net concepts

8/14/2019 Net Concepts

1/13

- 1 - IST-SEW

Networking

ConceptsSkills for the Electronic Workplace

Stephen Carr, smcarr@ist

Copyright 1998 IST SEWPermission to use this document for non-commercial purposes, in original or modified form, is granted,

provided that the original source of the document is acknowledged as Skills for the Electronic Workplace,

Information Systems and Technology, University of Waterloo.

TABLE OF CONTENTS

INTRODUCTION ..................................................................................................................................2

THE STRUCTURE OF NETWORKS............ ............. ............. ............. ............. ............. ............. ......... 2

LAYERS, LEVELS, HIERARCHIES.............................................................................................................2

HIERARCHY OF NETWORKS....................................................................................................................2 Local Area Networks (LANs)... ............. ............. ............ ............. ............. ............. ............. ................ 2

Wide Area Networks (WANs) and the Internet........... ............. ............. ............. ............. ............. ........ 3

Your Privileges on the Network ............. ............. ............. ............. ............. ............. ............. .............. 3

LAYERED COMMUNICATION PROTOCOLS................................................................................................3

HOW IT ALL WORKS TOGETHER ............................................................................................................5

PHYSICAL STRUCTURE OF THE CAMPUS NETWORK .................................................................................6

NETWORK APPLICATIONS....... ............. ............. ............. ............. ............. ............. ............. ............. 8

THE CLIENT/ SERVER MODEL................................................................................................................ 8

EMAIL CONCEPTS ..................................................................................................................................9Attachments ......................................................................................................................................9

Configuring an Email Client Program............. ............. ............. ............. ............. ............. ............. .... 9

Junk Mail and Other Unwanted Mail............ ............. ............. ............. ............. ............. ............. ..... 10

WEB CONCEPTS...................................................................................................................................10Features of the Web ............ ............. ............. ............. ............. ............. ............. ............. ................ . 11

REMOTE COMMUNICATIONS CONCEPTS ................................................................................................11 Remote File Systems................ ............. ............. ............. ............. ............. ............. ............. ............. 11

Remote File Transfers ............. ............. ............. ............. ............. ............. ............. ............. ............. 12 Remote Log-ins............ ............. ............. ............. ............. ............. ............. ............. ............. ........... 12

Internet Service Providers and Dialing In from Home........ ............. ............. ............. ............. .......... 12

DATA SECURITY CONCEPTS................. ............. ............. ............. ............. ............. ............. ........... 12

PASSWORDS AND PERMISSIONS ............................................................................................................12

EAVESDROPPING AND ENCRYPTION...................................................................................................... 13

VIRUSES, TROJAN HORSES, AND WORMS ............................................................................................. 13

ACKNOWLEDGEMENTS............. ............. ............. ............. ............. ............. ............. ............. .......... 13


2/13

- 2 - IST-SEW

IntroductionNetworks connect computers together. Advantages of networking include communication with other users,

sharing resources such as printers and software, centralization of software and account maintenance, and

mobility of users.

This course will introduce the basic concepts necessary to make effective use of a networked computing

environment. The majority of these concepts are independent of the type of computer workstation or itsoperating system.

The technical side of computer networking is pretty complicated, and descriptions of it are littered with

acronyms. The purpose of this course is to demystify the workings of a network as much as possible. Since

most networking applications require some user configuration, we will focus on the common applicationsand the terms that average users are likely to encounter.

The Structure of Networks

Layers, Levels, Hierarchies

When we talk about networks (and many other computing concepts as well), we discover that most things

are organized in a layered or hierarchical fashion. The purpose of this section is to provide an overview

of how networks work, particularly the Internet. Lets start by looking at the hierarchy of networks

themselves.

Hierarchy of Networks

The Internet consists of interconnected sub-networks. Lets look at the hierarchy of networks.

