Networking Concepts

Skills for the Electronic Workplace Stephen Carr, smcarr@ist
Copyright © 1998 IST SEW Permission to use this document for non-commercial purposes, in original or modified form, is granted, provided that the original source of the document is acknowledged as Skills for the Electronic Workplace, Information Systems and Technology, University of Waterloo.

TABLE OF CONTENTS
INTRODUCTION .................................................................................................................................. 2 THE STRUCTURE OF NETWORKS................................................................................................... 2 LAYERS, LEVELS, HIERARCHIES............................................................................................................. 2 HIERARCHY OF NETWORKS .................................................................................................................... 2 Local Area Networks (LANs) ............................................................................................................. 2 Wide Area Networks (WANs) and the Internet.................................................................................... 3 Your Privileges on the Network ......................................................................................................... 3 LAYERED COMMUNICATION PROTOCOLS ................................................................................................ 3 HOW IT ALL WORKS TOGETHER ............................................................................................................ 5 PHYSICAL STRUCTURE OF THE CAMPUS NETWORK ................................................................................. 6 NETWORK APPLICATIONS............................................................................................................... 8 THE CLIENT / SERVER MODEL................................................................................................................ 8 EMAIL CONCEPTS .................................................................................................................................. 9 Attachments ...................................................................................................................................... 9 Configuring an Email Client Program ............................................................................................... 9 Junk Mail and Other Unwanted Mail............................................................................................... 10 WEB CONCEPTS ................................................................................................................................... 10 Features of the Web ........................................................................................................................ 11 REMOTE COMMUNICATIONS CONCEPTS ................................................................................................ 11 Remote File Systems........................................................................................................................ 11 Remote File Transfers ..................................................................................................................... 12 Remote Log-ins ............................................................................................................................... 12 Internet Service Providers and Dialing In from Home...................................................................... 12 DATA SECURITY CONCEPTS.......................................................................................................... 12 PASSWORDS AND PERMISSIONS ............................................................................................................ 12 EAVESDROPPING AND ENCRYPTION ...................................................................................................... 13 VIRUSES, TROJAN HORSES, AND WORMS ............................................................................................. 13 ACKNOWLEDGEMENTS.................................................................................................................. 13

-1-

IST-SEW

Introduction
Networks connect computers together. Advantages of networking include communication with other users, sharing resources such as printers and software, centralization of software and account maintenance, and mobility of users. This course will introduce the basic concepts necessary to make effective use of a networked computing environment. The majority of these concepts are independent of the type of computer workstation or its operating system. The technical side of computer networking is pretty complicated, and descriptions of it are littered with acronyms. The purpose of this course is to demystify the workings of a network as much as possible. Since most networking applications require some user configuration, we will focus on the common applications and the terms that average users are likely to encounter.

The Structure of Networks
Layers, Levels, Hierarchies
When we talk about networks (and many other computing concepts as well), we discover that most things are organized in a “layered” or hierarchical fashion. The purpose of this section is to provide an overview of how networks work, particularly the Internet. Let’s start by looking at the hierarchy of networks themselves.

Hierarchy of Networks
The Internet consists of interconnected sub-networks. Let’s look at the hierarchy of networks. W AN / Internet LAN

Loc al W orks tation

Figure 1: Hierarchy of Networks

Local Area Networks (LANs)
If we connect a computer workstation to its neighbour in the next office to share a printer we end up with a local area network (LAN). Often, a local area network consists of connected computers of a similar type

-2-

IST-SEW

(i.e., using the same operating system) which are located in a limited geographical area. The Waterloo Polaris network on campus is an example of a (rather large) PC LAN. The purpose of a LAN is usually to pool the computing resources of a group of users. This pooling allows for cost savings such as is achieved by providing centralized printing. The other main advantage of a LAN is to provide centralized administration services for the users, such as software installation and maintenance, automated back-ups of files, network security (passwords), etc. More generally a LAN is a network such as the campus network as a whole which connects computers of various types, and various sub-networks (including Waterloo Polaris), within a small geographical area. The network supports various campus-wide functions such as the financial system database, the dial-in modem pool, centralized data processing functions, etc. The campus network is much more diversified in terms of its functions than a homogeneous LAN, and individual users generally only have access to a small subset of these functions.

