Computer Networks & Security

COMPUTER NETWORKS AND SECURITY

(BCA – Semester- 3)

SYLLABUS
Module I: Introduction to networks – Data Communication –
Data flow simplex, Half duplex, Full duplex-Type of
Connection – broadcast, Point–to-Point, multi-drop. Bandwidth- bit rate, baud rate.
Transmission media –Copper wires, fibre optics, Radio transmission, microwave, Satellite.
Switching - circuit, packet, message.
Module II: Network software - standards- Layering, packets, Layered PDUs, ISO-OSI model,
TCP/IP model – Comparison.
Framing- bit oriented, byte oriented, Error correction – detection – parity, hamming code, CRC.
Flow control – stop and wait, sliding window, Error control - Stop &wait ARQ, Go Back N ARQ,
Piggybacking, pipelining, Ethernet, Multiple Access
Protocols - pure- slotted ALOHA, CSMA, CSMA/CD. LAN
Standards, Token bus, Token ring, Interfacing devices – bridge, hub, switch, router, gateway.
Module III: Internetworking- datagrams, fragmentation – Routing-Flooding, Distance vector
routing, Link state routing. Concepts of congestion control-leaky bucket algorithm. Process to
Process delivery -TCP, UDP, Application Layer -DNS, Remote login, file transfer protocol (FTP).
Module IV: Information Security: Network security – concepts and policies, cryptography -
encryption, ciphers, steganography, symmetric and public key encryption, RSA algorithm,

BCA Page 1
 Computer Networks & Security

authentication methods, message digest, digital signatures, DSS, E-mail security, MIME, IP
Security, Web Security: Secure Socket layer. Malicious Software, viruses & anti-virus software,
firewall. Security and Law: - Regulations in India. Indian Copyright Act, Consumer Protection Act.
Future Trends – The Law of Convergence.

MODULE - 1

INTRODUCTION TO NETWORKS INTRODUCTION TO NETWORKS

• A network is a set of devices(nodes) connected by media links. A node /devices can be a

computer printer or any other devices capable of sending and receiving data generated
by other nodes on the network. The links connecting the devices are called
communication channel.
• A computer network is an interconnection of computers, peripherals and data transfer
devices with related software that performs certain data communication functions.
Simply computer networks is a collection of interconnected machines which is capable
of passing messages between one system to another.
• Eg- A company has setup the n/w shown in fig. A sales executive planning a presentation
to the board of directors to analyse the previous months sales

BCA Page 2
 Computer Networks & Security

file server PC laser printer

mainframe computer

• Data available in file server and statistical s/w is available in PC, data transfer from server
to pc to analyse data
• Program forecasting future sales runs on mainframe (computer used by large
organization for critical application, bulk data processing such as census, industry and
consumer statistics etc). Analysed data transfer to mainframe and run forecasting
program
• Result send back to pc to print and send it to laser printer for printing

Functions/Advantages of computer networks

Communication among two or more computers or network devices

The computer network provides the communication between two or more computers
that are connected to a network. It also provide communication between the network
devices.

Sharing of peripheral devices

BCA Page 3
 Computer Networks & Security

The resources or peripherals attached to the workstation in the network can be used by
the other workstation users through the communication cable and the software. The
resources include the printer, hard disk, scanner, etc. If the entire system is not in a
network, then it is expensive. To minimize the expenses,the best way is to connect the
peripherals to a network, serving several computer users

Sharing of programs and data

The network provides exchange of programs and data that can be used by all the company’s
employees. In the organization, people use the same software and need access to the same data
on a shared storage device then the organization can save money and avoid many problems.

Better communication
Computer network facilitates communication among users. One of the features of networks is
electronic mail. By using e-mail, transfer of letters through the computer network can be done

Security of information
The security of information is more in networks. If a standalone machine is not working , the data
stored in its hard disk cannot be used. However, if the machine is a part of the network where
storage is in the hard disk ,data can still be accessed and saved onto another storage device from
another workstation.

Access to database
Network enable the user to access different databases at the same time by using software. This
helps the users to access the privatecompany databases or public databases available online
through internet.

Sharing internet connection

Using a network, different systems can access internet connection simultaneously from a single
ISP account.

BCA Page 4
 Computer Networks & Security

NETWORK TOPOLOGY

It is the layout of connection formed between computers. The geometrical arrangement of

computer resources remote devices and communication facilitates is known as network
topology. Each device or computer in a network is called node. The reliability and efficiency
of a network is determined by its structure. Five basic topologies are possible , Bus , Star, Ring,
Tree and Mesh.

1. Bus Topology :
A bus is a communication medium to which multiple nodes are attached and each
node normally receives any signal put on the bus . A network that uses bus topology
consists of single long cable to which computers are attached. Any computers
attached to a bus can send a signal down the cable and all computers receive the
signal. All computers attached to the cable can serve an electrical signal and any
computer can send data to any other computer.

2. Star Topology :
The star topology is the oldest communication design method. In a star network, the
central hub which is attached to local computers through multiple communication
line.
All communication between local computers must pass through the hub. A hub is a
central device that accept data from a sending computer and deliver it to destination.
The failure of hub brings down the entire network.

BCA Page 5
 Computer Networks & Security

3. Ring Topology :
The ring topology is a continuous path for data with no logical beginning or ending
points. Work stations and file servers are attached to the cable at points around the
rings when data is transmitted onto the ring, it goes around the ring from node to
node, find its destination and the continuous until it ends at source node. In ring
topology each node is connected to only two neighbouring nodes. A ring can be
unidirectional or bidirectional data moves in one direction only or in both.

4. Tree Topology :
In tree topology the shape of network is that of an inverted tree, nodes in a tree are
linked to a central hub that controls the traffic to the network, not every device plugs
directly into the central hub. The majority of devices connected to the secondary hub
that in turn is connected to the central hub but app of tree topology is organisation
with head quarters communicate with regional office and regional office
communicate with district office.

