Agenda

 The Layered Model

 Layers 1 & 2: Physical &
Data Link Layers
 Layer 3: Network Layer
 Layers 4–7: Transport,
Session, Presentation,
and Application Layers

Section VII
The Layered Model
 Layered Communication

Location A
I like
Message
rabbits

L: Dutch Information
Ik hou for the
Remote
van Translator
konijnen

Fax #:--- Information

L: Dutch for the
Ik hou Remote
van Secretary
konijnen
Source: Tanenbaum, 1996

Section VII
 Layered Communication

Location A Location B
I like J’aime
Message
rabbits les lapins

L: Dutch Information L: Dutch

Ik hou for the Ik hou
Remote
van van
Translator
konijnen konijnen

Fax #:---
Fax #:--- Information L: Dutch
L: Dutch for the Ik hou
Ik hou Remote
van
van Secretary
konijnen
konijnen

Section VII
 Layered Communication

Location A Location B
Layers
I like J’aime
rabbits
Message
3 les lapins

L: Dutch Information L: Dutch

for the
Ik hou
van
remote 2 Ik hou
van
translator
konijnen konijnen

Fax #:---
Fax #:--- Information L: Dutch
L: Dutch for the Ik hou
Ik hou remote
van secretary 1 van
konijnen
konijnen

Section VII
 Why a Layered Network Model?

7 Application • Reduces complexity (one big

problem to seven smaller
6 Presentation
ones)
5 Session • Standardizes interfaces
4 Transport • Facilitates modular
engineering
3 Network
• Assures interoperable
2 Data Link technology
1 Physical • Accelerates evolution
• Simplifies teaching and
learning

Section VII
 Devices Function at Layers

7 Application
6 Presentation
NIC Card
5 Session
4 Transport
3 Network
2 Data Link
1 Physical

Hub

Section VII
 Host Layers

7
6
5
4
3
Application
Presentation
Session
Transport
Network
} Host layers: Provide
accurate data delivery
between computers

2 Data Link
1 Physical

Section VII
 Media Layers

}
7 Application
6 Presentation Host layers: Provide
5 Session accurate data delivery
between computers
4 Transport
3 Network
2
1
Data Link
Physical
} Media layers: Control
physical delivery of messages
over the network

Section VII
 Layer Functions

7 Application Provides network services to

application processes (such as
electronic mail, file transfer, and
terminal emulation)

Section VII
 Layer Functions

7 Application Network services to applications

6 Presentation Data representation

• Ensures data is readable by
receiving system
• Format of data
• Data structures
• Negotiates data transfer
syntax for application layer

Section VII
 Layer Functions

7 Application Network services to applications

6 Presentation Data representation

5 Session Inter-host communication

• Establishes, manages, and
terminates sessions between
applications

Section VII
 Layer Functions

7 Application Network services to applications

6 Presentation Data representation

5 Session Inter-host communication

4 Transport End-to-end connection reliability

• Concerned with data transport
issues between hosts
• Data transport reliability
• Establishes, maintains, and
terminates virtual circuits
• Fault detection and recovery
• Information flow control

Section VII
 Layer Functions

7 Application Network services to applications

6 Presentation Data representation

5 Session Inter-host communication

4 Transport End-to-end connection reliability

3 Network Addresses and best path

• Provides connectivity and path
selection between two end
systems
• Domain of routing

Section VII
 Layer Functions
7 Application Network services to applications

6 Presentation Data representation

5 Session Inter-host communication

4 Transport End-to-end connection reliability

3 Network Addresses and best path

2 Data Link Access to media

• Provides reliable transfer of data
across media
• Physical addressing, network
topology, error notification, flow
control

Section VII
 Layer Functions
7 Application Network services to applications

6 Presentation Data representation

5 Session Inter-host communication

4 Transport End-to-end connection reliability

3 Network Addresses and best path

2 Data Link Access to media

1 Physical Binary transmission

• Wires, connectors, voltages,
data rates
Section VII
 Peer-to-Peer Communications