Local

Workstat ion

LAN

WAN / Internet

Figure 1: Hierarchy of Networks

Local Area Networks (LANs)

If we connect a computer workstation to its neighbour in the next office to share a printer we end up with

a local area network (LAN). Often, a local area network consists of connected computers of a similar type


3/13

- 3 - IST-SEW

(i.e., using the same operating system) which are located in a limited geographical area. The Waterloo

Polaris network on campus is an example of a (rather large) PC LAN. The purpose of a LAN is usually to

pool the computing resources of a group of users. This pooling allows for cost savings such as is achieved

by providing centralized printing. The other main advantage of a LAN is to provide centralized

administration services for the users, such as software installation and maintenance, automated back-ups offiles, network security (passwords), etc.

More generally a LAN is a network such as the campus network as a whole which connects computers ofvarious types, and various sub-networks (including Waterloo Polaris), within a small geographical area.

The network supports various campus-wide functions such as the financial system database, the dial-in

modem pool, centralized data processing functions, etc. The campus network is much more diversified in

terms of its functions than a homogeneous LAN, and individual users generally only have access to a small

subset of these functions.

Wide Area Networks (WANs) and the Internet

A Wide Area Network (WAN) connects networks of computers of various types over a wide

geographical area. The world-wide Internet is the largest possible example of a WAN. The campus

network provides a link to the Internet remote sites linked by data communications over the globaltelecommunication system.

Your Privileges on the Network

It is important to realize that you have different privileges at different network levels. For example,you generally have quite a bit of latitude to modify your local workstation as you please. Your office area

LAN may allow you access to some shared network drives and printers, but not others. (Your network

administrator is the person who configures your LAN). Although you probably have access to the

Internet, you generally have very limited privileges to do anything other than collect information (read-

only access). However, if you save that information locally on your workstation, you can then modify

your local copy.

It is essential that you recognize which files (and disk drives) are local to your workstation and which are

being made available to you over the network. This distinction is important because it relates to data

security whether or not the files are being backed up or whether they are accessible by people other

than you. The location of disk and files is not always obvious, since remote disk drives can be mountedby your workstation to look and behave just like local drives. Also, some operating systems such asWindows98 blur the distinction between local and remote files even further by integrating Web browsingtools into the file management software.

Layered Communication Protocols

So, how do the many different kinds of computers that make up the Internet communicate with each other?

Diplomats from different countries rely on standard diplomatic protocols in order to communicate withoutmisinterpretation. Similarly, computers on the Internet share information according to agreed upon

protocols (communication rules) which allow them to correctly route and interpret the transmitted

messages. The particular set of protocols that define the Internet is called the TCP/IP protocol suite. The

TCP/IP protocol suite is designed in layers, each successively lower layer providing a library of more

fundamental functions required by more and more applications.

Technically, there are seven layers in the protocol suite, but for the purposes of this course, and for clarity

of understanding, we will simplify the discussion by talking about just four layers: the applications layer,the transport layer, the network layer, and the data-link layer. These layers roughly correspond (if you lump

together the middle two layers) to the programs, operating system and hardware layers of your computer

workstation, respectively.

Each protocol layer relies on the protocols provided by the layers beneath it. The figure below summarizes

the layers of the TCP/IP protocol suite.


4/13

- 4 - IST-SEW

Data-Link

Layer

Applications Layer

Network Layer

Transpor t Layer

Figure 2: TCP/IP Protocol Suite

In the applications layer, there are various application protocols which enable the tasks we perform on the

Internet, including

Electronic mail, text-based communications using Simple Mail Transfer Protocol (SMTP)

News, discussion groups using Network News Transfer Protocol (NNTP)

World-Wide Web, multi-media electronic publishing using HyperText Transfer Protocol (HTTP)

File transfers, using File Transfer Protocol (FTP)

Remote terminal sessions using, e.g. TELNET

Remote file system access using Network File System protocol (NFS), or Server Message Blockprotocol (SMB)

Networking applications are available to anyone with a connection to the Internet and appropriate client

software on their workstation (see The Client / Server Model below). You can think of the applicationlayer protocols as defining the syntax of the messages being transmitted by the application. Application

layer protocols communicate with the lower level protocols through software structures called ports. Most

server applications have dedicated port numbers. Network traffic directed to a particular port number is

processed by a single network application. For example, a Web server application listens on port 80 for

incoming Web traffic.