Wide Area Networks (WANs) and the Internet
A Wide Area Network (WAN) connects networks of computers of various types over a wide geographical area. The world-wide Internet is the largest possible example of a WAN. The campus network provides a link to the Internet  remote sites linked by data communications over the global telecommunication system.

Your Privileges on the Network
It is important to realize that you have different privileges at different network “levels”. For example, you generally have quite a bit of latitude to modify your local workstation as you please. Your office area LAN may allow you access to some shared network drives and printers, but not others. (Your network administrator is the person who configures your LAN). Although you probably have access to the Internet, you generally have very limited privileges to do anything other than collect information (readonly access). However, if you save that information locally on your workstation, you can then modify your local copy. It is essential that you recognize which files (and disk drives) are local to your workstation and which are being made available to you over the network. This distinction is important because it relates to data security  whether or not the files are being backed up or whether they are accessible by people other than you. The location of disk and files is not always obvious, since remote disk drives can be “mounted” by your workstation to look and behave just like local drives. Also, some operating systems such as Windows98 blur the distinction between local and remote files even further by integrating Web browsing tools into the file management software.

Layered Communication Protocols
So, how do the many different kinds of computers that make up the Internet communicate with each other? Diplomats from different countries rely on standard diplomatic protocols in order to communicate without misinterpretation. Similarly, computers on the Internet share information according to agreed upon protocols (communication rules) which allow them to correctly route and interpret the transmitted messages. The particular set of protocols that define the Internet is called the TCP/IP protocol suite. The TCP/IP protocol suite is designed in layers, each successively lower layer providing a library of more fundamental functions required by more and more applications. Technically, there are seven layers in the protocol suite, but for the purposes of this course, and for clarity of understanding, we will simplify the discussion by talking about just four layers: the applications layer, the transport layer, the network layer, and the data-link layer. These layers roughly correspond (if you lump together the middle two layers) to the programs, operating system and hardware layers of your computer workstation, respectively. Each protocol layer relies on the protocols provided by the layers beneath it. The figure below summarizes the layers of the TCP/IP protocol suite.

-3-

IST-SEW

Applic ations Layer T rans port Layer N etw ork Layer D ata-Link Layer

Figure 2: TCP/IP Protocol Suite In the applications layer, there are various application protocols which enable the tasks we perform on the Internet, including • • • • • • Electronic mail, text-based communications using Simple Mail Transfer Protocol (SMTP) News, discussion groups using Network News Transfer Protocol (NNTP) World-Wide Web, multi-media electronic “publishing” using HyperText Transfer Protocol (HTTP) File transfers, using File Transfer Protocol (FTP) Remote terminal sessions using, e.g. TELNET Remote file system access using Network File System protocol (NFS), or Server Message Block protocol (SMB)

Networking applications are available to anyone with a connection to the Internet and appropriate client software on their workstation (see The Client / Server Model below). You can think of the application layer protocols as defining the syntax of the messages being transmitted by the application. Application layer protocols communicate with the lower level protocols through software structures called ports. Most server applications have dedicated port numbers. Network traffic directed to a particular port number is processed by a single network application. For example, a Web server application “listens” on port 80 for incoming Web traffic.

The transport layer includes three protocols, TCP, UDP, and ICMP. Transmission Control Protocol (TCP) ensures reliable transmission of large messages by • breaking up long messages into smaller pieces called datagrams • handling the sending and reception of those datagrams with delivery acknowledgements and error checking • reassembling messages from datagrams. User Datagram Protocol (UDP) is used for small messages that fit into a single datagram. Reliability of delivery is not ensured. If no response is received in a reasonable time, the message is just resent. Internet Control Message Protocol (ICMP) is another unreliable delivery protocol used to transmit error messages generated and used by the lower level protocols. Routing of messages is handled by the network layer using Internet Protocol (IP). Each computer on the Internet is assigned an IP address composed of four eight-bit segments (represented as decimal numbers 0

