BCA III yr Advance Networking Concepts

Unit 5: Client –server Model & Network Security

Client and Server model

A client and server networking model is a model in which computers such as servers provide the
network services to the other computers such as clients to perform a user based tasks. This model is
known as client-server networking model.

The application programs using the client-server model should follow the given below strategies:

An application program is known as a client program, running on the local machine that requests for a
service from an application program known as a server program, running on the remote machine.

A client program runs only when it requests for a service from the server while the server program runs
all time as it does not know when its service is required.

A server provides a service for many clients not just for a single client. Therefore, we can say that client-
server follows the many-to-one relationship. Many clients can use the service of one server.

Services are required frequently, and many users have a specific client-server application program. For
example, the client-server application program allows the user to access the files, send e-mail, and so
on. If the services are more customized, then we should have one generic application program that
allows the user to access the services available on the remote computer.

Client

A client is a program that runs on the local machine requesting service from the server. A client program
is a finite program means that the service started by the user and terminates when the service is
completed.

Server

A server is a program that runs on the remote machine providing services to the clients. When the client
requests for a service, then the server opens the door for the incoming requests, but it never initiates
the service.
1
BCA III yr Advance Networking Concepts
Unit 5: Client –server Model & Network Security

A server program is an infinite program means that when it starts, it runs infinitely unless the problem
arises. The server waits for the incoming requests from the clients. When the request arrives at the
server, then it responds to the request.

Advantages of Client-server networks:

 Centralized: Centralized back-up is possible in client-server networks, i.e., all the data is stored
in a server.
 Security: These networks are more secure as all the shared resources are centrally administered.
 Performance: The use of the dedicated server increases the speed of sharing resources. This
increases the performance of the overall system.
 Scalability: We can increase the number of clients and servers separately, i.e., the new element
can be added, or we can add a new node in a network at any time.

Disadvantages of Client-Server network:

 Traffic Congestion is a big problem in Client/Server networks. When a large number of clients
send requests to the same server may cause the problem of Traffic congestion.
 It does not have a robustness of a network, i.e., when the server is down, then the client
requests cannot be met.
 A client/server network is very decisive. Sometimes, regular computer hardware does not serve
a certain number of clients. In such situations, specific hardware is required at the server side to
complete the work.
 Sometimes the resources exist in the server but may not exist in the client. For example, If the
application is web, then we cannot take the print out directly on printers without taking out the
print view window on the web.

E-mail
E-mail is defined as the transmission of messages on the Internet. It is one of the most
commonly used features over communications networks that may contain text, files, images, or
other attachments. Generally, it is information that is stored on a computer sent through a
network to a specified individual or group of individuals.

Email messages are conveyed through email servers; it uses multiple protocols within the TCP/IP
suite. For example, SMTP is a protocol, stands for simple mail transfer protocol and used to send
messages whereas other protocols IMAP or POP are used to retrieve messages from a mail
server. If you want to login to your mail account, you just need to enter a valid email address,
password, and the mail servers used to send and receive messages.

Although most of the webmail servers automatically configure your mail account, therefore, you
only required to enter your email address and password. However, you may need to manually
configure each account if you use an email client like Microsoft Outlook or Apple Mail. In
addition, to enter the email address and password, you may also need to enter incoming and
outgoing mail servers and the correct port numbers for each one.

Email messages include three components, which are as follows:

2
BCA III yr Advance Networking Concepts
Unit 5: Client –server Model & Network Security

Message envelope: It depicts the email's electronic format.

Message header: It contains email subject line and sender/recipient information.
Message body: It comprises images, text, and other file attachments.

The email was developed to support rich text with custom formatting, and the original email
standard is only capable of supporting plain text messages. In modern times, email supports
HTML (Hypertext markup language), which makes it capable of emails to support the same
formatting as websites. The email that supports HTML can contain links, images, CSS layouts,
and also can send files or "email attachments" along with messages. Most of the mail servers
enable users to send several attachments with each message. The attachments were typically
limited to one megabyte in the early days of email. Still, nowadays, many mail servers are able
to support email attachments of 20 megabytes or more in size.

In 1971, as a test e-mail message, Ray Tomlinson sent the first e-mail to himself. This email was
contained the text "something like QWERTYUIOP." However, the e-mail message was still
transmitted through ARPANET, despite sending the e-mail to himself. Most of the electronic
mail was being sent as compared to postal mail till 1996.