BCA Page 6
 Computer Networks & Security

5. Mesh Topology :
The mesh topology has direct connection between every pair of devices in network
communication becomes very simple because there is no competition for common
line. If two devices want to communicate, they do so directly without involving other
devices.

TYPES OF NETWORKS

Computer networks vary from simple network connecting two computers to complex
network connecting millions of computers across the world. The scope of a computer
network may differ from small office premise to access the world based

BCA Page 7
 Computer Networks & Security

on geographic area covered by the computer network. It is classified into: LAN, MAN,
WAN, PAN, CAN.
1. LAN(Local Area Network) :
LAN is capable of interconnecting a large number of computers and other peripheral
devices within a limited geographical area. It is used to interconnect distributed
communities of computer based data terminal equipment located within a single
building or localized group of building.

The network can cover up to a radius of 10 km. LAN’s are capable of transmitting
data at very fast rates. Since the network covers a small area, relatively fewer errors
occur in data transfer. LAN is also reffered as provide data network. It widely used in
universities, banks, offices etc. The most common LAN topologies are bus, ring, and
star.

2. MAN(Metropolitan Area Network) :

MAN covers a large geographic area llimited within a city or a town. It is a bigger
version of LAN with similar technology. It provides communication between different
business houses or bank branches located in different areas in a city. It connects
different location, the setup is comparatively complex than LAN system. It has able
to connect various LAN in the city. So that resources may shared LAN to LAN. MAN
operates an area of around 100km radius.

BCA Page 8
 Computer Networks & Security

3. WAN(Wide Area Network) :

It is a computer network that spans a relatively large geographical one WAN is
composed of two or more LANs that are connected across a distance of more than 30
miles. Large WANs may have many constitutes LANs and MANs on different
continents. The most well known WAN is internet, which consists of thousand of LANs
and MANs throughout the world.

4. PAN(Personal Area Network) :

A computer used for communication between computer devices like printers, fax
machine, scanners etc. Close to a computer system called personal area network. The
reach of PAN is limited to 20 to 30 feet.

5. CAN(Campus Area Network) :

It connects computer in a number of buildings within the campus. It is ideal for
universities and other institutions.

BCA Page 9
 Computer Networks & Security

ORGIN OF INTERNET

The internet evolved from ARPANET which is developed in 1969 by Advanced Research
Project Agency(ARPA) of US department of defence.It was the first operational packet switching
network.ARPANET began operations in four location.Total number of hosts is in hundred of million
users billion number of countries participating nearing 200.

DATA COMMUNICATION

Fundemental principle of communication is the exchange of data between two parties.

Source: The device generate data to be transmitted.

Transmitter: It transmit data to the transmission system.The transmitter transform & encode the
information in such a way to produce electromagnetic signal.
Transmission system: This can be a transmission line network connecting the source &
destination.

Reciever: It accepts the signals from the transmission system and convert it into the form that can
be handled by destination device.

Destination: It take incoming data from the receiver

Data flow

Communication between two devices can be simplex, half duplex, full duplex.

BCA Page 10
 Computer Networks & Security

1. Simplex mode

Signals are transmitted only in one direction. One is transmitter and other is reciever. The
communication is unidirectional, as on a oneway street. Only one of two devices on a link can
transmit, the other can only receive.

Keyboard and traditional monitors are examples of simplex devices. The keyboard can only
introduce input , the monitor can only accept output. The simplex mode can use the entire
capacity of channel to sent data in one direction.

2. Half duplex

In half duplex mode each station can both transmit and receive, but not at the same time
.When one device is senting,the other can only receive and visversa.In half duplex transmission
the entire capacity of channel is taken over by whichever of two devices is transmitting at the
time.
Walkie-talkies and CB(citizen band) radio are examples of half duplex system.The half duplex
mode is used in case where there is no need for communication in both direction at the same
time.The entire capacity of the channel can be utilized for each direction.

3. Full duplex

In a full duplex mode,both the station can transmit simultaniously.This mode is used when
communication in both direction is required all time.The capacity of channel must be divided
between the two direction.The full duplex mode is like a two way street with traffic flowing in
both direction at the same time.Example for the full duplex communication is telephone line,both
can talk and listen at the same time.

BCA Page 11
 Computer Networks & Security

Types of connections

A network is two or more devices connected through links.A link is a connection pathway that
transfer data from one device to another.To occur a communication,two devices must be
connected in same way to the same time.There are two possible types connections

point to point multipoint

1. Point to point

A point to point connection provides a dedicated link between two devices. The entire
capacity of the link is reserved for transmission between these two devices. The point to point
connection use an actual length of wire or cable to connect the two ends. When we changing
television channels by infrared remote control. We are establishing a point to point
connection between the remote & the television control system.

BCA Page 12
 Computer Networks & Security

2. Multipoint

A multipoint connection is one in which more than two specific device share a single link. It is
also called Multidrop connection.In a multipoint environment the capacity of the channel is
shared either or temporarily. If several devices can use the link simultaneously it is a
shared connection. If the user must take turns ,it is a time shared connection.

Channel capacity

Maximum rate at which data can be transmitted over a given communication path or channel
under a given condition is referred as channel capacity. A very important consideration in data
communication is how fast we sent data ,in bit per second over a channel. The channel capacity
and data rate can be depends on some factors. They are band width, bit rate, baud rate etc. The
data rate is the rate in bit per second at which data can be communicated.

Band Width(B)

The band width of composite signal is the difference between the highest and the lowest
frequencies contained in that signal. The range of frequencies contained in a composite signal is
its band width. It is expressed in cycle per second or Hertz. Band width is the amount of signal
which transmission media can carry.