The transport layer includes three protocols, TCP, UDP, and ICMP.Transmission Control Protocol (TCP) ensures reliable transmission of large messages by

breaking up long messages into smaller pieces called datagrams

handling the sending and reception of those datagrams with delivery acknowledgements and errorchecking reassembling messages from datagrams.User Datagram Protocol (UDP) is used for small messages that fit into a single datagram. Reliability of

delivery is not ensured. If no response is received in a reasonable time, the message is just resent.

Internet Control Message Protocol (ICMP) is another unreliable delivery protocol used to transmit error

messages generated and used by the lower level protocols.

Routing of messages is handled by the network layer using Internet Protocol (IP). Each computer on the

Internet is assigned an IP address composed of four eight-bit segments (represented as decimal numbers 0


5/13

- 5 - IST-SEW

to 255) separated by dots (periods). The first two of these numbers are assigned by a central authority to

identify a LAN connected to the Internet. For example, all computers at UW have an IP address beginning

with 129. 97. The next number is usually your local subnet of the LAN assigned at UW (e.g. that

corresponding to your department). The last number, also assigned at UW, indicates your particular

workstation. To make addressing easier for humans, each workstation can also have a name correspondingto its address. For example the UW Unix host with IP address 129.97.108.150 is called ist.uwaterloo.ca,

where the host name is ist and the domain name is uwaterloo.ca. An application layer process calledDomain Name Service (DNS) does the translation between names and IP addresses from a local copy of acontinuously updated list. The network layer relies on intelligent devices called routers to monitor and

direct the comings and goings of datagrams between networks.

The data-link protocol layer directs messages to specific hardware devices such as switches and network

cards. Each piece of networking hardware has a built-in physical address (a.k.a. Media Access Control or

MAC address). At UW, the data-link layer predominantly uses Ethernet protocols and the physical address

is called an Ethernet address. Conversion between IP addresses and physical address is handled byAddress Resolution Protocol (ARP) via a table look-up procedure. Data traffic is controlled on campus

with Ethernet switches and repeaters. A switch can intelligently control the flow of data so that it onlypasses to the network segment where it is needed. A repeater just passes datagrams from one cable on to all

other connected cables. The type ofcable most commonly used on campus is Unshielded Twisted Pair

(UTP), which just means that there are two conductors twisted together inside a protective plastic sheath.

How It All Works Together

Lets look at an example to see how all these levels work together. Say you send an email message to a

friend at another university. You use an email application to do this, such as Eudora on a PC or Macintosh.Your email program creates and sends the message to your local email server, which passes it on to the

remote email server. Your friend uses his own mail client program to get the mail from his mail server (see

The Client / Server Model below).

At the applications protocol layer, the email message data is assembled according to Simple Mail Transfer

Protocol which the email server programs (usually running on Unix hosts) at either end can understand.The next problem is to get the message from your computer to your friends computer over the Internet.

The mail application makes its connection to the lower level transport layer protocol, TCP, through a port

which is assigned an arbitrary number. The port number of the destination server program is predetermined

by convention to be 25. TCP breaks your long mail message up into datagrams. Each datagram has a data

section (a piece of your mail message) and a header section which contains the source and destination IPaddresses, the source and destination port numbers, a check sum to identify the amount of information in

the data, and some ordering information so the mail message can be put back together again. TCP then

passes its datagrams along to IP for routing from your computer to your friends.

IP takes a TCP datagram as its data and adds its own header containing the source and destination IP

addresses and a check sum, thus creating a new datagram which envelops the one provided by TCP. EachIP datagram is sent along independently of the others. The job of getting each datagram to its destination is

accomplished by sending it off to a router (gateway) which connects the local network to outside networks.