Host A Host B
7 Application Application
6 Presentation Presentation
5 Session Session
4 Transport Segments Transport
3 Network Packets Network
2 Data Link Frames Data Link
1 Physical Bits Physical

Section VII
 Data Encapsulation
Host A Host B
Application Application

Presentation

Session

Transport
} { Data Presentation

Session

Transport

Network Network

Data Link Data Link

Physical Physical
Section VII
 Data Encapsulation
Host A Host B
Application Application

Presentation

Session

Transport
} { Data

Network Data
Header
Presentation

Session

Transport

Network Network

Data Link Data Link

Physical Physical
Section VII
 Data Encapsulation
Host A Host B
Application Application

Presentation

Session

Transport
} { Data

Network Data
Header
Presentation

Session

Transport

Network Network

Frame Network Data Frame

Data Link Data Link
Header Header Trailer

Physical Physical
Section VII
 Data Encapsulation
Host A Host B
Application Application

Presentation

Session

Transport
} { Data

Network Data
Header
Presentation

Session

Transport

Network Network

Frame Network Data Frame

Data Link Data Link
Header Header Trailer

Physical Physical
0101101010110001
Section VII
 Layers 1 & 2:
Physical & Data Link Layers
 Physical and Logical Addressing

0000.0c12.3456

Section VII
 MAC Address

24 bits 24 bits

Vendor Code Serial Number

0000.0c12. 3456
ROM
RAM

• MAC address is burned into ROM on a

network interface card
Section VII
 Layer 3:
Network Layer
Network Layer: Path Determination

Which
Which Path?
Path?

• Layer 3 functions to find the best

path through the internetwork

Section VII
 Network Layer: Communicate Path

5
2 9
6 8
4
10 11
1 3
7

 Addresses represent the path of media

connections
 Routing helps contain broadcasts
Section VII
 Addressing—Network and Node

Network Node

1 1
2.1
2
3 1.2

2 1 1.3 1.1 3.1

3 1

• Network address—Path part used by the router

• Node address—Specific port or device on the network

Section VII
 Protocol Addressing Variations

General Network Node

Example 1
1

Network Host
TCP/IP
Example 10. 8.2.48 (Mask 255.0.0.0)

Network Node
Novell IPX
Example 1aceb0b. 0000.0c00.6e25

Section VII
 Network Layer
Protocol Operations
X Y
C
C

A
A

 Each router provides its services to support

upper layer functions

Section VII
 Network Layer
Protocol Operations
X Y
C
C

A
A

B
B
Host X Host Y
Application Application
Presentation Presentation
Session Router A Router B Router C Session
Transport Transport
Network Network Network Network Network
Data Link Data Link Data Link Data Link Data Link
Physical Physical Physical Physical Physical

 Each router provides its services to

support upper layer functions Section VII
 Multiprotocol Routing

Routing Tables
IPX 3a.0800.5678.12ab
Novell Apple
IP 15.16.50.3
IPX 4b.0800.0121.ab13 DEC IP Token
Ring

AppleTalk 100.110

VAX

DECnet 5.8 Token

Ring VAX

IP 15.16.42.8 DECnet 10.1

AppleTalk 200.167 IP 15.17.132.6

 Routers pass traffic from all routed protocols over the internetwork
Section VII
 Routed Versus Routing Protocol

• Routed protocol
used between
routers to direct
user traffic

Examples: IP, IPX,

AppleTalk, DECnet Network Destination Exit Port
Protocol Network to Use
Protocol Name 1.0 1.1
2.0 2.1
3.0 3.1

Section VII
 Routed Versus Routing Protocol

• Routed protocol
used between
routers to direct
user traffic

Examples: IP, IPX,

AppleTalk, DECnet

• Routing protocol
used only between
routers to maintain
routing tables
Examples: RIP, IGRP, OSPF

Section VII
 Static Versus Dynamic Routes

Static Route
Uses a protocol route that a network
administrator enters into the router

Dynamic Route
Uses a route that a network protocol
adjusts automatically for topology or
traffic changes

Section VII
 Static Route Example

Point-to-point or
A
A circuit-switched
connection

Only a single network

connection with no need B
B
for routing updates

“Stub” network
 Fixed route to address reflects
administrator’s knowledge
Section VII
 Adapting to Topology Change

