP datagram crosses through a network over UDP, it passes through buffers in the routers in order to access outbound links. It is possible that one or more of the buffers in the route from sender to receiver is full and cannot admit the datagram. In this case, the IP datagram is discarded, never to arrive at the receiving application. Loss could be eliminated by sending the packets over TCP rather than over UDP. Excessive end-to-end delay: End-to-end delay is the accumulation of transmission, processing, and queuing delays in routers, propagation delays in the links, and end-system processing delays. Packet jitter: A crucial component of end-to-end delay is the random queuing delays in the routers. Because of these varying delays within the network, the time from when a packet is generated at the source until it is received at the receiver can fluctuate from packet to packet. This phenomenon is called jitter.

10. Discuss the features of Real Time Protocol (RTP). Ans. The features of Real Time Protocol (RTP) are: RTP provides end-to-end delivery services for data with real-time characteristics such as interactive audio and video. However, RTP itself does not provide any mechanism to ensure timely delivery. It needs support from the lower layers of OSI model that actually have control over resources in switches and routers. RTP depends on Resource Reservation Protocol (RSVP) to reserve resources and to provide the requested quality of service. RTP provides timestamps, sequence numbers as hooks for adding reliability, flow, and congestion control for packet delivery, but implementation is totally left to the application. RTP is a protocol framework that is deliberately not complete. It is open to new payload formats and new multimedia software. By adding new profile and payload format specifications, one can tailor RTP to new data formats and new applications. The flow and congestion control information of RTP is provided by Real-Time Control Protocol (RTCP) sender and receiver reports. RTP/RTCP provides functionality and control mechanisms necessary for carrying real-time content. But RTP/RTCP itself is not responsible for the higher-level tasks like assembly and synchronization. These have to be done at the application level.

11. Explain how does the helper application get data from a streaming server. Ans. Getting data from streaming server to helper application like the media player requires at least two servers where data is placed. One server is the HTTP server, and the second server is the streaming server.

For example, when a user visits any songs/news web site, the web browser communicates with the web server where the user chooses the file that has music or news. The moment the user clicks any media file; media player requests for the media file to the streaming server and user receives the media file on the media player. 12. Explain RTSP. Ans. RTSP is a protocol that enables a media player to control the transmission of a media stream. RTSP messages use the port number 544 from the media stream. The RTSP specification, RFC 2326, permits RTSP messages to be sent over TCP or UDP. RTSP server keeps a track of the state of the client for each ongoing RTSP session. For example, the server keeps track of whether the client is in an initialization state, a play state, or a pause state. The session and sequence numbers, which are part of each RTSP request and response, help the server to keep track of the session state. The session number is fixed throughout the entire session; the client increments the sequence number each time it sends a new message; the server echoes back the session number, and the current sequence number.

FAQs
1. What is UDP? Ans: The User Datagram Protocol (UDP) is one of the core protocols of the Internet protocol suite. By using UDP, programs on networked computers can send short messages known as datagrams to one another. However, UDP does not provide the reliability and ordering guarantees that TCP provides. 2. What is ATM AAL5? Ans: Asynchronous Transfer Mode Adaptation Layer Type 5 (ATM AAL5) is a protocol that provides virtual connections between end stations attached to the same network. ATM AAL5 supports variable bit rate and delay-tolerant connection-oriented data traffic requiring minimal sequencing or error detection support. 3. Give an example of a streaming server available in the market today. Ans: MediaBox AS-2608 is an embedded streaming server capable of encoding from eight different inputs of high quality audio through broadband networks at various stream rates in multiple formats: MPEG4, Real, MP3, and Vorbis.

Wireless Technologies
Some of the wireless technologies are: Bluetooth: It is a wireless technology. It is a short-range communications system intended to replace the cables connecting portable and/or fixed electronic devices. The key features of Bluetooth technology include robustness, low power, and low cost. Bluetooth offers a number of advantages. It provides a simple choice for convenient, wire-free, short-range communication between devices. It is a globally available standard that wirelessly connects mobile phones, portable computers, cars, stereo headsets, MP3 players, and more. It is best suited for connecting PDA (Personal Digital Assistance) and cell phones. IEEE 802.16a (WiMAX): It is commonly referred to as WiMAX or less commonly as Wireless MAN or the Air Interface Standard, IEEE 802.16 is a specification for fixed broadband wireless metropolitan access networks. It provides added support for the 2 to 11 GHz range.