The main components of an e-mail system that facilitate sending and receiving of e-mails on
Internet are :

An e-mail client
An e-mail server (SMTP server)
POP and IMAP servers.

An Email Client
If you use e-mails for online communication the you would definitely be using an e-mail client.
An e-mail client provides you with the following capabilities :
Provides a list of messages that people have sent to you. Each entry in the list contains the name
of sender, a subject, a few words from the message body and the time/date on which it was
received.
Provides the ability to read a complete message, reply to it or forward it to other people.
Provides the ability to compose a new message and send it to the desired recipients.
Delete a message.
The e-mail clients could be standalone (like Microsoft Outlook, Pegasus etc) or could be web
based (like gmail, yahoo etc). There could be many advanced abilities that e-mail clients may
provide but whatever the type of e-mail client be, the core abilities described above are
provided by all type of clients.

An Email Server
Whenever you send a message from your e-mail client, it goes to an e-mail server. The e-mail
server manages the messages received by it. It forwards the message to a POP or IMAP service if
the message is to be sent to a recipient on the same subnet else it follows the standard
procedure to send the message over Internet to the destined person.
An e-mail server comes into the picture twice if e-mail is sent over Internet to a remote
destination. First it’s the sender’s e-mail server that sends the e-mail over the Internet and
second is the receiver’s e-mail server that receives the e-mail and makes sure that it is delivered

3
BCA III yr Advance Networking Concepts
Unit 5: Client –server Model & Network Security

to the recipient’s system. On the other hand, an E-mail server comes into picture only once
when the recipient is on the same subnet.

SMTP servers are widely used as e-mail servers all over the internet. An SMTP server is also
known as Mail Transfer Agent (MTA).

POP and IMAP Servers

As already explained, these servers come into the picture when a message is received by SMTP
server and it needs to be forwarded to the actual recipient. Let’s discuss both these servers one
by one :

POP
POP stands for Post Office Protocol. A POP (or POP3) server in it’s simplest form stores the
messages for a particular user in a text file. The file for a particular user is appended with
information each time an e-mail is received by a POP server. If your e-mail client is configured
to use a POP3 protocol then whenever you try to fetch e-mails through your e-mail client then a
request is sent to your POP server for the same.
A POP server requires the log-in credentials of a user that are sent through e-mail client. Once a
user is authenticated, the POP server provides access to user’s e-mails.

IMAP
IMAP stands for Internet message access protocol. This protocol is also used to access e-mails
but it is far more capable than POP. One of the most prominent feature an IMAP server provides
is the central access to e-mails. Unlike POP server, an IMAP server keeps the e-mails on the
server itself and so you can access e-mails from any machine or device.
This server also provides easy management of e-mails like searching, categorizing the e-mails
and placing them into various sub-folders etc. The only problem that one could imagine with
IMAP server is that you always need an Internet connection so that the e-mail client is able to
fetch e-mails from the IMAP server. But today, almost all of the e-mail clients have the capability
to cache the e-mails so that you can even view them when you are offline.

To interact with IMAP server, the e-mail client connects to server machine on port 143. As with
POP, IMAP server also understands a set of commands which the e-mail client uses to connect
with the server.

4
BCA III yr Advance Networking Concepts
Unit 5: Client –server Model & Network Security

 An e-mail client like Gmail, yahoo, outlook etc is used to create or reply to an e-mail.
 Once the e-mail is drafted successfully, it is sent using the e-mail client.
 This e-mail first goes to the SMTP server (also known as MTA (Mail transfer agent) ) to
which the e-mail client is connected.
 The e-mail server looks out for the recipients address. The address is of the form
<name>@domain.com
 The e-mail server first uses the DNS technique to resolve the domain name into a valid
IP address.
 Next it sends the e-mail to to this IP address over the Internet.
 Now the e-mail traverses over the Internet in a series of IP packets and reaches the
destination SMTP server or the MTA.
 This server collects all the e-mails and places them to appropriate location so that these
are accessible to your e-mail clients through POP or IMAP services.

Structure of an Email message:

To: This field consists of the address to whom the message has to be sent. This is mandatory.

CC: Short for carbon copy. This is optional. The people who were mailed copies of the message. The
recepients of the message will know to whom all the copies have been sent.

BCC: Its stands for Black Carbon Copy. It is used when we do not want one or more of the recipients to
know that someone else was copied on the message. This is optional.

Subject : The Subject field indicates the purpose of e-mail.