A
A B
B

D
D C
C

 Can an alternate route substitute

for a failed route?
Section VII
Adapting to Topology Change

A
A B
B

X
D
D C
C

Section VII
 Adapting to Topology Change

A
A B
B

X
D
D C
C

 Can an alternate route substitute

for a failed route?
Yes—With dynamic routing enabled
Section VII
 LAN-to-LAN Routing Example

Network 2
Host 4 Network 3
Host 5
Token
E1 Ring
Network 1 E0 To0

802.3 Net 2, Host 5

Routing Table
Destination Outgoing
Network Interface
1 E0
2 To0
3 E1

Section VII
 LAN-to-LAN Routing

From LAN to LAN

Network 2
Host 4 Network 3
Host 5
Token
E1 Ring
Network 1 E0 To0

802.3 Net 2, Host 5 802.5 Net 2, Host 5

Routing Table
Destination Outgoing
Network Interface
1 E0
2 To0
3 E1

Section VII
 LAN-to-WAN Routing

Data

1.3 2.4 Data

From
LAN 1.3
Token
Token Ring 1.3 2.4 Data
Ring

A
A
To
WAN Frame
Relay

B
B
2.4
To
LAN

Section VII
 LAN-to-WAN Routing

Data

1.3 2.4 Data

From
LAN 1.3
Token
Token Ring 1.3 2.4 Data
Ring

1.3 2.4 Data

A
A
To
WAN Frame Frame Relay 1.3 2.4 Data
Relay

B
B
2.4
To
LAN

Section VII
 LAN-to-WAN Routing

Data

1.3 2.4 Data

From
LAN 1.3
Token
Token Ring 1.3 2.4 Data
Ring

1.3 2.4 Data

A
A
To
WAN Frame Frame Relay 1.3 2.4 Data
Relay

1.3 2.4 Data

B
B
2.4 1.3 2.4 Data
To Ethernet
LAN
1.3 2.4 Data

Data Section VII

 Layers 4–7:
Transport, Session, Presentation, and
Application Layers
 Transport Layer

 Segments upper-layer applications

 Establishes an end-to-end connection
 Sends segments from one end host to another
 Optionally, ensures data reliability

Section VII
 Transport Layer—
Segments Upper-Layer Applications

Application Electronic File Terminal

Presentation Mail Transfer Session

Session

Transport Application Application

Data Data
Port Port

Segments

Section VII
 Transport Layer—
Establishes Connection

Sender Receiver
Synchronize
Negotiate Connection
Synchronize
Acknowledge

Connection Established
Data Transfer

(Send Segments)

Section VII
 Transport Layer—
Sends Segments with Flow Control

Transmit

Sender Receiver

Buffer Full
Not Ready
Stop
Process
Segments

Go Ready
Buffer OK

Resume Transmission

Section VII
 Transport Layer—
Reliability with Windowing

• Window Size = 1
Send 1 Receive 1
Ack 2
Sender Send 2 Receive 2 Receiver
Ack 3

• Window Size = 3
Send 1 Receive 1
Send 2 Receive 2
Sender
Send 3 Receive 3 Receiver
Ack 4
Send 4

Section VII
 Transport Layer—
An Acknowledgement Technique

Sender Receiver

1 2 3 4 5 6 7 1 2 3 4 5 6 7
Send 1
Send 2
Send 3
Ack 4
Send 4
Send 5
Send 6
Ack 5
Send 5
Ack 7
Section VII
Transport to Network Layer

End-to-End Segments

Routed Packets

Section VII
 Session Layer

• Network File System (NFS)

• Structured Query Language (SQL)
• Remote-Procedure Call (RPC)
• X Window System
• AppleTalk Session Protocol (ASP)
• DEC Session Control Protocol (SCP)

Service Request

Service Reply

 Coordinates applications as
they interact on different hosts
Section VII
 Presentation Layer

• Text • Graphics
• Data • Visual images
ASCII PICT
login:
EBCDIC TIFF
Encrypted JPEG
• Sound GIF
MIDI
• Video
MPEG
QuickTime