IEEE 802.11g (Wi-Fi): It has a frequency up to 54Mbps in the 2.4GHz band. Products that adhere to this standard are considered "Wi-Fi Certified". Products in this standard are compatible with 802.11b and support 14 channels available in the 2.4GHz band with only three non-overlapping channels. IEEE 802.11a (Wi-Fi): It has frequency up to 54Mbps in the 5GHz band. The products that adhere to this standard are considered "Wi-Fi Certified." Products in this standard have eight available channels. This standard is better than 802.11b at supporting multimedia voice, video and large image applications in densely populated user environments. It has a relatively shorter range than 802.11b and is not interoperable with 802.11b.

CSMA/CA
CSMA/CA is a network contention protocol that listens to a network in order to avoid collisions, unlike CSMA/CD that deals with network transmissions once collisions have been detected. CSMA/CA contributes to network traffic because before any real data is transmitted, it has to broadcast a signal onto the network in order to listen for collision scenarios and to tell other devices not to broadcast.

Wireless Fidelity
Wireless Fidelity, or Wi Fi, allows a user to connect to the network and Internet from any location situated in a particular facility without wires. Wi-Fi is a wireless technology like a mobile phone. It enables computers to send and receive data indoors and out anywhere within the range of a wireless access point or a wireless router.

Modulation
Modulation is the process of varying a carrier signal in order to use that signal to convey information. The three key parameters of a sinusoid are its amplitude, its phase, and its frequency. These parameters can be modified in accordance with an information signal to obtain the modulated signal. A device that performs modulation is known as a modulator and a device that performs the inverse operation of demodulation is known as a demodulator. A device that can do both operations is called a modem. Digital Modulation is the process in which the changes in the signal are chosen from a fixed list. Each entry of the fixed list conveys a different possible piece of information. In analog modulation, the change is applied continuously in response to the data signal. Modulation may be applied to various aspects of the signal. Modulation is generally performed to overcome signal transmission issues such as: Low loss, low dispersion propagation as electromagnetic waves Multiplexing, which is the transmission of multiple data signals in one frequency band, on different carrier frequencies. Smaller, more directional antennas There are different modes of modulation. Each node has its advantages and disadvantages. The different modulation modes are:

Continuous Wave Amplitude Modulation

Continuous Wave (CW) CW is the simplest form of modulation. The output of the transmitter is switched on and off, typically to form the characters of the Morse code. Transmission with CW is simple and inexpensive. The transmitted CW signal occupies less than 500 Hz of frequency space. However, there is a disadvantage to this because the CW signals is difficult to hear on a normal receiver. Amplitude Modulation (AM)

In AM, the strength (amplitude) of the carrier from a transmitter is varied according to how a modulating signal varies. When a person speaks into the microphone of an AM transmitter, the microphone converts the voice into a varying voltage. This voltage is then amplified and used to vary the strength of the transmitter's output. AM adds power to the carrier depending on the strength of the modulating voltage. AM can be easily produced in a transmitter. In addition, AM receivers are simple in design. However, AM has the following disadvantages: About two-thirds of an AM signal's power is concentrated in the carrier, which contains signals of low importance. One-third of the power is in the sidebands, which contain the signal's intelligence. Of the total power output of an AM transmitter, only about one-sixth is actually productive, useful output. The wide amount of frequency space occupied by an AM signal is vulnerable to static and other forms of electrical noise. Despite this, AM is simple to tune on ordinary receivers and is used for almost all shortwave broadcasting.

Solutions to Chapter Four Questions

1. What are WLANs? Ans. WLAN is a network that uses high-frequency radio waves rather than wires to communicate between nodes. WLAN technologies enable users to establish wireless connections within a local area such as within a corporate or campus building, or in a public space like airport. IEEE approved the 802.11 standard for WLANs, which specifies a data transfer rate of 1-2 Mbps. 2. What is modulation? Ans. Modulation is the addition of information or the signal to an electronic or optical signal carrier. There are several reasons to modulate a signal before transmitting signal in a medium. This includes the ability of various users sharing a medium and making the signal properties physically compatible with the propagation medium. 3. What is a carrier signal? Ans. A carrier signal is a specific frequency in an analog communication channel that is modulated with an information-carrying signal. Carrier signals are commonly used in Amplitude Modulation (AM), Frequency Modulation (FM), and other radio transmissions to differentiate among channels. You turn a radio dial to select a carrier frequency. The radio then amplifies the signal carried on the selected frequency. In AM, modulation changes the strength or amplitude of the carrier signal. In FM, the frequency of the carrier signal is modulated. 4. Define SNR. Ans. SNR stands for Signal-to-Noise Ratio. It is the ratio between the typical signal level and the softest signal that can be produced accurately. 5. What is BW? Ans.