BCA Page 13
 Computer Networks & Security

e.g.:-A composite signal contains frequencies between 1000 & 5000,its band width is B=f n-
f1=5000-1000=4000 Hz

Bit interval

bit interval are used instead of period and Bit rate are instead of freequency.Both are used to
describe digital signal.Bit interval is the time required to sent one signal bit.

Bit interval=1/bit rate

Bit rate(N)

Bit rate is the number of bit per second.It is the number of bit interval per second.It is expressed
in bit per second(BPS).

Baud rate(S)

Baud rate is the number of signal elements per second. A signal element is the smallest unit of
signal which is constant. The unit of baud rate is baud. Baud rate is also called signal rate
/modulation rate.

Relation between bit rate & baud rate

BCA Page 14
 Computer Networks & Security

S=N/r baud
S->baud rate N->bit rate r->number of data elements carried in

one signal element.

Two theoretical formulas were developed to calculate the data rate.

1)Nyquist for noiseless channel.

2)Shannon for noisy channel.

NYQUIST BAND RATE FORMULA

Nyquist bit rate formula defines the theoretical maximum bit rate. According to Nyquist theorem
bit rate is always twice the band width. i.e. Bit rate=2*Band width * log2 L

L->the number of signal levels used to represent data

SHANNON'S CHANNEL CAPACITY FORMULA

In reality channel is always noisy.In 1944 Clauds Shannon introduced a formula called
Shannon capacity,to determine the theoretical highest data rate for a noisy channel.Channel
capacity formula defines the characteristics of channel.

Capacity=band width*log2(1+SNR)

SNR ->Signal to Noise Ratio. It is the ratio power of a signal to the power contained in noise is
present in a particular point in transmission.

SNR= 10 log10 signal power noise power

TRANSMISSION MEDIA

BCA Page 15
 Computer Networks & Security

Transmission media is defined as anything that carry information from source to

destination. Data transfer occur between
transmitter and receiver over some transmission media.

In telecommunications, transmission media can be divided into two broad categories, guided
and unguided. Guided media include twisted pair cable, coaxial cable and fibre optic cable.
Unguided media include radiowave, microwave, satelite.

BCA Page 16
 Computer Networks & Security

GUIDED MEDIA

Guided media provide a conflict from one device to another.The signal travelling along the
guided media is directed and contained by the physical limits of medium.

1. TWISTED PAIR :

A twisted pair consist of two conductors/insulated copper wire twisted together.One of

the wire is used to carry signals to the receiver and other is used only as a ground reference.

In addtion to the signal send by the sender on one of the wires, noise and crosstalk
may affect both wires and create unwanted signals. If two wires are parallel, the affect of there
unwanted signals not the same in both wires because they are at different locations relatively to
the noise or crosstalk source(one is closes and other is further).This results the difference at the
receiver.

BCA Page 17
 Computer Networks & Security

By twisting the pair, a balance is maintained.The receiver calculates the differences,

unwanted signals are cancelled out and receive no unwanted signals. So number of twisted per
unit of length has some effect on Quality of cable.

The most common twisted pair cable used in communication

is Unshielded Twisted Pair(UTP).It is less expensive of all transmission media commonly used for
LAN and easy to install and work.

The Shielded Twisted Pair(STP) cable has a metal foil covering each pair of unshielded
conductor.It reduces noise and provide better performance at high data rate.It is more expensive.

Categories:
The Electronic Industries Association(EIA)has developed standards to
classify unshielded twisted pair cable into seven categories.

BCA Page 18
 Computer Networks & Security

Category 1:UTP used in telephone,data rate <0.1

Category 2:UTP used in T line,DR 2 Mbps

Category 3:Improved category 2 used in LAN,DR 10 Mbps

Category 4:Improved category 3 used in token ring networks,

DR 20 Mbps

Category 5:Used in LAN,DR 100 Mbps

Category 5E:Extention of category 5 includes extra features to

minimize noise and crosstalk.Used in LAN,DR 125 Mbps

Category 6:Used in LAN,DR 200 Mbps

Category 7:Called Shieldd screen TP.Each pair is individually wrapped in a helical metalic foil shield
in addition to outside sheath,used in LAN ,DR 600 Mbps

Application

• Twisted pair cable used in telephone lines to provide voice and data channel.In telephone
system individual telephone seta are connected to the local telephoneexchange by
twisted pair.These are reffered to as subscribes loop.

• Twisted pair used in LAN

• It is used as communication media for digital signalling

2.COAXIAL CABLE

Coaxial cable has a central core conductor of solid or standard copper wire enclosed
in a insulating sheath which is in turn,incase in an outer conductor of metal foil.Out conductor is
curved with a jacket or an insulating sheath and the whole cable is protected by a plastic cover.

BCA Page 19
 Computer Networks & Security

Coaxial cable is used to transmitt both analog and digital signal.A single coaxial cable have
a diameter from 1 to 2.5 cm.Coaxial cable cable can be used ovr long distance.Coaxial cables
carries signals of higher freequency ranges.To connnet coaxial connector.The most common type
of connector used is Bayonet Neill Concelman(BNC)connector.The BNC connector is used to
connect the end of the cable to a device such as a TV set.

Application

• Coaxial cable was widely used in telephone networks where a single coaxial network carry
10,000 voice signal,later it was used in digital telephone network carry data upto 600
Mbps.Today coaxial cable has been replaced with fiber optic cable

• Cable TV network use coaxial cable.In traditional cable TV network,the enteir network
used coaxial cable.Now a days cable TV provides replaced the media with fiber optic cable

• Coaxial cable is used in traditional LAN because of its high width and data rate.