 Provides code formatting and

conversion for applications
Section VII
 Application Layer
COMPUTER
APPLICATIONS
NETWORK
Word Processor APPLICATIONS INTERNETWORK
Presentation Graphics Electronic Mail
APPLICATIONS
Spreadsheet File Transfer Electronic Data Interchange
Database Remote Access World Wide Web
Design/Manufacturing Client-Server Process E-Mail Gateways
Project Planning Information Location Special-Interest Bulletin Boards
Others Network Management Financial Transaction Services
Others Internet Navigation Utilities
Conferencing (Voice, Video, Data)
Others
 Internetwork applications
can extend beyond the
enterprise (i.e., to suppliers, etc.)
Section VII
 Summary

 OSI reference model describes building blocks

of functions for program-to-program
communications between similar or dissimilar
hosts
 Layers 4–7 (host layers) provide accurate data
delivery between computers
 Layers 1–3 (media layers) control physical
delivery of data over the network

Section VII
Introduction to TCP/IP
 Agenda

 What Is TCP/IP?
 IP Addressing

Section VII
 TCP / IP
 Internet uses TCP / IP to establish the
connections between the clients and servers
and reliably move messages between them.
 IP = Internet Protocol
 TCP = Transmission Control Protocol

Section VII
 TCP / IP
 Establishes the connection (agreement to
communicate) between the source and the
destination computers
 Breaks down the connection when the
programs are finished communicating
 Carries the source and destination network
addresses (computer address)
 Routers look at the destination address to
determine how to route the message to the
correct destination

Section VII
 TCP / IP
 Identifies the source and destination
programs (ports) so the operating system
know which program should receive the
incoming packets (page 24)
 Keeps track of every packet sent and received
to help ensure that packets are not lost

Section VII
 What Is TCP/IP?

 A suite of protocols
 Rules that dictate how packets

of information are sent across

multiple networks
 Addressing

 Error checking

Section VII
 IP

 Internet Protocol (IP)

 Determines where packets are routed
based on their destination addresses
 Breaks packets into smaller packets and
reassembles them

Section VII
TCP/IP Transport Layer

21 FTP—File Transfer Protocol

23 Telnet
25 SMTP—Simple Mail Transfer Protocol
37 Time
69 TFTP—Trivial File Transfer Protocol
79 Finger
103 X400
161 SNMP—Simple Network Management Protocol
Section VII
162 SNMPTRAP
 TCP/IP Applications

 Application layer
 File Transfer Protocol (FTP)
 Remote Login (Telnet)
 E-mail (SMTP)
 Transport layer
 Transport Control Protocol (TCP)
 User Datagram Protocol (UDP)
 Network layer
 Internet Protocol (IP)
 Data link & physical layer
 LAN Ethernet, Token Ring, FDDI, etc.
 WAN Serial lines, Frame Relay, X.25, etc.

Section VII
TCP Transmission Control Protocol

Section VII
 UDP User Datagram Protocol

• Unreliable
• Fast
• Assumes application will retransmit on error
• Often used in diskless workstations

Section VII
ICMP Ping

Section VII
 IPv4 Addressing

• 32-bit addresses
• Commonly expressed in dotted
decimal format (e.g., 192.168.10.12)
• Each “dotted decimal” is commonly
called an octet (8 bits)

Section VII
 IP Addressing—Three Classes

• Class A: NET.HOST.HOST.HOST
• Class B: NET.NET.HOST.HOST
• Class C: NET.NET.NET.HOST

Section VII
 IP Addressing—Class A

• 10.222.135.17
• Network # 10
• Host # 222.135.17
• Range of class A network IDs: 1–126
• Number of available hosts: 16,777,214

Section VII
 IP Addressing—Class B

• 128.128.141.245
• Network # 128.128
• Host # 141.245
• Range of class B network IDs:
128.1–191.254
• Number of available hosts: 65,534

Section VII
 IP Addressing—Class C

• 192.150.12.1
• Network # 192.150.12
• Host # 1
• Range of class C network IDs:
192.0.1–223.255.254
• Number of available hosts: 254