-4-

IST-SEW

to 255) separated by dots (periods). The first two of these numbers are assigned by a central authority to identify a LAN connected to the Internet. For example, all computers at UW have an IP address beginning with 129. 97. The next number is usually your local subnet of the LAN assigned at UW (e.g. that corresponding to your department). The last number, also assigned at UW, indicates your particular workstation. To make addressing easier for humans, each workstation can also have a name corresponding to its address. For example the UW Unix host with IP address 129.97.108.150 is called ist.uwaterloo.ca, where the host name is “ist” and the domain name is “uwaterloo.ca”. An application layer process called Domain Name Service (DNS) does the translation between names and IP addresses from a local copy of a continuously updated list. The network layer relies on intelligent devices called routers to monitor and direct the comings and goings of datagrams between networks. The data-link protocol layer directs messages to specific hardware devices such as switches and network cards. Each piece of networking hardware has a built-in physical address (a.k.a. Media Access Control or MAC address). At UW, the data-link layer predominantly uses Ethernet protocols and the physical address is called an Ethernet address. Conversion between IP addresses and physical address is handled by Address Resolution Protocol (ARP) via a table look-up procedure. Data traffic is controlled on campus with Ethernet switches and repeaters. A switch can intelligently control the flow of data so that it only passes to the network segment where it is needed. A repeater just passes datagrams from one cable on to all other connected cables. The type of cable most commonly used on campus is Unshielded Twisted Pair (UTP), which just means that there are two conductors twisted together inside a protective plastic sheath.

How It All Works Together
Let’s look at an example to see how all these levels work together. Say you send an email message to a friend at another university. You use an email application to do this, such as Eudora on a PC or Macintosh. Your email program creates and sends the message to your local email server, which passes it on to the remote email server. Your friend uses his own mail client program to get the mail from his mail server (see The Client / Server Model below). At the applications protocol layer, the email message data is assembled according to Simple Mail Transfer Protocol which the email server programs (usually running on Unix hosts) at either end can understand. The next problem is to get the message from your computer to your friend’s computer over the Internet. The mail application makes its connection to the lower level transport layer protocol, TCP, through a port which is assigned an arbitrary number. The port number of the destination server program is predetermined by convention to be 25. TCP breaks your long mail message up into datagrams. Each datagram has a data section (a piece of your mail message) and a header section which contains the source and destination IP addresses, the source and destination port numbers, a check sum to identify the amount of information in the data, and some ordering information so the mail message can be put back together again. TCP then passes its datagrams along to IP for routing from your computer to your friend’s. IP takes a TCP datagram as its data and adds its own header containing the source and destination IP addresses and a check sum, thus creating a new datagram which envelops the one provided by TCP. Each IP datagram is sent along independently of the others. The job of getting each datagram to its destination is accomplished by sending it off to a router (gateway) which connects the local network to outside networks. If there is more than one router on the local network, then usually one of them is chosen as the default. If it turns out that another router would have been preferable, then this information is stored in each computer’s local routing table. Routers use other protocols to determine the best routes amongst themselves.

-5-

IST-SEW

Applic ations Layer D atagram T CP D atagram

IP D atagram

T o Cabling S ys tem

D ata-Link Layer P ac ket Figure 3: Packaging of Datagrams by TCP/IP Protocol Layers The physical transport media determines what goes on at the data-link level. On an Ethernet network each IP datagram becomes the data portion of an Ethernet packet whose header contains the physical (MAC or Ethernet) addresses of the source and destination involved, and a check sum is added to the end. The translation between IP addresses and physical addresses is done via an ARP table. When a router connects two networks that use different physical media (e.g. Ethernet and fiber optic cable), translation between data-link protocols is done by the router. When the datagrams reach their destination, they are unwrapped one layer at a time, reassembled by TCP, and passed, ultimately, to the destination port for interpretation by the receiving application.

Physical Structure of the Campus Network
Currently, the campus network is organized in two layers. The top layer is the uwaterloo.ca network (129.97), which is connected via a router to ONet (the Ontario regional network) and from there to Canadawide networks. The first level network is a ring of routers connected by fiber optic cable. The second level network consists of many subnetworks serving many academic and administrative departments.