Attachment: Attachment contains files that you are sending, linked documents, pictures, etc. along with
an e-mail.

5
BCA III yr Advance Networking Concepts
Unit 5: Client –server Model & Network Security

Body: The email body is the main part of an email message. It contains the message’s text, images and
other data (such as attachments). The email’s body is distinct from its header, which contains control
information and data about the message (such as its sender, the recipient and the path an email took to
reach its destination).

Signature: Name of the sender

Advantages and Disadvantages of Email:

Advantages:
• Reliable: Because it notifies the sender if not delivered.

• Speed: E-mail is very fast delivered in fraction of seconds.

• Inexpensive: Its very cheap.

• Waste Reduction: Helps in paperless communication thus eco-friendly.

Disadvantages:
• Forgery: Anyone who hacks the password of the sender can send a message to anyone.

• Overload: Because it is cheap loads and loads of messages keeps coming.

• Junk: Junk emails are not intended mails and is inappropriate also. Junk emails are sometimes referred
to as spam.

Cryptography
Cryptography is a method of protecting information and communications through the use of codes, so
that only those for whom the information is intended can read and process it. The prefix "crypt-" means
"hidden" or "vault" -- and the suffix "-graphy" stands for "writing."

In computer science, cryptography refers to secure information and communication techniques derived
from mathematical concepts and a set of rule-based calculations called algorithms, to transform
messages in ways that are hard to decipher. These deterministic algorithms are used for cryptographic
key generation, digital signing, verification to protect data privacy, web browsing on the internet, and
confidential communications such as credit card transactions and email.

Cryptography techniques
Cryptography is closely related to the disciplines of cryptology and cryptanalysis. It includes techniques
such as microdots, merging words with images, and other ways to hide information in storage or transit.
However, in today's computer-centric world, cryptography is most often associated with scrambling
plaintext (ordinary text, sometimes referred to as cleartext) into ciphertext (a process called
encryption), then back again (known as decryption). Individuals who practice this field are known as
cryptographers.

Modern cryptography concerns itself with the following four objectives:

 Confidentiality: the information cannot be understood by anyone for whom it was unintended

6
BCA III yr Advance Networking Concepts
Unit 5: Client –server Model & Network Security

 Integrity: the information cannot be altered in storage or transit between sender and intended
receiver without the alteration being detected
 Non-repudiation: the creator/sender of the information cannot deny at a later stage his or her
intentions in the creation or transmission of the information
 Authentication: the sender and receiver can confirm each other's identity and the
origin/destination of the information
Procedures and protocols that meet some or all of the above criteria are known as cryptosystems.
Cryptosystems are often thought to refer only to mathematical procedures and computer programs;
however, they also include the regulation of human behavior, such as choosing hard-to-guess
passwords, logging off unused systems, and not discussing sensitive procedures with outsiders.

Cryptographic algorithms
Cryptosystems use a set of procedures known as cryptographic algorithms, or ciphers, to encrypt and
decrypt messages to secure communications among computer systems, devices such as smartphones,
and applications. A cipher suite uses one algorithm for encryption, another algorithm for message
authentication, and another for key exchange. This process, embedded in protocols and written in
software that runs on operating systems and networked computer systems, involves public and private
key generation for data encryption/decryption, digital signing and verification for message
authentication, and key exchange.

Three types of cryptographic techniques used in general.

1. Symmetric-key cryptography

2. Hash functions.

3. Public-key cryptography

Symmetric-key Cryptography: Both the sender and receiver share a single key. The sender uses this key
to encrypt plaintext and send the cipher text to the receiver. On the other side the receiver applies the
same key to decrypt the message and recover the plain text.

Public-Key Cryptography: This is the most revolutionary concept in the last 300-400 years. In Public-Key
Cryptography two related keys (public and private key) are used. Public key may be freely distributed,
while its paired private key, remains a secret. The public key is used for encryption and for decryption
private key is used.

7
BCA III yr Advance Networking Concepts
Unit 5: Client –server Model & Network Security

Hash Functions: No key is used in this algorithm. A fixed-length hash value is computed as per the plain
text that makes it impossible for the contents of the plain text to be recovered. Hash functions are also
used by many operating systems to encrypt passwords.

SYMMETRIC KEY CRYPTOGRAPHY

An encryption system in which the sender and receiver of a message share a single, common key that is
used to encrypt and decrypt the message. The most popular symmetric–key system is the Data
Encryption Standard (DES)

Symmetric encryption is generally more efficient than asymmetric encryption and therefore preferred
when large amounts of data need to be exchanged.