Section VII
 IP Network Address Classes

Class # Networks # Hosts Example

A 126 16,777,214 01111111 00000000 00000000 00000000

B 16,384 65,534 10111111 11111111 00000000 00000000

C 2,097,152 254 11011111 11111111 11111111 00000000

Class A 35.0.0.0 Host Address Space

Class B 128.5.0.0
Network Address Space
Class C 132.33.33.0
Section VII
 IP Subnetting

• Subnets allow routing

by ranges

Section VII
 IP Subnet Mask

Given:

Address = 131.108.2.160

Subnet Mask = 255.255.255.0

Subnet = 131.108.2.0

Section VII
 IP Address Assignment

• ISPs assign addresses to customers

• IANA assigns addresses to ISPs
• CIDR block: bundle of addresses

Section VII
 IPv6 Addressing

• 128-bit addresses
– 340,282,366,920,938,463,463,374,607,431,768,211,456 addresses

• Example: 5F1B:DF00:CE3E:E200:0020:0800:5AFC:2B36
• Example: 0:0:0:0:0:0:192.1.1.17

Section VII
 Summary

 TCP/IP is a suite of protocols

 TCP/IP defines communications between

computers on the Internet

 IP determines where packets are routed

based on their destination address

 TCP ensures packets arrive correctly

at their destination address

Section VII
 Message Routing

Message

Packet 1 Packet 2 Packet 3 IP Envelopes

with IP Address

MISTI.com
12.15.134.163

Message

Section VII
TCP/IP Packet

IP Header

TCP Header

Application Data

Section VII
 IP Header

Ver IHL Type of Total Length

Service

Identifier Flags Fragment Offset

Time To Live Protocol Header Checksum

Source Address

Destination Address

Options + Padding

Section VII
 TCP Header

Source Port Destination Port

Sequence Number

Acknowledgement Number

Offset Reserved Flags Window

Checksum Urgent Pointer

Message Length

Section VII
Section VII
 Intranets

 An intranet is your organization’s internal

network of clients and servers

 Intranets should be protected by firewalls

Section VII
 Extranets

 An extranet is the intranet of another

organization that is connected to your
intranet.
 Usually the extranet is connected to
your organization’s intranet through a
firewall.
 Firewall configuration is important !

Section VII
 Your
Company

Company Company
A B

Section VII
Architecture of the Web

Section VII
 Architecture of the Web
 Internet Backbones
 Telecom companies build high speed
networks (>45Mbps) that have nodes in
cities or countries called:
 Network Access Points (NAPs)
 Metropolitan Area Ethernets (MAEs)

Section VII
 Internet Service Provider (ISP)
 A company or organization that provides
connectivity to the Internet
 To connect to the Internet you must
connect to an ISP
 Organizations are their own ISPs
 for Intranet connections
 some Internet connections

Section VII
 Network Access Point (NAP)
 ISPs interconnect (forming the Internet)
via NAPs and peering points
 NAP is a router that interconnects ISPs
to a backbone circuit
 The backbone circuits (provided by
telecom companies) interconnect NAPs
 ISPs pay fees to connect to a NAP
 which gets charged back to you by the ISP

Section VII
 Network Access Point (NAP)
 Peering - ISPs exchange so much data
between them they install a private
circuit between the ISPs
 When 3 or more ISPs build a peering
connection … called a Private Network
Access Point (PNAPs)
 PNAPs can interconnect ISPs and also
connect to a NAP.
 … confused yet?