If there is more than one router on the local network, then usually one of them is chosen as the default. If it

turns out that another router would have been preferable, then this information is stored in each computers

local routing table. Routers use other protocols to determine the best routes amongst themselves.


6/13

- 6 - IST-SEW

Applications

Layer Datagram

TCP Datagram

IP D atagram

Data-Link Layer Packet

To Cabling System

Figure 3: Packaging of Datagrams by TCP/IP Protocol Layers

The physical transport media determines what goes on at the data-link level. On an Ethernet network each

IP datagram becomes the data portion of an Ethernet packet whose header contains the physical (MAC or

Ethernet) addresses of the source and destination involved, and a check sum is added to the end. The

translation between IP addresses and physical addresses is done via an ARP table. When a router connectstwo networks that use different physical media (e.g. Ethernet and fiber optic cable), translation between

data-link protocols is done by the router. When the datagrams reach their destination, they are unwrapped

one layer at a time, reassembled by TCP, and passed, ultimately, to the destination port for interpretation by

the receiving application.

Physical Structure of the Campus NetworkCurrently, the campus network is organized in two layers. The top layer is the uwaterloo.ca network

(129.97), which is connected via a router to ONet (the Ontario regional network) and from there to Canada-

wide networks. The first level network is a ring of routers connected by fiber optic cable. The second levelnetwork consists of many subnetworks serving many academic and administrative departments.


7/13

- 7 - IST-SEW

UW campus network, IP subnet topology1998-07-15

pp1, pp2,pp3, pp6

cn-mc

cn-dc

cn-phy

cn-onetadmin3 , arts , b1b2esc , c2phy,fes1, fes2, hagey, lib, me , mlech,psych, renison , sjc

bfg, bcr , ccng , cgl , cong, ece ,engxdc , marti , sd , sho , swen , vlsi

admin1 , admin2 , ahs, cs , csgrad ,descartes, echadmin, gsccom,math , mathfaculty1 , mcadmin ,mfcf , opera, opt, uwcs , watserv

level-two networkslevel-onenetworks

BellITS

CANARIECA*net-II

cn-rtmc

cn-rte2

rn-rtv1res1,res2,res3

ONet

cecs, cn, dcs, hs, tlab

cgc, cpp, cupid, eng2, esc, hr, intaud,plantops

uw

Figure 4: UW Campus Network (courtesy R. Watt)

The topology of the campus network is changing as technological advances take place.

The bulk of the networking hardware at UW consists of Ethernet devices connected by UTP

cable. Over the years, these devices have evolved significantly. Originally, Ethernet was

designed to operate over co-axial cable, with computers connected serially along segments of

cable which carried traffic generated by all the attached hosts. To maintain the signal strength,

cable segments were connected with repeaters that just passed along Ethernet packets from one

cable to the next. In order to keep local traffic localized, some intelligence was added to a

repeater, so that only packets intended for hosts on the other segment would be passed on. Thisdevice was called a bridge. There were also multi-port repeaters to connect several Ethernet

segments. Computers were connected to the Ethernet co-axial cable though an Ethernet interface

card. Routing (an IP layer task) was done by network hosts containing several Ethernet cards

connected to different IP subnets (i.e. computers with more than one Ethernet address) or bydedicated routing devices.

Within the last few years, UTP cabling has supplanted co-axial cable. This change has improved

both speed and reliability of communication. A UTP cable joins only one host to another

Ethernet device, so only a single computer is affected by a bad connection, and all of the

bandwidth (data communications capacity) of the cable is available to that one computer.

Communication speeds can also 10 to 100 times faster over UTP than over co-axial cable. Thewiring for a typical workstation at UW today is shown below.