-6-

IST-SEW

CANARIE CA*net-II Bell ITS ONet

UW campus network, IP subnet topology 1998-07-15 level-one networks
cn-mc

level-two networks
admin1 , admin2 , ahs, cs , csgrad , descartes, echadmin, gsccom, math , mathfaculty1 , mcadmin , mfcf , opera, opt, uwcs , watserv bfg, bcr , ccng , cgl , cong, ece , engxdc , marti , sd , sho , swen , vlsi admin3 , arts , b1b2esc , c2phy, fes1, fes2, hagey, lib, me , mlech, psych, renison , sjc

cn-onet pp1, pp2, pp3, pp6 res1, res2, res3 rn-rtv1

cn-dc uw cn-phy cn-rtmc cn-rte2

cecs, cn, dcs, hs, tlab cgc, cpp, cupid, eng2, esc, hr, intaud, plantops

Figure 4: UW Campus Network (courtesy R. Watt) The topology of the campus network is changing as technological advances take place. The bulk of the networking hardware at UW consists of Ethernet devices connected by UTP cable. Over the years, these devices have evolved significantly. Originally, Ethernet was designed to operate over co-axial cable, with computers connected serially along segments of cable which carried traffic generated by all the attached hosts. To maintain the signal strength, cable segments were connected with repeaters that just passed along Ethernet packets from one cable to the next. In order to keep local traffic localized, some intelligence was added to a repeater, so that only packets intended for hosts on the other segment would be passed on. This device was called a bridge. There were also multi-port repeaters to connect several Ethernet segments. Computers were connected to the Ethernet co-axial cable though an Ethernet interface card. Routing (an IP layer task) was done by network hosts containing several Ethernet cards connected to different IP subnets (i.e. computers with more than one Ethernet address) or by dedicated routing devices. Within the last few years, UTP cabling has supplanted co-axial cable. This change has improved both speed and reliability of communication. A UTP cable joins only one host to another Ethernet device, so only a single computer is affected by a bad connection, and all of the “bandwidth” (data communications capacity) of the cable is available to that one computer. Communication speeds can also 10 to 100 times faster over UTP than over co-axial cable. The wiring for a typical workstation at UW today is shown below.

-7-

IST-SEW

floor-area wiring closet: UTP wiring panel four pairs of twisted 24g solid copper wires (max: 100m, 1 device)

UTP/Ethernet multi-port repeater

station-mgmt module with multiport repeater and AUI, BNC,or FOIRL connection to thick, thin, or fibre segment

two-port faceplate in office

computer

Ethernet board with RJ45 port and built-in transceiver
Figure 5: Typical Wiring of a Workstation at UW (courtesy R. Watt) Along with the change of cabling media, came improvements in the miniaturization and intelligence of bridging technology. The bridge evolved into the Ethernet switch, an intelligent device, containing numerous bridges, that can control traffic among many connected UTP segments. Today, Ethernet switches and hubs (multi-port repeaters) are the means of connecting networked computers. A switch can also be programmed to create VLANs (virtual LANs) which may span IP subnets, allowing it to do some work formerly done by a router. Also, an IP router can be built right in to a switch. Therefore the number of physical devices required to connect even a large modern LAN is becoming quite small.

Network Applications
The Client / Server Model
Computing networks have evolved away from the “main frame” with connected “dumb terminals” where all task were done centrally, into a distributed computing environment. In distributed computing, different computers may take on specific functions, such as file storage, email, Web, etc. This distributed network architecture resulted in the client/server model of interaction. A server is a program (computer) which stores some files and transmits them (i.e. copies of them) over the network when a request is received from a client program (computer). A client (program) requests files from a server and presents the received files in a form which is useful to the end user. Often a single computer is dedicated to running a single server program, so the computer itself is referred to as a server. For example, a file server is a computer that stores files on its local hard disk(s) and sends them over the network to client computers that request them. As a second example, a Web server stores HTML files on its local disks and sends them out when requested by computers running a (client) Web browser program. These days most computers are multi-tasking (can run many programs simultaneously), so a single computer can run several server and client programs at the same time. However, because server functions can use up a lot of a computer's available hardware resources, it is still common practice to provide computers which are dedicated servers for a network, as separate from the workstations which

-8-

IST-SEW

run network clients and other application programs. Also, it is commonly the case that workstations are PCs running Microsoft Windows 95 or Apple MacOS operating systems while servers often run more the sophisticated Unix or Microsoft NT operating systems.

Email Concepts
As briefly discussed above, email is enabled over the Internet via Simple Mail Transfer Protocol (SMTP) as the method by which one email server process talks to another. The email servers at each end of a communication take care of the transmission of the message between them. Humans communicate with their local mail servers through client programs. The client programs are the ones familiar to users, such as Pine or Eudora. They take care of the tasks of displaying, editing, and managing mail messages. We've already discussed the server-side process of transferring a mail message via TCP/IP over the Internet. Now lets discuss some of the client-side issues.