Establishing the shared key is difficult using only symmetric encryption algorithms, so in many cases, an
asymmetric encryption is used to establish the shared key between two parties.

8
BCA III yr Advance Networking Concepts
Unit 5: Client –server Model & Network Security

A few well-known examples of symmetric key encryption methods are − Digital Encryption Standard
(DES), Triple-DES (3DES), IDEA , BLOWFISH and AES. Key exchange protocols used to establish a shared
encryption key include Diffie-Hellman (DH), elliptic curve (EC) and RSA.

Transposition Ciphers
In Cryptography, a transposition cipher is a method of encryption by which the positions held by units of
plaintext (which are commonly characters or groups of characters) are shifted according to a regular
system, so that the ciphertext constitutes a permutation of the plaintext.
That is, the order of the units is changed (the plaintext is reordered). Mathematically, a bijective
function is used on the characters’ positions to encrypt and an inverse function to decrypt.

Substitution Cipher
Method of encryption by which units of plaintext are replaced with ciphertext, according to a fixed
system; the “units” may be single letters (the most common), pairs of letters, triplets of letters, mixtures
of the above, and so forth.

Example:
Consider this example shown on the slide: Using the system just discussed, the keyword “zebras” gives
us the following alphabets:

Stream Cipher
Symmetric or secret-key encryption algorithm that encrypts a single bit at a time. With a Stream Cipher,
the same plaintext bit or byte will encrypt to a different bit or byte every time it is encrypted.

9
BCA III yr Advance Networking Concepts
Unit 5: Client –server Model & Network Security

Block Cipher
An encryption method that applies a deterministic algorithm along with a symmetric key to encrypt a
block of text, rather than encrypting one bit at a time as in stream ciphers

Example: A common block cipher, AES, encrypts 128-bit blocks with a key of predetermined length: 128,
192, or 256 bits. Block ciphers are pseudorandom permutation (PRP) families that operate on the fixed
size block of bits. PRPs are functions that cannot be differentiated from completely random
permutations and thus, are considered reliable until proven unreliable.

Data Encryption Standard (DES):

The Data Encryption Standard (DES) is a symmetric-key block cipher published by the National Institute
of Standards and Technology (NIST).
DES is an implementation of a Feistel Cipher. It uses 16 round Feistel structure. The block size is 64-bit.
Though, key length is 64-bit, DES has an effective key length of 56 bits, since 8 of the 64 bits of the key
are not used by the encryption algorithm (function as check bits only). General Structure of DES is
depicted in the following illustration –
10
BCA III yr Advance Networking Concepts
Unit 5: Client –server Model & Network Security

DES Analysis
The DES satisfies both the desired properties of block cipher. These two properties make cipher very
strong.

Avalanche effect − A small change in plaintext results in the very great change in the ciphertext.
Completeness − Each bit of ciphertext depends on many bits of plaintext.

During the last few years, cryptanalysis have found some weaknesses in DES when key selected are
weak keys. These keys shall be avoided.
DES has proved to be a very well designed block cipher. There have been no significant cryptanalytic
attacks on DES other than exhaustive key search.

Triple DES:
The speed of exhaustive key searches against DES after 1990 began to cause discomfort amongst users
of DES. However, users did not want to replace DES as it takes an enormous amount of time and money
to change encryption algorithms that are widely adopted and embedded in large security architectures.

The pragmatic approach was not to abandon the DES completely, but to change the manner in which
DES is used. This led to the modified schemes of Triple DES (sometimes known as 3DES).

Incidentally, there are two variants of Triple DES known as 3-key Triple DES (3TDES) and 2-key Triple DES
(2TDES).

3-KEY Triple DES

Before using 3TDES, user first generate and distribute a 3TDES key K, which consists of three different
DES keys K1, K2 and K3. This means that the actual 3TDES key has length 3×56 = 168 bits. The encryption
scheme is illustrated as follows −

11
BCA III yr Advance Networking Concepts
Unit 5: Client –server Model & Network Security

Triple DES systems are significantly more secure than single DES, but these are clearly a much slower
process than encryption using single DES.