8/13

- 8 - IST-SEW

four pairs of twisted24g solid copper wires(max: 100m, 1 device)

Ethernet board with RJ45 port

and built-in transceiver

computer

UTPwiringpanel

UTP/Ethernet multi-port repeater

two-portfaceplatein office

station-mgmt module with multi-port repeater and AUI, BNC,orFOIRL connection to thick, thin,or fibre segment

floor-area wiring closet:

Figure 5: Typical Wiring of a Workstation at UW (courtesy R. Watt)

Along with the change of cabling media, came improvements in the miniaturization and

intelligence of bridging technology. The bridge evolved into the Ethernet switch, an intelligent

device, containing numerous bridges, that can control traffic among many connected UTP

segments. Today, Ethernet switches and hubs (multi-port repeaters) are the means of connecting

networked computers. A switch can also be programmed to create VLANs (virtual LANs)

which may span IP subnets, allowing it to do some work formerly done by a router. Also, an IProuter can be built right in to a switch. Therefore the number of physical devices required toconnect even a large modern LAN is becoming quite small.

Network Applications

The Client / Server Model

Computing networks have evolved away from the main frame with connected dumb terminals where

all task were done centrally, into a distributed computing environment. In distributed computing, different

computers may take on specific functions, such as file storage, email, Web, etc. This distributed network

architecture resulted in the client/server model of interaction. A server is a program (computer) which

stores some files and transmits them (i.e. copies of them) over the network when a request is received froma client program (computer). A client (program) requests files from a server and presents the received files

in a form which is useful to the end user. Often a single computer is dedicated to running a single server

program, so the computer itself is referred to as a server. For example, a file server is a computer that storesfiles on its local hard disk(s) and sends them over the network to client computers that request them. As a

second example, a Web server stores HTML files on its local disks and sends them out when requested by

computers running a (client) Web browser program.

These days most computers are multi-tasking (can run many programs simultaneously), so a single

computer can run several server and client programs at the same time. However, because server

functions can use up a lot of a computer's available hardware resources, it is still common practice to

provide computers which are dedicated servers for a network, as separate from the workstations which


9/13

- 9 - IST-SEW

run network clients and other application programs. Also, it is commonly the case that workstations are

PCs running Microsoft Windows 95 or Apple MacOS operating systems while servers often run more the

sophisticated Unix or Microsoft NT operating systems.

Email Concepts

As briefly discussed above, email is enabled over the Internet via Simple Mail Transfer Protocol

(SMTP) as the method by which one email server process talks to another. The email servers ateach end of a communication take care of the transmission of the message between them. Humans

communicate with their local mail servers through client programs. The client programs are the

ones familiar to users, such as Pine or Eudora. They take care of the tasks of displaying, editing,

and managing mail messages. We've already discussed the server-side process of transferring a

mail message via TCP/IP over the Internet. Now lets discuss some of the client-side issues.

Attachments

Like most TCP/IP data files, email messages consist of plain text (ASCII text). But most people

these days are aware that binary files such as spreadsheets or word processor documents can alsobe attached to an email message. How does this work?

Any attached binary file must first be converted into plain ASCII text before it can be sent via

SMTP. To do this, email client programs use one of several encoding methods. The mostcommon of these is called MIME (Multipurpose Internet Mail Extensions). MIME can also beused to include sounds and images in mail messages, depending on the capabilities of the email

client program.

Other methods of encoding attachments are BINHEX, a method introduced by Apple for the

Macintosh, and uuencoding, an older method originating in the Unix operating system.

Most current email client programs only use MIME and/or BINHEX. If you receive anattachment in a form that your mail client can't decode, then you need to save it and find a utility

program that can.

Configuring an Email Client Program

When you first install an email client program on your workstation, it needs to be configured in

order to be able to connect to a mail server program. Configuration is usually done under thePreferences or Options menu of the client program.

In order to send mail, you need to identify an SMTP server, either by its domain name or IP

number. If you are using an Internet Service Provider (ISP) other than the UWs dial-in server

to gain access to the Internet, it is important that you configure your mail client program with the

SMTP server provided by your ISP. Otherwise, you may be prevented from sending mail to off-

campus addresses (see Junk Mail and Other Unwanted Mail below).