Section VII
 Summary
 NAPs connect to other NAPs
 PNAPs connect to NAPs and PNAPs
 National Backbones connect to NAPs
 Regional ISPs connect to National
Backbones, PNAPs or NAPs
 Local ISPs connect to Regional ISPs

Section VII
The Internet Hierarchy

Section VII
Internet Backbone

Section VII
Internet Backbone

Section VII
Internet Backbone
Internet Backbone
 Network Access Points
Nasa Ames
Internet
Exchange - PAIX - SEA
Sunnyvale Ameritech NAP
(CHI)
MAE West NY Internet
(MCI Exchange
Worldcom) (NYIIX)
- San Jose
Sprint NAP
Palo Alto - NJ
Internet
Exchange MAE Central MAE EAST
(PAIX) (MCI (MCI
Worldcom) - Worldcom)
LA Internet Dalllas
PAIX - PAIX - - DC
Exchange
Dallas ATL
(LAIIIA)

Network Access
Points
National Backbone
Government
Backbone
Regional ISPs
Local ISPs
The Internet: A Network of
Networks

Section VII
 Internet Hierarchy
Boston

ISP ISP
POP POP
Backbone
NAP NAP

San Francisco
• Routers and circuits
• Multiple paths
• Adaptive routing
Section VII
The New Business Model

104
 The Internet Is Changing the Way
Everyone Does Business

The Internet is driving

acceleration of
technology adoption.

Internet
 Compression of:
 Time
 Distance

 Business cycles

 Market turbulence
 Networked business Section VII
 Forces Driving Change

Compressed Need to
Product Do “More
Lifestyle with Less”

Blurring of Blurring of
Geographical Industries
Boundaries
Section VII
 Traditional Business Model Versus New
Business Model

Traditional New
Closely held Widely distributed among
knowledge base partners, suppliers

Limited access to Ubiquitous access to

information information by employees

Costly duplication Removal of redundancy

of effort through cost justification
and analysis
Limited hours to Global 24 x 7 access
conduct business
Section VII
Today’s Internet Business Solutions

 Intranets
 Extranets

 E-commerce

Section VII
Intranets
What Is an Intranet?

 An internal network based

on Internet and WWW
technology that delivers
immediate, up-to-date
information and services to
networked employees
 Platform independent
 Quick to implement
 Global reach

Section VII
Typical Intranet Applications

 Employee self-
service
 Distance learning

 Technical support

 Videoconferencing

Section VII
 Example: Employee
Self-Service
 What can you do with employee
self-service?
 Business management and planning

 Internal communications

 Human resources; benefits, training,

401K, payroll
 Internal IT services

 Budgeting, sales and revenue forecast

 EIS/daily operations management

and enterprise reporting
 Corporate travel

 Market intelligence

Section VII
 Benefits of Intranets
 Increase employee productivity
 Provide easy access to information
 Improve design productivity and
compress time to market
 Improve global communications
 Minimize downtime and cut
maintenance costs
 Realize cost savings

Section VII
Extranets
 What Is an Extranet?

 An extension of the
company network,
facilitating secure
collaborative
connections with:
 Key customers
 Suppliers
 Partners
Section VII
Typical Extranet Applications
 Supply-chain management
 Customer communications
 Distributor promotions
 Online continuing education/training
 Customer service
 Order status inquiry
 Inventory inquiry
 Account status inquiry
 Warranty registration
 Claims
 Online discussion forums
Section VII
 Example: Supply Chain Management

Distributors/
Suppliers Manufacturers Wholesalers Retailers Consumers

• From my suppliers’ suppliers to

my customers’ customers
Section VII
 Benefits of Extranets
 Provide access to specific company
information, and facilitate closer
working relationships
 Streamline day-to-day operations
with your partners and suppliers
 Reduce inventories and cycle times
 Improve channel performance
 Reduce costs
 Improve customer satisfaction

Section VII
E-Commerce
 E-Commerce Market
Growing Rapidly 349
327

 97% of companies Business to Consumer

conducting Business to Business
e-commerce Total
have less than 123 131
499 employees
25 31
 71% of them have 0.5 0.6 1.1 6 8 22
less than 49 1996 1998 2000
employees! 2002

Source: Forrester Research

Section VII
 Typical E-Commerce Applications

 Online catalog
 Order entry
 Configuration
 Pricing
 Order verification
 Credit authorization
 Invoicing
 Payment and receivables
 Inventory management

Section VII
 Benefits of E-Commerce

 Increase revenues
 Sell into global markets
 Improve customer satisfaction with
self-service application
 Manage inventory levels more
effectively
 Decrease costs