International Data Encryption Algorithm (IDEA):

International Data Encryption Algorithm (IDEA) is a once-proprietary free and open block cipher that was
once intended to replace Data Encryption Standard (DES). Once called Improved Proposed Encryption
Standard (IPES)I, DEA is a minor revision to the Proposed Encryption Standard (PES).

IDEA uses similar processes for encryption and decryption, with some inverted ordering of round keys. It
consists of a series of 8 rounds and operates on 64-bit blocks using a 128-bit key. IDEA suffered from
weak keys until its key schedule was revised, and it may call for further revision in the future.

IDEA has been and is optionally available for use with Pretty Good Privacy (PGP). IDEA has been
succeeded by the IDEA NXT algorithm, itself once known as FOX.
Blowfish:
Blowfish is a symmetric-key block cipher, designed in 1993 by Bruce Schneier and included in many
cipher suites and encryption products. Blowfish provides a good encryption rate in software and no
effective cryptanalysis of it has been found to date. However, the Advanced Encryption Standard (AES)
now receives more attention, and Schneier recommends Twofish for modern applications.

Schneier designed Blowfish as a general-purpose algorithm, intended as an alternative to the aging DES
and free of the problems and constraints associated with other algorithms. At the time Blowfish was
released, many other designs were proprietary, encumbered by patents or were commercial or
government secrets. Schneier has stated that, "Blowfish is unpatented, and will remain so in all
countries. The algorithm is hereby placed in the public domain, and can be freely used by anyone."

Advanced Encryption Standard (AES):

The more popular and widely adopted symmetric encryption algorithm likely to be encountered
nowadays is the Advanced Encryption Standard (AES). It is found at least six time faster than triple DES.

12
BCA III yr Advance Networking Concepts
Unit 5: Client –server Model & Network Security

A replacement for DES was needed as its key size was too small. With increasing computing power, it
was considered vulnerable against exhaustive key search attack. Triple DES was designed to overcome
this drawback but it was found slow.

The features of AES are as follows −

 Symmetric key symmetric block cipher

 128-bit data, 128/192/256-bit keys
 Stronger and faster than Triple-DES
 Provide full specification and design details
 Software implementable in C and Java
Operation of AES
AES is an iterative rather than Feistel cipher. It is based on ‘substitution–permutation network’. It
comprises of a series of linked operations, some of which involve replacing inputs by specific outputs
(substitutions) and others involve shuffling bits around (permutations).

Interestingly, AES performs all its computations on bytes rather than bits. Hence, AES treats the 128 bits
of a plaintext block as 16 bytes. These 16 bytes are arranged in four columns and four rows for
processing as a matrix −

Unlike DES, the number of rounds in AES is variable and depends on the length of the key. AES uses 10
rounds for 128-bit keys, 12 rounds for 192-bit keys and 14 rounds for 256-bit keys. Each of these rounds
uses a different 128-bit round key, which is calculated from the original AES key.

The schematic of AES structure is given in the following illustration –

AES Analysis
13
BCA III yr Advance Networking Concepts
Unit 5: Client –server Model & Network Security

In present day cryptography, AES is widely adopted and supported in both hardware and software. Till
date, no practical cryptanalytic attacks against AES has been discovered. Additionally, AES has built-in
flexibility of key length, which allows a degree of ‘future-proofing’ against progress in the ability to
perform exhaustive key searches.

However, just as for DES, the AES security is assured only if it is correctly implemented and good key
management is employed.

Firewall
No one can deny the fact that the dynamic rise of the Internet has brought the world closer. But at the
same time, it has left us with different kinds of security threats. To ensure the confidentiality and
integrity of valuable information of a corporate network from the outside attacks, we must have some
robust mechanism. This is where the Firewall comes into picture.

A firewall is a type of cybersecurity tool that is used to filter traffic on a network. Firewalls can be used
to separate network nodes from external traffic sources, internal traffic sources, or even specific
applications. Firewalls can be software, hardware, or cloud-based, with each type of firewall having its
own unique pros and cons.

The primary goal of a firewall is to block malicious traffic requests and data packets while allowing
legitimate traffic through.

It can be compared with a security guard standing at the entrance of a minister’s home. He keeps an eye
on everyone and physically checks every person who wishes to enter the house. It won’t allow a person
to enter if he/she is carrying a harmful object like a knife, gun etc. Similarly, even if the person doesn’t
possess any banned object but appears suspicious, the guard can still prevent that person’s entry.