BW stands for bandwidth, which is the range within a band of frequencies or wavelengths. BW can also be defined as the amount of data that can be transmitted in a fixed amount of time. For digital devices, bandwidth is usually expressed in bits per second or bytes per second (bps). For analog devices, bandwidth is expressed in cycles per second or Hertz (Hz). 6. Compare 802.11a, 802.11b, 802.11g and Bluetooth. Ans. 802.11a, 802.11b, 802.11g, and Bluetooth are compared in the following table. Feature Data rate Frequency Modulation Channels Bandwidth Available Power 802.11a 54-72Mbps 5Ghz OFDM 12/8 300 802.11b 11Mbps 2.4Ghz DSSS/CCK 11/3 83.5 802.11g 54Mbps 2.4Ghz DSSS/PBCC 11/3 83.5 (22MHz per channel) 100mW Bluetooth 721Kbps 56 Kbps 2.4Ghz FHSS 79 ( 1Mhz wide) 83.5

40-800mW

100mW

100mW

Comparison of 802.11a, 802.11b, 82.11g, and Bluetooth

7. List out the advantages and disadvantages of WLAN. Ans. The advantages of WLAN are: Flexibility: Within radio coverage, nodes can communicate without further restriction. Radio waves can penetrate walls, and senders and receivers can be placed anywhere. Easy to use: The wireless networks are easy to set-up and use. Just plug-in a base station and equip your laptops with WLAN cards. Robustness: Wireless networks can survive disasters. Networks requiring a wired infrastructure will break down completely some time. If one base station goes down, users may be able to physically move their PCs to be in range of another.

The disadvantages of WLAN are: Quality of Service (QoS): WLANs typically offer lower quality than wired networks. The main reasons for offering low quality are lower bandwidth due to limitations in radio transmission, higher error rates due to interference (10-4 instead of 10-10 for fiber optics), and higher delay/delay variation. Vulnerable to interference: If a powerful transmitter operating in the same band as the wireless network is nearby, the wireless network could be rendered completely useless. Speed: Data speeds drop as the user moves further away from the access point. Operation within limited distance: Devices will only operate at a limited distance from an access point. Obstacles between the access point and the user such as walls, glass, water, trees and leaves can also determine the distance of operation. Safety and security: Using radio waves for data transmission might interfere with other high-tech equipment. Additionally, the open radio interface makes eavesdropping much easier in WLANs than in the case of fiber optics.

8. Compare radio and infrared transmission. Ans. The differences between radio and infrared transmissions are as follows. Radio Transmission Radio transmission can cover larger areas and can penetrate walls, furniture, plants, and so on. Radio transmission does not typically need a direct line of sight (LOS) to exist between the receiver and the sender if the frequencies are not too high. Radio transmission offers very high data transfer rates than Infrared. Current radio-based products offer transmission rates up to 10 Mbps. In this case, shielding is not so simple. Therefore, radio transmission can interfere with other senders and electrical devices can destroy data transmission via radio. Radio transmission is only permitted in certain frequency bands. Very limited ranges of license-free bands are available worldwide, and those available are typically not the same in all countries. Radio transmission is used for wide area networks (WAN) such as microwave links and mobile cellular phones. WLAN technologies such as IEEE 802.11, HIPERLAN, and Bluetooth make use of this type of transmission. IR Transmission IR transmission cannot penetrate walls or other obstacles. For good transmission quality and high data rates, typically a LOS is needed between the sender and the receiver. IR transmission offers lower transmission rates. The products using the latest version of IR Data Association interface support data transfer rates up to 4 Mbps. In this case, shielding is very simple. Therefore, electrical devices do not interfere with infrared transmission. No licenses are required for infrared technology.

IR technology is normally used for devices like PDAs, laptops, notebooks, mobile phones, and so on. Only IEEE 802.11 makes use of this type of transmission.