Section VII
Technology Implications of Internet
Applications
Technology Implications of Internet
Applications
 Higher bandwidth
requirements
 Security

 Potential of Virtual Private

Networks
 EDI

Section VII
 Applications Need Bandwidth

Kbps
Leased Line,
1544 Frame Relay, Video, Multimedia
XDSL
128
Simple Video, Voice
64 ISDN, FR

56K Web Browsing

New Modem
28.8
E-Mail, File Transfer
19.2
Old Modem Telnet
9.6
Minimum Bandwidth for Application per User
Section VII
 Internet Security Solutions
Headquarters
Sales
Office Mainframe

Firewall ISDN
Gateway Campus
PSTN
Internet Backbone

Public
Web 3178454

Server
Token
 Firewalls Intranet Card
Servers AAA Server
 Network Address Translation (NAT)
 Encryption: IPSec, DES, 3DES
 Token cards
 AAA Section VII
 Virtual Private Network
IP Packet
(Private, • Extends private network through public Internet
Encrypted) • Lower cost than private WAN
• Relies on tunneling and encryption
IP Header (Public)

Internet
Geneva

Frankfurt

Section VII
 Electronic Data Interchange (EDI)

Internet

Boston
EDI Format Purchase
San Francisco Order (Encrypted)

Public IP Packet

 Trading partners send and receive documents

 Proprietary formats are converted into partner-agreed EDI standards
 Reduces time, cost, and errors
Section VII
 Summary

 Internet business
solutions create competitive
advantage Employees Customers
 Higher customer
satisfaction
 Lower costs
Partners Suppliers
 Competitive
agility Ubiquitous
connectivity
 Accelerated time-to-
where the
business
market runs on the
network
 Higher employee efficiency
Section VII
 Firewalls

 An organization’s connection to the Internet

is through a router and firewall
 Outgoing messages
 router forwards message to firewall
 firewall determines through its configuration
rules if the message is allowed to pass to the
Internet
 if OK - the message is forwarded to the ISP and
onto the Internet

Section VII
 Firewalls
 Incoming messages
 message passes to the organization’s ISP
 message is forwarded to the firewall
 firewall determines through its configuration
rules if the message is allowed to enter the
organization’s network.
 if OK - the message is sent to the router and to
the correct internal destination

 Critical that the firewall’s configuration rules

be correct - Change Management!

Section VII
How a Company Connects to the Internet

Section VII
 IP Addresses
 Four ways of referencing a location on
the Internet:
 Fully qualified domain name (FQDN)
 Dotted decimal notation
 Decimal address
 Binary IP address

 The browser software converts all

formats into the binary IP format
Section VII
 IP Addresses
 Fully Qualified Domain Names
 zone.organization.domain.country

 www.misti.com

 controlled / assigned by Internet Network

Information Center (INIC)

Section VII
Section VII
Section VII
Section VII
 IP Addresses
 Dotted Decimal Notation
 xxx.xxx.xxx.xxx

 MIS Training Institute = 12.15.134.163

Section VII
Section VII
Section VII
Section VII
Section VII
 IP Addresses
 Decimal Address
 Decimal representation of the binary
address

 MIS Training Institute = 202,341,539

 Not sure why you would use this !?

Section VII
 IP Addresses
 Binary IP Address
 32-bit number (4 - 1 Byte numbers)

 00001100 00001111 10000110 10100011

 12.15.134.163

 Max = 255 = 11111111

Section VII
 bits & Bytes
128 64 32 16 8 4 2 1
---------------------------------------------
0 0 0 0 1 1 0 0 = 12
0 0 0 0 1 1 1 1 = 15
1 0 0 0 0 1 1 0 = 134
1 0 1 0 0 0 1 1 = 163
1 1 1 1 1 1 1 1 = 255

Section VII
 Domain Naming
 www.misti.com is a domain name
 .com = root domain
 .misti = second level label
 www = third level zone

 Domain names assigned by a registrar

 Maintains a database of domain names
and corresponding IP addresses.
 DNS associates domain name with
TCP/IP address
Section VII
 Domains
 .com commercial businesses
 .gov US & state governments
 .mil military
 .net network services
 .org not-for-profit organizations
 .edu educational institutions
 .aero .museum
 .biz .name
 .coop .pro

Section VII
 Domain Name System (DNS)

 Distributed database that converts a

domain name to IP address
 www.misti.com = 12.15.134.163

 13 world-wide servers in US, UK, Sweden

and Japan
 ISPs and many organizations have their
own DNS servers.