3.FIBER OPTIC CABLE

BCA Page 20
 Computer Networks & Security

A fiber optic cable is madeof glasses and transmit signals in the form of light.Agalss or
plastic core is surrounded by cladding of less dense glass.The differnce in the density of the two
meterials must be such that a beam of light moving through core is reflected off the cladding
insted of being refracted into it.

Propagation mode

Current technology supports two modes for propagating light along optical channel. It is
multimode and single mode. Multimode can be implemented in two forms step index and graded
index

BCA Page 21
 Computer Networks & Security

mode

multimode Single mode

Step index Graded index

Multimode-: multiple beams from a light source move through the core in different path.
beam move within the cable depends on structure of core.

In multimode step index fiber, the density of the core remains constant from the centre
to the edge. A beam of light moves through this constant density in a straight line until it reaches
the interface of the core and the cladding. At the interface, there is an abrupt change due to a
lower density, this alters the angle of beams motion.

In multimode graded index, decreases the distortion of signal through the cable. In
graded index, one with varying densities. Density is the highest at the center of core and
decreases gradually to its lowest at the edge.

Single mode-: single mode fiber is with smaller diameter and lower density. The decrease
in density results in a critical angle that is close to 900 make the propagation of beam horizontal,
the propagation of different beams are identical and delays are negligible. All the beams arrive
the destination together and recombined with little distortion

Application

• Fiber optic cable is the backborn of network ,it has wide bandwidth LAN use optic fiber

• Cable TV companies use a combination of optical fiber and coaxial cable

BCA Page 22
 Computer Networks & Security

Advantages of Optical fiber

• High bandwidth
• Lesser signal attention:Transmission(repeats)distance is greater than that of other guided
mode

• Immunity to electromagnetic interface

• Resistance to corrosive material

• Light weight

Disadvantages

• Installation and maintenance

• Unidirectional light propagation
• cost

BCA Page 23
 Computer Networks & Security

UNGUIDED MEDIA

Unguided medium transport electromagnetic waves without using a physical

conductor.This type of communication in often refered as wireless communication.Signals are
namely broadcast through free space and it is available to anyone who has a device capable of
receiving them.The part of electromagnetic spectrum ranging from 3kHz to 900THz for wireless
communication.

Elecromagnetic Spectrum for wireless communication

Unguided signals can travel from source to destination in several ways.

1.Ground propagation

2.Sky propagation

3.Line of sight propagation

BCA Page 24
 Computer Networks & Security

Ground propagation

Sky propagation

Line of sight

In ground propagation,radiowaves travel through the lowest portion of atmosphere,hugging

the earth.These low freequency signals flows in all direction from transmitting antenna and follow
the curvature of the planet.

In sky propagation,higher freequency radiowaves radiate upward into the ionosphere where
they reflect back to earth.This type of transmission allows for greater distances with lower output
power.

BCA Page 25
 Computer Networks & Security

In line of sight propagation very high freequency signals are transmitted in straight line
directly from antenna to antenna.Antenna must be directional facing each other ,either fall
enough or close enough and not to be affected by the curvature of earth.

The section of electromagnetic spectrum defined as radiowave is divided into 8 ranges called
Bands.Each regulated by government authoraties.These bands are rated from very low
freequency (VLE) to extremly high freequency(EHF).

The wireless transmission classified into radio waves, microwaves and satellites.

RADIO WAVES

Electromagnetic waves ranging in freequency between 3KHz and 1GHz called

radiowaves are omnidirectional.When an antenna transmits radiowaves ,they are propagate in all
direction.This means that the ending and receiving antenna do not have to be aligned.A sending
antenna send waves that can be received by any receiving antennas.The omnidirectional
property has a disadvantage,the radiowaves transmitted by one antenna are
suspectable to interference by another antenna .They may send signals using the same freequency.

Radiowaves that propogate in sky mode can travel long distance which used in AM radio.
Radiowaves with low and medium frequency can penitiate walks. So in AM radio it can receive
signals. Inside a building but it cannot isolate the communication inside or outside a building. The
radio band is relatively narrow under 1 GHz. So when it divides to sub-bands. They are also narrow
leading to low data rate.

BCA Page 26
 Computer Networks & Security

OMNIDIRECTIONAL ANTENNA

Radiowaves use omnidirectional antenna that send out signals in all direction.The
omnidirection characteristics of radiowave make them useful for multitasking in which there is
one sender and may receiver.

APPLICATION

radio waves are used for multitasking communication such as AM,FM,Radio,TV,maritime

radio,wirelessphones and paging syatem.

MICROWAVES

Electromagnetic waves having freequency i.e between 1 and 300GHz are called
microwaves.Microwaves are unidirectional when an antenna transmits microwaves,they can be
narrowly focused.This means the sending and receiving antenna meet to be alligned.The
unidirectional property has advantages ,because a pair of antenna can be alligned without
interfering with another pair of aligned antenna.

Characteristics of microwave

Microwave propagation is line of sight,so the tower with the mounted antenna need
to be indirect sight.Each other tower that are far apart need to be very tall.The curvature of earth

BCA Page 27
 Computer Networks & Security

as well as other blocking obstructs do not allow two short tower to communicate by using
microwaves.Repeater are often needed for long distance communication.

• Very high freequency microwaves cannot penetrate walls,it is disadvantage if the receiver
are inside the building

• The microwave band are relatively wide almost 299 GHz,it wides sub-bands can be
assigned and a high data rate is possible

• Use of certain portion of band requires permission from authoraties UNIDIRECTIONAL

ANTENNA

Microwaves need unidirectional antennas that send out signals in one direction.Two types of
antennas are used for microwave communication ,the parabolic disk and the horn.