In order to receive mail you need to identify a Post Office Protocol (POP) account (your

account on a computer that runs an SMTP server and a POP server). POP is an applicationprotocol provides a means of transferring your new mail from an SMTP server to your local

workstation. Your email client program can be configured to automatically check for new mailon the mail server by establishing an POP connection periodically (as long as the client program

is running). An alternative to POP is Internet Mail Access Protocol (IMAP), whichallows you

to keep a single mailbox on a mail server instead of downloading mail to your local workstation.

Many email clients will allow you to use either POP or IMAP.

An alternative method of using email is to log in directly to the email server and run an email

client program there. For example, most email servers run on Unix computers, but these same

computers also run email client programs such as Pine or Elm.


10/13

- 10 - IST-SEW

Junk Mail and Other Unwanted Mail

The Internet was originally designed on the premise of friendly co-operation. For example, email servers

were designed to pass on to the correct destination any incoming mail messages not destined for one of

its local users. Unfortunately, unscrupulous people are now taking advantage of the original openness of

the Internet. Mass junk mailing, or spam mail, is accomplished by sending mail to large lists of emailaddresses (obtained by mining the Internet) through a friendly SMTP server. At UW, there is now an

effort underway to eliminate junk mail traffic through our servers by disabling the relay feature of all ourmail servers. This does not prevent users from receiving junk mail sent through SMTP servers off

campus, but reduces the number of mail servers that can be used to send junk mailings.

It is also possible to filter out unwanted email messages. Many email client programs have this feature.

The filtering is based on key words that appear in the email header. For example, it is possible to filter

out and discard messages originating from a particular address. However, it is difficult to set up a filter

which will remove all junk mail, since this originates from many sources and the message subject lines

are all different. Note that if you do set up mail filtering, particularly for keywords (e.g. money) in the

subject line, it is possible that you will discard some useful mail too by mistake.

Web Concepts

The World-Wide Web (a.k.a. the Web) is the latest and, perhaps, the most flexible and useful applications

on the Internet. In fact, the Web incorporates and integrates all familiar network applications such as e-mail, file transfer (FTP), news, etc. The Web was developed at the CERN high energy physics lab in

Geneva, Switzerland, in order to facilitate collaborative research with colleagues around the world. First

conceived in 1989 and only in wide distribution since 1993, it has rapidly been adopted as the standard formultimedia communications on the Internet. Development of the Web is currently being managed by the

World-Wide Web Consortium (W3C), an international body representing the interests of member

corporations, universities, governments and research establishments.

The Web may best be thought of as a system of digital publishers and subscribers (the servers and

clients, respectively). Web servers store and provide any combination of text, graphics, sounds, movies and

programs (e.g. Java or ActiveX applets). The information a publisher supplies is not restricted to materials

prepared locally; it can be gathered from many sources distributed all over the Internet simply bypointing to it. The Web client programs or browsers present the received information in a graphical,

point-and-click environment.

The basis of the Web is Hypertext Transfer Protocol (HTTP) which is a convention for moving

multimedia information around the Internet. Part of this protocol is the Hypertext Markup Language

(HTML), which is a language for formatting multimedia documents. All of the user interface constructs,

such as text, images, and links (buttons that connect the viewer to other documents, local or anywhere on

the Internet), are described by HTML. HTML documents consist of ASCII text containing tags which

describe the format. The Web client translates the HTML document into the layout of the users screen.

The W3C is recommending that HTML be replaced with a more flexible variant called eXtensible

Markup Language (XML).

In order to publish information on the Web, information providers must have an account on a computer

running a Web server program. Because the server must be running all the time, computers with a true

multi-tasking operating system (such as UNIX or NT) make the most efficient servers. Also, storing andmoving large movies, sounds and graphics can put a significant load on the computer, so a fast computer

with a lot of memory really helps. Unlike other Internet applications such as FTP or Telnet, the

communications between Web servers do not require the clients to log in. Servers can be configured to

provide some security, however, e.g.only allowing requests from a local network domain rather than the

whole world, or requiring a authentication of users via a password.