The firewall acts as a guard. It guards a corporate network acting as a shield between the inside network
and the outside world. All the traffic in either direction must pass through the firewall. It then decides
whether the traffic is allowed to flow or not. The firewall can be implemented as hardware and
software, or a combination of both.
14
BCA III yr Advance Networking Concepts
Unit 5: Client –server Model & Network Security

Types of Firewalls:

1. Packet Filters –
It works in the network layer of the OSI Model. It applies a set of rules (based on the contents of IP and
transport header fields) on each packet and based on the outcome, decides to either forward or discard
the packet.
For example, a rule could specify to block all incoming traffic from a certain IP address or disallow all
traffic that uses UDP protocol. If there is no match with any predefined rules, it will take default action.
The default action can be to ‘discard all packets’ or to ‘accept all packets’.

Security threats to Packet Filters:

 IP address Spoofing:
In this kind of attack, an intruder from the outside tries to send a packet towards the internal corporate
network with the source IP address set equal to one of the IP address of internal users.
Prevention:
Firewall can defeat this attack if it discards all the packets that arrive at the incoming side of the firewall,
with source IP equal to one of the internal IPs.
 Source Routing Attacks:
In this kind of attack, the attacker specifies the route to be taken by the packet with a hope to fool the
firewall.
Prevention:
Firewall can defeat this attack if it discards all the packets that use the option of source routing aka path
addressing.
 Tiny Fragment Attacks:
Many times, the size of the IP packet is greater than the maximum size allowed by the underlying
network such as Ethernet, Token Ring etc. In such cases, the packet needs to be fragmented, so that it
can be carried further. The attacker uses this characteristic of TCP/IP protocol. In this kind of attack, the
attacker intentionally creates fragments of the original packet and send it to fool the firewall.
Prevention:
Firewall can defeat this attack if it discards all the packets which use the TCP protocol and is fragmented.
Dynamic Packet Filters allow incoming TCP packets only if they are responses to the outgoing TCP
packets.

2. Application Gateways –
It is also known as Proxy server. It works as follows:
Step-1: User contacts the application gateway using a TCP/IP application such as HTTP.
Step-2: The application gateway asks about the remote host with which the user wants to establish a
connection. It also asks for the user id and password that is required to access the services of the
application gateway.
Step-3: After verifying the authenticity of the user, the application gateway accesses the remote host on
behalf of the user to deliver the packets.

3. Stateful Inspection Firewalls –

It is also known as ‘Dynamic Packet Filters’. It keeps track of the state of active connections and uses this
information to decide which packets to allow through it, i.e., it adapts itself to the current exchange of
information, unlike the normal packet filters/stateless packet filters, which have hardcoded routing
rules.

15
BCA III yr Advance Networking Concepts
Unit 5: Client –server Model & Network Security

4. Circuit-Level Gateways –
It works at the session layer of the OSI Model. It is the advanced variation of Application Gateway. It acts
as a virtual connection between the remote host and the internal users by creating a new connection
between itself and the remote host. It also changes the source IP address in the packet and puts its own
address at the place of source IP address of the packet from end users. This way, the IP addresses of the
internal users are hidden and secured from the outside world.

VPN (Virtual Private Network)

VPN (Virtual Private Network) Definition: VPN meaning that it is a private point-to-point connection
between two machines or networks over a shared or public network such as the internet. A Virtual
Private Network is a combination of software and hardware. VPN (Virtual Private Network) technology,
can be use in organization to extend its safe encrypted connection over less secure internet to connect
remote users, branch offices, and partner private, internal network. VPN turn the Internet into a
simulated private WAN.

It uses “virtual” connections routed through the internet from a business’s private network to the
remote site. A Virtual Private Network is a technology which creates a network, and that network is
virtually private.

The letter V in VPN stands for “virtual” means that it shares physical circuits with other traffic and it has
no corresponding physical network.
For example, suppose there is a company which has two locations, one in Noida and other in Pune. For
both places to communicate efficiently, the company has the choice to set up private lines between the
two locations. Although private lines would restrict public access and extend the use of their bandwidth,
it will cost the company a great deal of money since they would have to purchase the communication
lines per mile. So, the more viable option is to implement a VPN. The company can hook their
communication lines with a local ISP in both cities. Thus, the ISP would act as a middleman, connecting
the two locations. This would create an affordable small area network for the company.

A VPN client uses TCP/IP protocol, that is called tunneling protocols, to make a virtual call to VPN server.