A parabolic dish antenna

It is based on a geometry of the parabola,every line parallel to the line sight reflects off
the wires at angles such that all the lines intersects in a common point called Focus.The parabolic
dish work as a funnel.Catching a wide range of waves and directing them to the common point.So
this way more signals is covered with a single point receiver.Outgoing transmission are broardcast
through a horn aimed at the dish.The microwave hit the dish and are reflected outward in a
reversal of receipient path.

BCA Page 28
 Computer Networks & Security

A horn antenna

It is looks like a gigantic scoop.Outgoing transmissions are broadcast up a

stem(resembling a handle)and deflected outsude world in a series of narrrow parallel beams by
the curved head.Received transmission are collected by the scooped shape of horn and are
deflected down into the stem.

APPLICATIONS

Microwaves are used for unicast communication(one to one)such as cellular

telephones,wireless LANs,satellite networks.

SATELLITE COMMUNICATION

In satellite communication,data are beamed to a communication satellite.This satellite act as a

refloctors by accepting signals from the earth sation and returning the sane signals to same other
point on earth.The satellite appears stationary from the earth because it is positional precisely
223w rules above the equator with a speed matching the earth rotation.

If the earth along with its ground station is revolving the satellite to stationary will cause
problems ,therefore Geosynchronous Satellites are used,which moves at the same revolution per
minitue(RPM)as that of earth.In the same direction the earth and satellite complete one
revolution exactly in the same time.Hence the relative position of the ground station with respect
to the satellite never changes.

BCA Page 29
 Computer Networks & Security

The satellite contains a transponder consisting of a radio receiver and a transmitter.The

transponder accepts the incoming radio signals amplifies them and transmitt the amplified signals
back to the earth at a slightly different angles.These signals are received by another earth
station.Two freequency bands are used for the signals from the earth to the satellite(called
uplink)and from the satellite to the earth(called downlink).

several satellite,both private and owner by the government are in orbit.A sign single
tarnsponder can handle our commercial TV transmission.some private establishments markets
and satellite with the help of coding and decoding equipment security of satellite transmission is
assured.

SWITCHING

A switched network consists of a series of interlinked nodes .Switches are devices capable of
creating temporary connection between two or more devices linked to the switch. In a switched
network, some of these nodes connected to the end system (e.g: computer, telephone etc.) other
are used only for routing.

BCA Page 30
 Computer Networks & Security

The end system are labeled, B, C, D…so on .The switches are labeled I to V, Each switch is
connected to multiple ,links .Three Methods of switching possible circuit switching, packet
switching and Message switching. First two are commonly used today, the third has been phased
out in general communication but still has networking application. Packet switching can be
further divided into two subcategories virtual circuit approach and datagram approach.

CIRCUIT SWITCHED NETWORK

A Circuit switched network is made of a set of switches connected by physical links in which each
link is divided into n channel. In a circuit switched network the connection between two
statements is a dedicated path made of one or more link, Each connection uses only one
dedicated channel on each link. Each link is normally divided into n channel by using TDM or
FDM(time division /frequency division multiplexing)

BCA Page 31
 Computer Networks & Security

The Switched circuit network has four switches and four link ,each link is divided into n channels
by using FDM or TDM .Two end system A needs to communicates with End system M.

The communication in Circuit switched network requires three phases

1)Connection setup phase

2)Data transfer phase

3)Connection tear down phase

I. setup phase
Before two parties (or Multiple parties ) can communicate ,a dedicated circuit need to be
established .The End system are normally connectedthrough dedicated line to the
switches, so connected setup means creating dedicated channel between the switches.So
connection setup means creating dedicated channels between the switches.
II. Data transfer phase
After the establishment of dedicated circuits, two parties can transfer data.
III. Connection tear down phase
When one of the parties need to disconnect, a signal is sent to each switch to release the
resources.
NOTE: In circuit switching, resources reserved during setup phase remain dedicated to the
data transfer phase during, until tear down phase.
In figure when system A needs to connect to system it sends a setup request that include
the address of system M to switch I. Switch I find a channel between itself and switch IV
,that can be dedicated this purpose .Switch I then sends the request to switch IV which

BCA Page 32
 Computer Networks & Security

finds a dedicated channel between itself and switch III informs system M of system A’s
intention.
The next step is to make a connection, an acknowledgement from system M needs to sent
in to system A. Only after system A receives this acknowledgment the connection
established .Then data transfer takes place and tear down the circuits.
PACKET SWITCHING:
In data communication, we need to send data or message from one End system through
a packet switched network. This data is divided into packets of fixed or variable size. Packet
is a small block of data .Each packetcontains a portion of user ‘s data plus some control
information that the network requires to be able to route the packet through network and
delivers it to the destination .packet is received and passed to the next node.

In packet switching there is no resources allocated or reservation for a packet.Resources

are allocated on demand ,It will be on first come first serve when a switch receives a
packet no matter what the sources or destination ,the packet must wait if other packet
being processed.

Two types of packet switched networks: Datagram network and Virtual circuit network
DATAGRAM NETWORK
In datagram network, Each packet is treated
independently of all other .Even if a packet is part of a multipacket transmission, the
network treats it as through it existed alone .Packet in this approach are refers to as
datagrams .The datagram networks are sometimes referred to as connectionless
networks. The term connectionless means that the switch does not keep information
about the connection state. There are no setup or teardown phases.
ROUTING TABLE:

BCA Page 33
 Computer Networks & Security

In the absence of setup and teardown phase each packet is routed to the destination by
routing table. A switch in a datagram network uses a routing table that is based on
destination address. The destination address and the corresponding forward output ports
are recorded in the table.

DESTINATION ADDRESS:
Every packet in a datagram network carries a header that contains the destination address
of the packets.When the switch receieves the packet this destination address is examined
the routing table is consulted to find the corresponding port through which the packet
should be forwarded.The destination address in the header of a packet in a datagram
network remains the same during the entire journey of the packet.