Radio Transmission Versus Infrared Transmission 9. Discuss the architecture of WLAN. Ans. WLAN architecture consists of three components: Wireless end stations Access points Basic service sets (BSS)

The wireless end station can be any device that can communicate using the 802.11 standard. These devices include laptops, workstations, and PDAs, as well as printers and scanners. The access point (AP) is a device. It acts as a network platform for connections between WLANs or to a wired LAN and as a relay between stations attached to the same AP. BSS is the logical component of wireless architecture. In general, it is a set of wireless stations controlled by a single management function and has two configuration options that is, Infrastructure BSS (IBSS) and Extended Service Set (ESS). In an IBSS, the stations communicate directly to one another without the need for an access point. An ESS is a set of infrastructure BSSs that appear as a single BSS. This is important for connection redundancy but has some security issues that need to be addressed.

10. Briefly explain the WLAN protocol architecture. Ans. In a typical WLAN setup, the IEEE 802.11 standard WLAN (Access Point) gets connected to an IEEE 802.3 standard Ethernet (Switch/HUB) via a bridge. The higher layers (application, TCP, IP) look the same for the wireless node as for the wired node. The IEEE 802.11 standard only covers the physical layer (PHY) and medium access layer (MAC) like the other 802.x LANs do. The physical layer is sub divided into the Physical Layer Convergence Protocol (PLCP) and the Physical Medium Dependent Sub Layer. The basic tasks of the MAC layer comprise medium access, fragmentation of user data, and encryption. The PLCP sublayer provides a carrier sense signal called Clear Channel Assessment (CCA), and provides a common PHY interface for the MAC, which is independent of the transmission technology. 11. Write a note on DSSS. Ans. Direct Sequence Spread Spectrum (DSSS) is the alternative spread spectrum method, in which the signal is spread over a wide range of frequencies using a chipping code. In the case of IEEE 802.11 DSSS, spreading is achieved by using the 11-chip sequence (+1,-1,+1,+1,-1,+1,+1,+1,-1,-1,-1), which is also called the Barker code. 12. Discuss the MAC layer of WLAN. Ans. MAC layer controls medium access, and also offers support for roaming, authentication, and power conservation. The services offered by MAC are mandatory asynchronous data service and an optional time-bounded service.

FAQs
1. What is an electromagnetic spectrum? Ans: The full range of frequencies from radio waves to gamma rays that characterizes light is called electromagnetic spectrum. 2. What are radio waves? Ans: Radio waves are electromagnetic radiations that have the lowest frequency, the longest wavelength, and are produced by charged particles moving back and forth. The atmosphere of the earth is transparent to radio waves with wavelengths from a few millimeters to about 20 meters. 3. What is wavelength? Ans: Wavelength is the distance between the repeated units of a wave pattern.

Computer Network Authentication and Security

The various methods of securing data are discussed below. Kerberos

Kerberos is a protocol that allows individuals communicating over an insecure network to prove their identity to one another in a secure manner. Kerberos prevents replay attacks and ensures the integrity of the data. Kerberos works on client-server model and it provides mutual authentication, both the user and the service verify each other's identity. Kerberos is built on symmetric key cryptography and requires a trusted third party. Data Encryption Standard (DES) DES encrypts and decrypts data in 64-bit blocks, by using a 64-bit key although the effective key strength is only 56 bits. DES takes a 64-bit block of plaintext as input and outputs a 64-bit block of cipher text. DES always operates on blocks of equal size and uses permutations and substitutions in the algorithm. DES is both a block cipher and a product cipher. DES has 16 rounds, which means that the main algorithm is repeated 16 times to produce the cipher text. It has been found that the number of rounds is exponentially proportional to the amount of time required to find a key using a brute-force attack. Public Key Infrastructure (PKI) It is a system of digital certificates, Certificate Authorities (CA), and other registration authorities that verify and authenticate the validity of each party involved in the Internet transaction. PKI is currently evolving and there is no single PKI or even a single agreed-upon standard for setting up a PKI. However, users agree that a reliable PKI is necessary before electronic commerce is widespread. Digital Certificates A digital certificate is a digitally signed statement that binds the identifying information of a user, a computer, or a service to a public or private key pair. A digital certificate is commonly used in the process of authentication and security of networks. A digital certificate is an attachment to an electronic message used for security purposes. The most common use of a digital certificate is to verify the identification of the user who is sending a message. Digital certificates also provide the receiver with the means to encode a reply. An individual wishing to send an encrypted message applies for a digital certificate from CA. An encrypted digital certificate is issued with the applicant's public key and a variety of other identification information. CA CA is a trusted third-party organization or company that issues digital certificates. The role of the CA in this process is to guarantee that the individual granted the unique certificate is, in fact, who he or she claims to be. Usually, this means that the CA has an arrangement with a financial institution, such as a credit card company, which provides it with information to confirm an individual's claimed identity. CAs are a critical component in data security and electronic commerce because they guarantee that the two parties exchanging information are really who they claim to be. Public-Key Encryption A public key is known to everyone while a private or secret key is known only to the recipient of the message. Consider an example in which user 1 wants to send a secure message to user 2. Before sending the message to user 2, user 1 uses the public key of user 2 to encrypt the message. User 2 then uses a private key to decrypt it. Whitfield Diffie and Martin Hellmann introduced the public key cryptography. Therefore, it is also called Diffie-Hellmann encryption. It is also called asymmetric encryption because it uses two keys instead of one key (symmetric encryption). Private-Key Encryption Private-key encryption is an encryption system that uses two private keys, one for encrypting the message and the other for decrypting it. In this type of encryption, both the parties must have a secret key to