What is VPN (Virtual Private Network)

Virtual private network extends a private network across public networks. VPN allows users working at
home or office to connect in a secure fashion to a remote corporate server using the routing
infrastructure provided by a public inter-network (such as the Internet). From the user’s perspective, the
VPN is a point-to-point connection between the user’s computer and a corporate server. The nature of
the intermediate inter-network is irrelevant to the user because it appears as if the data is being sent
over a dedicated private link.

16
BCA III yr Advance Networking Concepts
Unit 5: Client –server Model & Network Security

Types of VPN (Virtual Private Network)

VPN is of three kinds:

1. Remote access VPN (Virtual Private Network)

• The VPN which allows individual users to establish secure connections with a remote computer
network is known as remote-access VPN.
• There is a requirement of two components in a remote-access VPN which are as follows:
I. Network Access Server (NAS)
II. Client software.
• It enables the remote connectivity using any internet access technology.
• Here, the remote user launches the VPN client to create a VPN tunnel.

2. Intranet VPN (Virtual Private Network)

• If a company has one or more remote locations and the company wants to join those locations into a
single private network, then that company can create an intranet VPN so that they can connect LAN of
one site to another one.
• Intranet VPN can link corporate headquarters, remote offices and branch offices over a shared
infrastructure using dedicated connections.
• If we use intranet VPN, then it reduces the WAN bandwidth costs.
• The user can also connect new sites easily by using this network.

3. Extranet VPN (Virtual Private Network)

• If a company has the close relationship with the other company (that company can be their customer,
supplier, branch and another partner company), then those companies can build an extranet VPN so
that they can connect LAN of one company to the other. It allows all of the companies to work in a
shared environment.

• The extranet VPN facilitates e-commerce.

Type of Virtual Network Protocol

There are three network protocols are used within VPN tunnels. That are:

 Internet Protocol Security (IPSec)

We can make use of this protocol for encryption. It is used as a protocol suite. It is used as a “protocol
suite for securing Internet Protocol (IP) communications by authenticating and encrypting each packet
of IP of a data stream.” It requires expensive, time-consuming client installations, which is its most
significant disadvantage.

 Point-to-Point Tunneling Protocol (PPTP)

Generally, it is the most widely used VPN protocol among windows users. It was created by Microsoft in
association with the other technology companies. The most significant disadvantage of PPTP is that it
does not provide encryption. It relies on PPP (Point-to-Point Protocol). It is implemented for the security
measures. It is also available for Linux and Mac users. As compared to other methods, PPTP is faster.

 Layer 2 Tunneling Protocol (L2TP)

It is another tunnelling protocol which supports VPN. L2TP is created by Microsoft and Cisco as a
combination between PPTP and L2F (Layer 2 Forwarding). L2TP also does not provide encryption as like
as PPTP. The main difference between both of them is that L2TP delivers data confidentiality and data
integrity.

17
BCA III yr Advance Networking Concepts
Unit 5: Client –server Model & Network Security

Advantages of VPN (Virtual Private Network) / The benefits of VPN are as follows:

• Security: The VPN should protect data while it’s travelling on the public network. If intruders attempt
to capture data, they should be unable to read or use it.
• Reliability: Employees and remote offices should be able to connect to VPN. The virtual network
should provide the same quality of connection for each user even when it is handling the maximum
number of simultaneous connections.
• Cost Savings: Its operational cost is less as it transfers the support burden to the service providers.
• It reduces the long-distance telephone charges.
• It cut technical support.
• It eliminates the need for expensive private or leased lines.
• Its management is straightforward.
• Scalability: growth is the flexible, i.e., we can easily add new locations to the VPN.
• It is efficient with broadband technology.
• By using VPN, the equipment cost is also reduced.

Disadvantages of VPN (Virtual Private Network) / The difficulties of VPN are as follows:

• For VPN network to establish, we require an in-depth understanding of the public network security
issues.
• VPNs need to accommodate complicated protocols other than IP.
• There is a shortage of standardization. The product from different vendors may or may not work well
together.
• The reliability and performance of an Internet-based private network depend on uncontrollable
external factors, which is not under an organization’s direct control.

IMP QUESTIONS:
1. Discuss Client-Server Model.
2. Explain working of E-mail system.
3. What is E-mail? Explain structure of E-mail.
4. What is cryptography? Discuss some commonly used terms in cryptography.
5. Explain symmetric key algorithm.
6. Discuss Firewall in detail.
7. Explain VPN.

18