BCA Page 34
 Computer Networks & Security

The datagram network uses to deliver four packet from station A to station .the switch n
a datagram network are referred to as routers. So different symbol for switching in fig. All
four packets belong to same message but may travel different path to reach destination
.In most protocols it is responsibility of upper layer protocol to record the datagram or ask
for lost datagram before passing on to the application.

VIRTUAL CIRCUIT NETWORK:

A virtual circuit network is a cross between a circuit switch network and a datagram network.

Common characteristics are:

❖ As in Circuit switched network there are setup phase, data transfer phase and tear
down phase.
❖ Resources are allocated during setup phase as in circuit switched network or on
demand as in a datagram network.
❖ As in a datagram network ,data are packetized and each packet carries an address
in the header.
❖ As in circuit switched network all packets follow the same path established during
the connection.

BCA Page 35
 Computer Networks & Security

In a virtual-circuit network, two types of addressing are involved: global and local (virtual-
circuit identifier).Global Addressing: A source or a destination needs to have a global address-an
address that can be unique in the scope of the network or internationally if the network is part of
an international network.
Virtual-Circuit Identifier:
The identifier that is actually used for data transfer is called the virtual-circuit identifier
(VCI). A VCI, unlike a global address, is a small number that has only switch scope. It is used by a
frame between two switches. When a frame arrives at a switch, it has a VCI; when it leaves, it has
a different VCI. The following figure show how the VCI in a data frame changes from one switch
to another. Note that a VCI does not need to be a large number since each switch can use its own
unique set of VCIs.

Three Phases:
As in a circuit-switched network, a source and destination need to go through three phases in a
virtual-circuit network: setup, data transfer, and teardown.
setup phase- the source and destination use their global addresses to help switches make table
entries for the connection.
Teardown phase- the teardown phase, the source and destination inform the switches to delete
the corresponding entry. Data transfer occurs between these two phases.

BCA Page 36
 Computer Networks & Security

1.Data Transfer Phase-

To transfer a frame from a source to its destination, all switches need to have a table entry
for this virtual circuit. The table, in its simplest form, has four columns. This means that the switch
holds four pieces of information for each virtual circuit that is already set up. We show later how
the switches make their table entries, but for the moment we assume that each switch has a table
with entries for all active virtual circuits.
The following figure shows a frame arriving at port 1 with a VCI of 14. When the frame arrives,
the switch looks in its table to find port 1 and a VCI of 14. When it is found, the switch knows to
change the VCI to 22 and send out the frame from port 3.

2.Setup Phase:
In the setup phase, a switch creates an entry for a virtual circuit. For example, suppose source A
needs to create a virtual circuit to B. Two steps are required: the setup request and the
acknowledgment. Setup Request: A setup request frame is sent from the source to the
destination. The following figure shows the process.

a. Source A sends a setup frame to switch 1.

b. Switch 1 receives the setup request frame. It knows that a frame going from A to B goes out
through port 3.

BCA Page 37
 Computer Networks & Security

The switch, in the setup phase, acts as a packet switch and it has a routing table which is different
from the switching table.
For the moment, assume that it knows the output port. The switch creates an entry in its table
for this virtual circuit, but it is only able to fill three of the four columns. The switch assigns the
incoming port (1) and chooses an available incoming VCI (14) and the outgoing port (3). It does
not yet know the outgoing VCI, which will be found during the acknowledgment step. The switch
then forwards the frame through port 3 to switch 2.

c. Switch 2 receives the setup request frame. The same events happen here as at switch 1 and
three columns of the table are completed: in this case, incoming port (l), incoming VCI (66),
and outgoing port (2).

d. Switch 3 receives the setup request frame. Again, three columns are completed: incoming port
(2), incoming VCI (22), and outgoing port (3).

e. Destination B receives the setup frame, and if it is ready to receive frames from A, it assigns a
VCI to the incoming frames that come from A, in this case 77. This VCI lets the destination
know that the frames come from A, and no other sources.
Acknowledgment:
A special frame, called the acknowledgment frame, completes the entries in the switching tables.
The following figure shows the process.

BCA Page 38
 Computer Networks & Security

a. The destination sends an acknowledgment to switch 3. The acknowledgment carries the

global source and destination addresses so the switch knows which entry in the table is to be
completed. The frame also carries VCI 77, chosen by the destination as the incoming VCI for
frames from A. Switch 3 uses this VCI to complete the outgoing VCI column for this entry. Note
that 77 is the incoming VCI for destination B, but the outgoing VCI for switch 3.

b. Switch 3 sends an acknowledgment to switch 2 that contains its incoming VCI in the table,
chosen in the previous step. Switch 2 uses this as the outgoing VCI in the table.

c. Switch 2 sends an acknowledgment to switch 1 that contains its incoming VCI in the table,
chosen in the previous step. Switch 1 uses this as the outgoing VCI in the table.

d. Finally switch 1 sends an acknowledgment to source A that contains its incoming VCI in the
table, chosen in the previous step.

e. The source uses this as the outgoing VCI for the data frames to be sent to destination B.

BCA Page 39
 Computer Networks & Security

3.Teardown Phase:
In this phase, source A, after sending all frames to B, sends a special frame called a
teardown request. Destination B responds with a teardown confirmation frame. All switches
delete the corresponding entry from their tables.
MESSAGE SWITCHING:
Message switching uses a store and forward communication method to transmit data from
sending to receiving node. The data is sent from one node to another which store it temporarily
until a route towards the data’s final destination become available .Several node along the route
store and forward the data until it reaches the destination node. Message switching is used when
we send an email message on an enterprise network with file server acting as “ post office”. The
message goes from one post office to the next until it reaches the intended recipient.
Message switching is a mode of data transmission in which a message is sent as a complete until
and routed via a number of intermediate node at which it is stored and then forwarded.