Section VII
 Domain Name System (DNS)
 When a user requests to visit a location
such as www.misti.com
 Browser sends a request to the local DNS
asking for the matching IP address
 If the local DNS server does not have the
entry, it goes to a higher DNS server asking
for the IP address
 Keeps trying until successful or cannot find
the IP address

Section VII
URL - Universal Resource Locator

 HTTP text format of a program,

directory or file
 Service://HOST/PATH_TO_FILE_OR PAGE
 Service specifies:
 ftp - file transfer protocol
 http - hypertext transport protocol
 https - Secure Socket Layer (SSL)
 telnet
 smtp - simple message transport protocol
Section VII
 URL - Universal Resource Locator

 Service://HOST/PATH_TO_FILE_OR PAGE

 HOST =
 IP address (12.15.134.163) -or-

 FQDN (www.misti.com)

 PATH = specific directory, file, document on

the server

Section VII
Section VII
 TCP/IP Ports
 Port Number = Every program on a
computer that is accessible through a
network connection has a unique identifier
 IETF has designated specific port numbers
to use for popular and standard applications
 Port 80 = web server program default
 Port numbers are divided into 3 ranges
 Well known ports = 0 -- 1023
 Registered ports = 1024 -- 49151
 Dynamic / private = 49152 -- 65535

Section VII
 Sample List of Ports and Their Applications
Port Application
7 Echo
20-21 FTP (file transfer)
23 telnet (remote login)
25 SMTP (simple mail transfer)
53 DNS (domain name system)
69 TFTP (trivial file transfer)
80 HTTP (hypertext transport protocol - WWW)

110 POP3 Mail (Post Office Protocol)

161,162 SNMP (Simple Network Management Protocol)

1352 Lotus Notes Mail

5190 AOL Instant Messenger and AOL Client

A complete and up-to-date list of ports can be found at: http://www.iana.org/assignments/port-numbers .

 TCP/IP Security Issues
echo: denial of service
ftp: unauthorized access, clear-text
interception, file read/write
telnet: unauthorized access, clear-text
interception
SMTP/sendmail: unauthorized access, message spoofing

DNS: network probing

http: unauthorized access, clear-text
interception, file read/write, malicious web
page content

POP3: unauthorized access, mail theft

SNMP: network probing, clear-text interception,
unauthorized access
“Black-Ice” Firewall - Cable Internet
 Audit Focus

 Security of environment
 Continuous Testing
 Risk Assessment
 Recognition that Internet is part
of the network infrastructure

Section VII
 Thin / Thick Client
Dial-in
VPN Partner SSL ?

Internet

XYZ, Inc.
E-Business
Router
Environment

DMZ

Web Server

Application Server Middleware Systems

Development Server Legacy Systems

Databases
Section VII
Section VII
Section VII
Section VII
Section VII
Section VII
 The Library
 Cuckoo’s Egg -- Cliff Stoll (1989 - but still relevant)
 Digital Signatures – Fred Piper, Simon Blake-Wilson, John Mitchell
 E-Commerce Security – Anup K. Ghosh
 Firewalls & Internet Security – William Cheswick, Steven Bellovin
 Growing up Digital – The Rise of the Net Generation - Don Tapscott
--interesting book about the impact of the Internet on today’s youth
 Hacking Exposed (2nd ed), Kurtz, McClure, Scambray
 How the Internet Works – Preston Gralla
 Internet Security – The Complete Guide – Mark Merkow, James
Breithaupt
 Network Security Essentials – William Stallings
 Secrets & Lies – Digital Security in a Networked World – Bruce Schneier
 Web Design in a Nutshell – Jennifer Niederst -- good reference & back
ground on webpage design including use of HTML, XML, Java, etc.