Attachments
Like most TCP/IP data files, email messages consist of plain text (ASCII text). But most people these days are aware that binary files such as spreadsheets or word processor documents can also be “attached” to an email message. How does this work? Any attached binary file must first be converted into plain ASCII text before it can be sent via SMTP. To do this, email client programs use one of several encoding methods. The most common of these is called MIME (Multipurpose Internet Mail Extensions). MIME can also be used to include sounds and images in mail messages, depending on the capabilities of the email client program. Other methods of encoding attachments are BINHEX, a method introduced by Apple for the Macintosh, and uuencoding, an older method originating in the Unix operating system. Most current email client programs only use MIME and/or BINHEX. If you receive an attachment in a form that your mail client can't decode, then you need to save it and find a utility program that can.

Configuring an Email Client Program
When you first install an email client program on your workstation, it needs to be configured in order to be able to connect to a mail server program. Configuration is usually done under the Preferences or Options menu of the client program. In order to send mail, you need to identify an SMTP server, either by its domain name or IP number. If you are using an Internet Service Provider (ISP) other than the UW’s dial-in server to gain access to the Internet, it is important that you configure your mail client program with the SMTP server provided by your ISP. Otherwise, you may be prevented from sending mail to offcampus addresses (see Junk Mail and Other Unwanted Mail below). In order to receive mail you need to identify a Post Office Protocol (POP) account (your account on a computer that runs an SMTP server and a POP server). POP is an application protocol provides a means of transferring your new mail from an SMTP server to your local workstation. Your email client program can be configured to automatically check for new mail on the mail server by establishing an POP connection periodically (as long as the client program is running). An alternative to POP is Internet Mail Access Protocol (IMAP), which allows you to keep a single mailbox on a mail server instead of downloading mail to your local workstation. Many email clients will allow you to use either POP or IMAP. An alternative method of using email is to log in directly to the email server and run an email client program there. For example, most email servers run on Unix computers, but these same computers also run email client programs such as Pine or Elm.

-9-

IST-SEW

Junk Mail and Other Unwanted Mail
The Internet was originally designed on the premise of friendly co-operation. For example, email servers were designed to pass on to the correct destination any incoming mail messages not destined for one of its local users. Unfortunately, unscrupulous people are now taking advantage of the original openness of the Internet. Mass junk mailing, or “spam” mail, is accomplished by sending mail to large lists of email addresses (obtained by “mining” the Internet) through a friendly SMTP server. At UW, there is now an effort underway to eliminate junk mail traffic through our servers by disabling the relay feature of all our mail servers. This does not prevent users from receiving junk mail sent through SMTP servers off campus, but reduces the number of mail servers that can be used to send junk mailings. It is also possible to filter out unwanted email messages. Many email client programs have this feature. The filtering is based on key words that appear in the email header. For example, it is possible to filter out and discard messages originating from a particular address. However, it is difficult to set up a filter which will remove all junk mail, since this originates from many sources and the message subject lines are all different. Note that if you do set up mail filtering, particularly for keywords (e.g. “money”) in the subject line, it is possible that you will discard some useful mail too by mistake.

Web Concepts
The World-Wide Web (a.k.a. the Web) is the latest and, perhaps, the most flexible and useful applications on the Internet. In fact, the Web incorporates and integrates all familiar network applications such as email, file transfer (FTP), news, etc. The Web was developed at the CERN high energy physics lab in Geneva, Switzerland, in order to facilitate collaborative research with colleagues around the world. First conceived in 1989 and only in wide distribution since 1993, it has rapidly been adopted as the standard for multimedia communications on the Internet. Development of the Web is currently being managed by the World-Wide Web Consortium (W3C), an international body representing the interests of member corporations, universities, governments and research establishments. The Web may best be thought of as a system of digital “publishers” and “subscribers” (the servers and clients, respectively). Web servers store and provide any combination of text, graphics, sounds, movies and programs (e.g. Java or ActiveX applets). The information a publisher supplies is not restricted to materials prepared locally; it can be gathered from many sources distributed all over the Internet simply by “pointing” to it. The Web client programs or “browsers” present the received information in a graphical, point-and-click environment. The basis of the Web is Hypertext Transfer Protocol (HTTP) which is a convention for moving multimedia information around the Internet. Part of this protocol is the Hypertext Markup Language (HTML), which is a language for formatting multimedia documents. All of the user interface constructs, such as text, images, and links (buttons that connect the viewer to other documents, local or anywhere on the Internet), are described by HTML. HTML documents consist of ASCII text containing “tags” which describe the format. The Web client translates the HTML document into the layout of the user’s screen. The W3C is recommending that HTML be replaced with a more flexible variant called eXtensible Markup Language (XML). In order to publish information on the Web, information providers must have an account on a computer running a Web server program. Because the server must be running all the time, computers with a true multi-tasking operating system (such as UNIX or NT) make the most efficient servers. Also, storing and moving large movies, sounds and graphics can put a significant load on the computer, so a fast computer with a lot of memory really helps. Unlike other Internet applications such as FTP or Telnet, the communications between Web servers do not require the clients to log in. Servers can be configured to provide some security, however, e.g. only allowing requests from a local network domain rather than the whole world, or requiring a authentication of users via a password.