• To send a message from one station to another it first address the destination address to
the message .

• No direct link is established between sender and receiver .Each message is treated as
independent unit.

• In message switch, each complete message is then transmitted from device to device
through internetwork. Messaging is treated from source node to intermediate node.

BCA Page 40
 Computer Networks & Security

• The intermediate node store the complete message temporarily, inspects it for error and
transmits the message to the next node based on availability of free channel .

• So message switched network called store and forward network.

i. Message M1 transmitted from A to H and m1 follows the route A-

>B->C->D->F->G->H ii. Message M1 transmitted from A to H and m2 follows the
route A-
>C->F->G->H iii. The first electromechanical telecommunication system used message
switching for telegrams.

ADVANTAGE OF MESSAGE SWITCHING

a. It provides efficient traffic management by arranging priorities to the message to
be switched.
b. No physical connection is required between the source and destination as it is in
circuit switching.
c. It reduces the traffic congestion on network because of store and forward facility.
d. Channel are effectively used and network device share the data channels.

BCA Page 41
 Computer Networks & Security

PREVIOUS UNIVERSITY QUESTIONS

SECTION A
1. Give an example of simplex mode of data flow (Dec 2015)
2. What is Nyquist bit rate formula? (Dec 2015)
3. What is microwave frequency range? (Dec 2015)
4. In which type of connection more than two devices can share a
single link? (Dec 2016)
5. What is the unit of bit rate? (Dec 2016)
6. What is modem? (Dec 2016)
7. Which type of network is designed to extend over an entire
city? (Dec 2016)

SECTION B
1. What are the advantages of computer networks? (Dec 2015)
2. Write short notes on microwave transmission (Dec 2015)
3. Explain the different types of twisted pair wire (Dec 2015)

SECTION C
1. Why switching mechanism is required and explain the different type of
switching mechanisms? (Dec 2015)
2. Explain LAN,MAN,WAN and compare these three(Dec 2015)
3. Explain the different types of data transmission used in wire
mode (Dec 2016)

BCA Page 42
 Computer Networks & Security

4. Explain LAN,MAN,WAN and compare these three(Dec 2016)

MODULE - 2

NETWORK SOFTWARE Module II

Protocols – standards- Layering, packets, Layered PDUs, ISO-OSI model, TCP/IP model –
Comparison. Framing- bit oriented, byte oriented, Error correction – detection – parity, hamming
code, CRC. Flow control, error control- Piggybacking, pipelining, Protocols- Noiseless and noisy
channels – stop &wait, Stop &wait ARQ, Sliding window. Access control - pure- slotted ALOHA,
CSMA, CSMA/CD. LAN Standards – Ethernet, Token bus, Token ring. Interfacing devices – bridge,
hub, switch, router, gateway.

BCA Page 43
 Computer Networks & Security

PROTOCOLS

➢ Protocols is an argument between communicating parties on how communication is to

proceed.
➢ Protocol is a set of rules that allow two or more entities of a communication system to
transmit information.
➢ Protocols are the rules or standards that defines the syntax , symantics and
synchronisation of communication and possible error recovery method.
➢ Communication protocol have to be agreed up on by the parties involved to reach
agreement , a protocol may be developed into a technical standard.
➢ Communicating system use protocol for exchanging various messages.
➢ A group of protocols design to work together are known as protocol suite. When
implemented in software they are a protocol stack.
➢ Example for protocol
▪ TCP/IP,HTTP , FTP
▪ TCP- Transmission Control Protocol which uses a set rules to exchange message
with other internet points at information.
▪ IP- which uses a set of rules to send and receive message at any internet address
level.
HTTP- Hyper text transfer protocol and FTP file transfer protocol. Each with defined set of
rules to use with correspond program else were on internet.

STANDARDS
Standards used in computer industry by various international body by concern primary
with either the internal operations of a computer or the connection of local peripheral
device.
Computer have different architecture understand different languages store data in
different format and communicate at different trades. So there is incompactibility and
communication is different.
Due to this incompactibility they needs standards for communication Standards are two
types

BCA Page 44
 Computer Networks & Security

1. De facto standard:
Which exist by virtue of their wide spread
use.IBM products have de facto standards
2. De jury standard:
Which is formally recognize and adopted by an agency that has
achieved national or world wide recognition. Several national
and international agency play a strong role in establishing network standards that
ensure a common ground for communication and network equipments.
1. International organization for standardization(ISO)
2. Institute of Electrical and Electronics Engineers(IEEE)
3. International Telecommunication union(ITU)
4. American National Standards Institute(ANSI)
5. International Electro technical Commission(IEC)
6. Internet society(ISOC)&Associated Internet Engineering Task Force(IETF)
7. Electronic Industries Alliance (EIA) Associated Tele communication Industry
Association(TIA)
8. The Internet Architecture Board(IAB)

1) International Organization for Standardisation (ISO)

The ISO is a non governmental organization based in Geneva, Switzerland over
thousand countries participate. The ISO develop a communication architecture called
open system inter connection(OSI reference model in 1978), which defines the
protocol that would allow two computer to communicate. Independent of their
architecture. This model develop process to so long that OSI model never came into
wide spread use.
2) Institute of Electrical and Electronics Engineers(IEEE)
The IEEE is the largest professional organization in the world and consist of computing and
engineering professions. It is invoke the developing standards for computing
communication and for processing in electrical engineering and electronics. It
sponsered an important standard for local area network called project 802. The
project 802 specifications are
1. 802.1 An overview of 802 standard.