decrypt a message encrypted by the other. The drawback of this method is in the difficulty of distributing the private keys.

Top Vulnerabilities in Windows Systems

The Windows Operating system family supports a wide variety of services, networking methods, and technologies. Many of these components are implemented as Service Control Programs (SCP) under the control of Service Control Manager (SCM), which runs as Services.exe. Vulnerabilities in these services are one of the most common targets for exploitation by an attacker. The critical vulnerabilities were reported in the following Windows Services: MSDTC and COM+ Service Print Spooler Service Plug and Play Service (MS05-047, MS05-039) Server Message Block Service Exchange SMTP Service Message Queuing Service License Logging Service WINS Service NNTP Service NetDDE Service Task Scheduler

Vulnerabilities in Microsoft Office and Outlook Express Microsoft Office is the most widely used e-mail and productivity suite across the globe. This includes applications such as Outlook, Word, PowerPoint, Excel, Visio, FrontPage, and Access. Outlook Express, a basic e-mail client, is installed with Internet Explorer and on all versions of Microsoft Windows starting with Windows 95. Vulnerabilities in these products can be exploited through the following attack vectors: The attacker can send a malicious Office document in an e-mail message. A malicious document can be hosted on a Web server or a shared folder by the attacker. The attacker can tempt a user to browse the Web page or the shared folder. The attacker can run a server, such as a news server, to send malicious responses to trigger a buffer overflow in e-mail clients.

Reference: (http://www.sans.org/top20/)

Identifying Security Controls

Security controls are used to safeguard the network infrastructure from the various risks that it faces, such as unauthorized access and virus attacks. Therefore, it is essential for security designers to understand the importance of implementing these security controls. These security controls can reduce the possibility or the impact of a risk. Types of Controls There are different types of security controls that can help reduce risk. These are: Physical controls: These controls are not directly associated with the information, data, system, or network security of an organization. However, they indirectly help provide security at every level of the organization. For example, locking of rooms or restricting access to various locations within an organization is part of physical controls. Technical controls: These controls include the hardware and software within the organization that is used to secure the systems and the data.

For example, an antivirus software is used to detect and prevent any virus from infecting the network of the organization. It is essential to update the technical controls at regular intervals to ensure that they provide security from new risks. Administrative controls: These controls help in creating standards and guidelines to provide a secure network environment within the organization. These controls include elements such as policies and procedures. For example, for implementing authentication of resources and information, an organization may use the password policy. As per this policy, weak passwords, such as name of the user, birth dates, and vehicle numbers, should not be used. This policy can be implemented by using Group Policy Objects in Windows 2003 Server.

Solutions to Chapter Five Questions

1. What is cryptography? Ans. Cryptography is the science of using mathematics to encrypt and decrypt data. Cryptography enables us to store or transmit sensitive information across insecure networks (like the Internet) so that unauthorized users except the intended recipient cannot read it. 2. Explain cryptographic algorithms. Ans. A cryptographic algorithm, also referred to as cipher, is a mathematical function used in the encryption and decryption process. A cryptographic algorithm works in combination with a key. The key may be a word, number, or phrase used to encrypt the plain text, also called a message. The plain text encrypts to cipher text with different keys. The security of encrypted data is entirely dependent on the strength of the cryptographic algorithm and the secrecy of the key. 3. Explain different types of attacks. Ans. Attacks are of two types. The types are: Passive attack: In this attack, the goal of the unauthorized user is to obtain information that is being transmitted. Passive attacks have two subtypes, release of message contents and traffic analysis.