- 10 -

IST-SEW

Features of the Web URLs
A valuable feature of HTTP is the Uniform Resource Locator (URL). A URL is a way of addressing just about any form of information on the Internet. From ordinary files in a file system, to FTP archives, gopher sites (a text-based precursor to the Web), Usenet newsgroups, etc. URL addresses allow the Web to function as a unifying interface to these diverse resources on the Internet. The URL for a Web resource begins with http://, an FTP site with ftp://, a news group with news://, etc. An unofficial convention for addressing Web servers is http://www.server_name.domain e.g., http://www.uwaterloo.ca, which is an alias for the actual host name running the server application.

Image Maps
An attractive form of user interface is the image map. An image map is an image file which has areas defined on it to serve as buttons (“hot links”). For example, a campus map could be an image map where the buildings are buttons that link to their floor maps.

Forms
Another useful interface tool is the fill-in form. A form allows the subscriber (client) to supply information to the server to be acted upon. For example a form interface can be used to query a database.

Applets
Most browsers have built-in virtual machines, programs that can interpret programs downloaded via HTTP from a Web server. Programs written in Java or ActiveX can be interpreted and run through a browser.

Common Gateway Interface (CGI) Scripts
CGI scripts allow the Web server to control other programs on the computer. For example, a form works by providing the users information to a CGI script written in C, Perl, or some other supported language. The script is then executed, processing the information provided and interacting with other programs on the server such as mail, a database, etc.

Remote Communications Concepts
Remote File Systems
One of the most common server functions on a network is file service. A file server provides centralized storage of user files. Remote file system protocols allow a client workstation to mount a remote file system on the network as if it were a local hard disk. Users can then interact with the remote disk space exactly as they would with a local device. Advantages of remote file systems are the ability to allocate disk quotas and centralized back-ups. It is also possible to configure remote file systems for sharing files, so that only people in a specified group of users can read and write files to the shared space. There are several application protocols which enable remote file service, the most common being the Network File System (NFS) and Server Message Block (SMB). NFS was developed for the Unix operating system, but PC clients also exist. SMB is used with Windows NT servers and Windows 95/NT clients. There is also an SMB server for Unix called Samba, which allows a Unix file system to be mounted as a drive on Windows 95 or NT workstations. One important point of network management practice is that it is the disks attached to a file server that are backed up (archived) to tapes. These are often users' files stored on a remote file server. It is important to note that most workstations also have a local hard disk. Any user files stored on a local hard disk are not usually backed up by the system and are vulnerable to loss if a hardware failure occurs.

- 11 -

IST-SEW

Remote File Transfers
To move files between a local workstation and network drives which are not exported as remote file systems, an application protocol called File Transfer Protocol (FTP) can be used. An FTP server requires the user to log via a password through an FTP client program on the workstation. The client program can range from a simple text-based, command-line-driven user interface to a graphical view of the two file systems which allows files to be dragged from one to the other. The common feature of FTP is that it requires a user ID and password to be supplied on the remote host. If anyone is to be allowed access to the files served via FTP, a user ID of anonymous is required and, by convention, the user supplies his or her email address as the password (although any password  or no password at all  is acceptable).

Remote Log-ins
If you have a user account on a remote (Unix) computer attached to the Internet, it is possible to log in remotely to that account to run programs, manage files etc. The most common application protocol for remote log-ins is called TELNET. A telnet client program emulates a text terminal and requires the user to log in to the remote account, which then looks and behaves as if the user had logged in directly. It is also possible to run emulators for other Unix terminal types such as graphical X windows terminals, which allow graphical applications to by executed remotely.