11/13

- 11 - IST-SEW

Features of the Web

URLsA valuable feature of HTTP is the Uniform Resource Locator (URL). A URL is a way of addressing

just about any form of information on the Internet. From ordinary files in a file system, to FTP archives,

gopher sites (a text-based precursor to the Web), Usenet newsgroups, etc. URL addresses allow the Web

to function as a unifying interface to these diverse resources on the Internet.

The URL for a Web resource begins with http://, an FTP site with ftp://, a news group with news://, et c.

An unofficial convention for addressing Web servers is http://www.server_name.domain e.g.,

http://www.uwaterloo.ca, which is an alias for the actual host name running the server application.

Image MapsAn attractive form of user interface is the image map. An image map is an image file which has areasdefined on it to serve as buttons (hot links). For example, a campus map could be an image map where

the buildings are buttons that link to their floor maps.

FormsAnother useful interface tool is the fill-in form. A form allows the subscriber (client) to supply

information to the server to be acted upon. For example a form interface can be used to query a database.

AppletsMost browsers have built-in virtual machines, programs that can interpret programs downloaded viaHTTP from a Web server. Programs written in Java or ActiveX can be interpreted and run through a

browser.

Common Gateway Interface (CGI) ScriptsCGI scripts allow the Web server to control other programs on the computer. For example, a form works

by providing the users information to a CGI script written in C, Perl, or some other supported language.The script is then executed, processing the information provided and interacting with other programs on

the server such as mail, a database, etc.

Remote Communications Concepts

Remote File Systems

One of the most common server functions on a network is file service. A file server provides centralized

storage of user files. Remote file system protocols allow a client workstation to mount a remote file

system on the network as if it were a local hard disk. Users can then interact with the remote disk space

exactly as they would with a local device. Advantages of remote file systems are the ability to allocate

disk quotas and centralized back-ups. It is also possible to configure remote file systems for sharing files,

so that only people in a specified group of users can read and write files to the shared space.

There are several application protocols which enable remote file service, the most common being theNetwork File System (NFS) and Server Message Block (SMB). NFS was developed for the Unix

operating system, but PC clients also exist. SMB is used with Windows NT servers and Windows 95/NTclients. There is also an SMB server for Unix called Samba, which allows a Unix file system to bemounted as a drive on Windows 95 or NT workstations.

One important point of network management practice is that it is the disks attached to a file server that

are backed up (archived) to tapes. These are often users' files stored on a remote file server. It is

important to note that most workstations also have a local hard disk. Any user files stored on a local hard

disk are not usually backed up by the system and are vulnerable to loss if a hardware failure occurs.


12/13

- 12 - IST-SEW

Remote File Transfers

To move files between a local workstation and network drives which are not exported as remote file

systems, an application protocol called File Transfer Protocol (FTP) can be used. An FTP server

requires the user to log via a password through an FTP client program on the workstation. The client

program can range from a simple text-based, command-line-driven user interface to a graphical view ofthe two file systems which allows files to be dragged from one to the other. The common feature of FTP

is that it requires a user ID and password to be supplied on the remote host. If anyone is to be allowedaccess to the files served via FTP, a user ID ofanonymous is required and, by convention, the user

supplies his or her email address as the password (although any password or no password at all isacceptable).

Remote Log-ins

If you have a user account on a remote (Unix) computer attached to the Internet, it is possible to log in

remotely to that account to run programs, manage files etc. The most common application protocol forremote log-ins is called TELNET. A telnet client program emulates a text terminal and requires the user

to log in to the remote account, which then looks and behaves as if the user had logged in directly. It is

also possible to run emulators for other Unix terminal types such as graphical X windows terminals,

which allow graphical applications to by executed remotely.