The release of message contents includes conversation over the phone or through email or transferring a file from one place to another, which might contain sensitive information.

The traffic analysis is more delicate. Suppose that we had a way of masking the contents of messages or other information traffic so that unauthorized users could not extract the information from the message. The common technique for masking contents is encryption. If we had encryption protection in place, an opponent might still be able to observe the pattern of these messages. The opponent could determine the location and identity of communication hosts, and could observe the frequency and length of messages being exchanged. This information might be useful in guessing the nature of the communication that was taking place. Passive attacks are very difficult to detect because they do not involve any alteration of the data. The emphasis in dealing with passive attacks is to prevent the attack rather than to detect it. Active attacks: These attacks involve some modification of the data stream or the creation of a false stream. These attacks are divided into four categories such as masquerade, replay, modification of messages, and denial of service (DoS).

Masquerade: It takes place when an entity pretends to be different than the other entity. This includes one of the other forms of an active attack, which is modification of messages or denial of service. Replay: It involves the passive capture of a data unit and its subsequent retransmission to produce an unauthorized effect.

Modification of messages: It implies that some portion of the message is altered or messages are delayed or reordered to produce an unauthorized effect.

DoS: It prevents or inhibits the normal use or the management of communications facilities. This type of attack has a specific target. For example, an entity may suppress all messages directed to a particular destination. Another form of DoS is the disruption of an entire network, either by disabling the network or by overloading it with messages to degrade the performance of the network. Active attacks posses opposite characteristics than that of passive attacks. Active attacks are difficult to prevent because physical protection of all communications facilities and paths at all times is required. Instead, the goal is to detect active attacks and to restore the network from any disruption or delays caused by them. 4. Briefly explain security mechanisms. Ans. Mechanisms that ensure security of an organization are known as security mechanisms. Encryption or encryption like transformations of information is the most common means of providing security. There are certain common information integrity functions to secure network/data like identification, validation, authorization, time of occurrence, signature, authenticity, concurrence, ownership, receipts, registration, endorsement, privacy, access, and endorsement. 5. Explain the conventional encryption model? Ans. Before the development of public key encryption, the conventional encryption (single-key encryption) was available to secure the networks. There are two types of encryption, classical encryption and modern encryption techniques. These are key based algorithms known as symmetric and public key algorithms. In conventional algorithms, the encryption key can be calculated from the decryption key. Alternatively, the decryption key can be calculated from the encryption key. In these algorithms, the encryption key and the decryption key are same. These algorithms are also called secret key algorithms, or the one key algorithm. In this encryption technique, the sender and receiver agree to use a key before they communicate securely. The security of the symmetric algorithm rests in the key. The key allows users to encrypt and decrypt messages by using any encryption and decryption algorithms. 6. What is Steganography? Ans. Steganography is a technique that is used to hide the secret message in other messages. A few examples of steganography are: Character marking: Selected letters of printed or type written text are overwritten in pencil. The marks are ordinarily not visible unless the paper on which text is printed or type written is held at an angle to bright light. Invisible ink: A number of substances can be used for writing but the ink leaves no visible trace until heat or a specific chemical is applied to the paper. Pin punctures: Small pin punctures on selected letters are ordinarily not visible unless the paper is held up in front of a light. Typewriter correction ribbon: This is a black ribbon used between typed lines typed. The results of typing with the correction tape are visible only in good light.

FAQs
1. What are the advantages of cryptography? Ans: Cryptography is all about increasing the level of privacy of individuals and groups. It not only protects the confidentiality of any companys information but also allows anyone to order a product over the Internet without the fear of the credit card number being intercepted by any malicious attempt. For example, cryptography is often used to prevent forgers from counterfeiting winning lottery tickets. Each lottery ticket can have two numbers printed onto it, one plaintext and the other its corresponding cipher. 2. What is the disadvantage of a transposition cipher? Ans: The disadvantage of a transposition cipher is that such ciphers are considerably more laborious and error prone than simpler ciphers. 3. What is cryptology? Ans: The study of both cryptography (enciphering and deciphering) and cryptanalysis (breaking a code system) together is called cryptology.