Internet Service Providers and Dialing In from Home
If you want to connect a home PC to the Internet it is necessary to connect via a modem (modulatordemodulator)  a device which translates digital signals into analogue signals for transmission over phone lines, and vice versa. Typically you run a client program on your home PC which establishes a telephone connection to the Internet Service Provider (ISP) and also emulates a simple text terminal. If you dial in to the UW modem pool, UW is acting as your ISP. In order to perform Internet functions, the TCP/IP networking layer must be installed your home computer. Networking is built in to Windows 95/NT and the recent releases of MacOS. For older PC running Windows 3.1 and older Macs, TCP/IP functionality must be installed separately (as Trumpet Winsock, LAN Workplace, or MacTCP). Two common data link protocols enable an Internet connection over your telephone line, Point-to-Point Protocol (PPP) and Serial Line IP (SLIP). Again, these are built in to current operating systems, but must be added to older ones. Once a PPP or SLIP connection is established, your home PC becomes a host on the Internet. It is assigned a temporary IP address on the IP domain of the network you are dialing in to. For example, if you dial in to the UW dial-in server and establish a PPP connection, your home PC becomes a host in the uwaterloo.ca domain. Once a PPP connection is established you can run various network client programs on your home PC such as a Web browser, email, etc.

Data Security Concepts
Passwords and Permissions
When accounts and information are distributed over a network, it becomes more difficult to protect the privacy of the users. The main methods of maintaining privacy are passwords and file permissions. Your connection to the network or to a specific account should be password protected. Here are some simple tips regarding passwords: • Don’t use anyone’s name, any dictionary word, or a number as a password. Programs that run through an exhaustive list of passwords can deduce these. • Don’t share your password with anyone. • Don’t write your password down anywhere. If you forget it, your system administrator can change it.

- 12 -

IST-SEW

File servers are computers that allow multiple users. The privacy of your files is protected by permissions associated with each file. Make sure that your private files are only readable by you (which they should be by default). If you want to share files or publish them on the Web, you can change the permissions to allow them to be readable by others.

Eavesdropping and Encryption
Most network traffic is commonly in the form of plain text files. We have seen this in the discussion of email above. TCP/IP was designed such that datagrams are ignored by hosts for which they are not intended. However, snooper programs can be written which listen to all traffic. Consequently, Internet traffic is not generally secure. For most types of communications, people are willing to take the risk that someone may be “listening”. However, security is a requirement for business transactions, etc. Modern, switched Ethernet networks provide a reasonable degree of security against eavesdropping by localizing traffic. Switches and routers that localize traffic are often referred to as firewalls. However, to ensure secure transmission of information across the Internet it is necessary to encrypt the data portion of datagrams. That is, an algorithm known only by the sender and the receiver transforms the data. There are several “strong” encryption schemes, including Kerberos and PGP (Pretty Good Privacy), which produce essentially unbreakable codes.

Viruses, Trojan Horses, and Worms
With the ease of communication on a network, the spread of malicious programs can become a problem. Viruses, executable programs which self-replicate, are usually spread by attaching themselves to other programs or system files which are shared or transferred on removable storage devices. Viruses are usually more of a nuisance than a danger to your data. A Trojan horse is a computer program that carries within itself a means to allow he creator of the program access to the system using it. Trojan horses are often a means of carrying a virus into a system. Worms are self-propagating and replicating programs designed to infect networked hosts. It is important to use anti-virus software regularly when you work on a network. Note: Viruses can only be transmitted if you run a program containing one. It is impossible to get a virus by simply reading email, unless you save and execute an attached program containing a virus.

Acknowledgements
The author would like to acknowledge the contribution of Roger Watt, Manager, IST Systems, who provided valuable technical information and many of the presentation slides used in this course. I would also like to thank Ray White of IST Systems for his clarification and explanation of many of the nitty-gritty details. A special thanks also goes out to Greg Cummings of IST Production Support for providing demonstration equipment and conducting the behind-the-scenes tour.

- 13 -

IST-SEW

Master your semester with Scribd & The New York Times

Special offer for students: Only $4.99/month.

Master your semester with Scribd & The New York Times

Cancel anytime.