Internet Service Providers and Dialing In from HomeIf you want to connect a home PC to the Internet it is necessary to connect via a modem (modulator-

demodulator) a device which translates digital signals into analogue signals for transmission overphone lines, and vice versa. Typically you run a client program on your home PC which establishes a

telephone connection to the Internet Service Provider (ISP) and also emulates a simple text terminal. If

you dial in to the UW modem pool, UW is acting as your ISP.

In order to perform Internet functions, the TCP/IP networking layer must be installed your home

computer. Networking is built in to Windows 95/NT and the recent releases of MacOS. For older PC

running Windows 3.1 and older Macs, TCP/IP functionality must be installed separately (as Trumpet

Winsock, LAN Workplace, or MacTCP). Two common data link protocols enable an Internet connection

over your telephone line, Point-to-Point Protocol (PPP) and Serial Line IP (SLIP). Again, these are built

in to current operating systems, but must be added to older ones.

Once a PPP or SLIP connection is established, your home PC becomes a host on the Internet. It is

assigned a temporary IP address on the IP domain of the network you are dialing in to. For example, if

you dial in to the UW dial-in server and establish a PPP connection, your home PC becomes a host in theuwaterloo.ca domain. Once a PPP connection is established you can run various network client programs

on your home PC such as a Web browser, email, etc.

Data Security Concepts

Passwords and Permissions

When accounts and information are distributed over a network, it becomes more difficult to protect the

privacy of the users. The main methods of maintaining privacy are passwords and file permissions.

Your connection to the network or to a specific account should be password protected. Here are some

simple tips regarding passwords:

Dont use anyones name, any dictionary word, or a number as a password. Programs that run throughan exhaustive list of passwords can deduce these.

Dont share your password with anyone.

Dont write your password down anywhere. If you forget it, your system administrator can change it.


13/13

- 13 - IST-SEW

File servers are computers that allow multiple users. The privacy of your files is protected by permissions

associated with each file. Make sure that your private files are only readable by you (which they should be

by default). If you want to share files or publish them on the Web, you can change the permissions to allow

them to be readable by others.

Eavesdropping and Encryption

Most network traffic is commonly in the form of plain text files. We have seen this in the discussion ofemail above. TCP/IP was designed such that datagrams are ignored by hosts for which they are not

intended. However, snooper programs can be written which listen to all traffic. Consequently, Internet

traffic is not generally secure. For most types of communications, people are willing to take the risk that

someone may be listening. However, security is a requirement for business transactions, etc.

Modern, switched Ethernet networks provide a reasonable degree of security against eavesdropping by

localizing traffic. Switches and routers that localize traffic are often referred to as firewalls. However, to

ensure secure transmission of information across the Internet it is necessary to encrypt the data portion of

datagrams. That is, an algorithm known only by the sender and the receiver transforms the data. There are

several strong encryption schemes, including Kerberos and PGP (Pretty Good Privacy), which produce

essentially unbreakable codes.

Viruses, Trojan Horses, and WormsWith the ease of communication on a network, the spread of malicious programs can become a problem.Viruses, executable programs which self-replicate, are usually spread by attaching themselves to other

programs or system files which are shared or transferred on removable storage devices. Viruses are usually

more of a nuisance than a danger to your data. A Trojan horse is a computer program that carries within

itself a means to allow he creator of the program access to the system using it. Trojan horses are often a

means of carrying a virus into a system. Worms are self-propagating and replicating programs designed to

infect networked hosts.

It is important to use anti-virus software regularly when you work on a network. Note: Viruses can only

be transmitted if you run a program containing one. It is impossible to get a virus by simply reading

email, unless you save and execute an attached program containing a virus.

AcknowledgementsThe author would like to acknowledge the contribution of Roger Watt, Manager, IST Systems, who

provided valuable technical information and many of the presentation slides used in this course. I would

also like to thank Ray White of IST Systems for his clarification and explanation of many of the nitty-gritty

details. A special thanks also goes out to Greg Cummings of IST Production Support for providing

demonstration equipment and conducting the behind-the-scenes tour.

net concepts

Documents