BCA Page 45
 Computer Networks & Security

2. 802.2 Standard for logical link control and other language for basic network
connectively.
3. 802.3 Standards for CSMA/CD.
4. 802.4 Standards for tokens passing bus access.
5. 802.5 Standards for token ring access and communication between LANS and
MANS.
6. 802.6 Standards for LANS and MANS.
7. 802.7 Standards for broadband and cable technology.
8. 802.8 Standards for fiber optic cable.
9. 802.9 Standards for integrated network service.
10. 802.10 Standards for inter operable LAN and MAN.
11. 802 Standards for wireless connectively.
3) International Telecommunication Unit(ITU)
The ITU is affiliated with united nation is an international treaty organization , ITU is the
standard organization which is more closely related to communication industry. ITU
agency of UN has 3 sectors.
ITU-R Deals with radio communication.
ITU-D Development sector.
ITU-T Deals with telecommunication.
4) American National Standard Institute (ANSI)
ANSI is a private non government agency where members are manufactures users and
other interest companies. It has nearly 1000 members and itself a member of
international organization for standard ANSI has sector the standards for fiber
distributed interface and for LAN using fiber optic.

5) International Electro technical Commission (IEC)

IEC is a non governmental agency standard for data processing and inter connection
and safety in office equipment. It was involved in the development of joint
photographic expert group(JPEG). A group that devised a compression standard for
images.

BCA Page 46
 Computer Networks & Security

6) Internet Society(ISOC)&Associated Internet Engineering Fast Force

ISOC and IETF are concerned with explicating the growth and evaluation of internet
communication . IETF is an international community where members include network
designers vendors and researches they concentrate on the issue including
enhancement TCP/IP. They divide the work group to handle various technical aspects.
7) Internet Architecture Board (IAB)
The IAB is a technical adversary group of ISOC and community of IETF. It concern with
the architecture for protocols and standards used by internet.
8) Electronic Industries Alliance(EIA) &
Telecommunication Industries Association (TIA)
EIA is responsible to develop network cabling in standards. EIA has made contributions
by defining physical connection interfaces and electronic signaling specifications for
data communication. TIA was created as a separated body with the EIA to develop
telecommunication cabling standards.
Layering
➢ To reduce the network design complexity network are organized as a stack of layer or
levels.

➢ Each one built upon the one below it.

➢ The number of layers ,the content of each layer and the function of each layer differ from
network to network.

➢ The purpose of each layer is to offer certain services to the higher layers.
➢ The layer n on are machine carries on a conversation with layer n on another machine.
➢ The rules and conventions used in this conversation and collectively called layers n
protocol.

➢ The entities comprising the corresponding layers on different machine are called peers.
The peers may be processor, hardware device etc….

➢ The peers communicating using protocol.

BCA Page 47
 Computer Networks & Security

➢ Between each pair of adjacent layers is an interface. The interface defines which primitive
operation and services the lower layer make available to upper.

➢ In reality no data directly transferred from layer n on one machine to layer n on another
machine.

➢ Each layer passes data and control information to the layer immediately below it until it
reaches the lowest layer.

➢ Below layer ,physical medium through which actual communication occurs.

➢ Virtual communication show by an dotted line and physical communication by solid lines.
➢ A set of layers and protocols is called network architecture.
Design issues for layers
❖ Addressing issues

❖ Data transfer issues

❖ Error correction and detection

❖ Preserving order of message

❖ Flow control

❖ Inability of all process to accept arbitrary long messages

Host 1 Host 2

BCA Page 48
 Computer Networks & Security

Packets

➢ Packets is a self contained parcel of data sent across a computer network. Each packet
contains a header that identifies the sender and recipient and a payload are that
contains the data being sent.
➢ There are two facts motivate the use of packets
i. A sender and recipient need to coordinate transmission error and
data can be lost. Dividing the data into small blocks help a sender
and receiver determine which block arrive in fact art which do not.
ii. To ensure that all computers receive fair , prompt access to a shared
communication facility , small packets helps ensure fairness.
➢ To avoid having one compiler hold a network for an arbitrary time, modern computer
network uses packets.

BCA Page 49
 Computer Networks & Security

➢ The network permits one compiler to send a packet, then block that computer from
sending again. Mean while the network permits another compile to send a packet and
so on.
➢ A single computer can hold a shared resource only long enough to read a single packet
and must wait until other computer have a turn before sending second packets.

4 computers A,B,C&D share a communication channel and they use it for transfer file,
while computer ‘A’ sends a file to computer ‘D’ , computer ‘B’ and ‘C’ must wait.
Computer takes turns sending packet over the shared resource each packet is small no
computer experience along delay.
Layered PDU s
➢ PDU is a protocol data unit. PDU is the information that is delivered as a unit among
per entities of a network and that may contain control information such as address
information and uses data.
➢ In layered system PDU is a unit of data which is specified in a protocol of a given layer
and which consist of protocol. Control information and possibly uses data of that layer.

➢ The term PDU is used for describe data as it moves from one layer to another of
reference model.
➢ PDU is often used with packets.
➢ In reference model conversations takes between different layer. At every layer
communication take message that is send between corresponding system element of
two or more devices. Since there messages are mechanism for communicating
information between protocols . They are called protocol data unit.

ISO-OSI MODEL

The OSI model is based on a protocol developed by International

Standard Organization (ISO) as a step toward International

BCA Page 50
 Computer Networks & Security

Standardization of protocol used in various layers. It was revised in 1995. The model
is called ISO-OSI (Open System Interconnection) reference model because it deals
with converting open system that are open for communication with other system.
The OSI model has seven layers. The principles that applied to arrive at seven layers
are:

1. A layer should be created where a different abstraction is needed.

2. Each layers should perform a well defined function.
3. The function of each layer should be chosen with an eye toward defining
internationally standardized protocol.
4. The layer boundaries should be chosen to minimize the information flow across
the interface.
5. The number of layers should be enough that distinct functions need not be
thrown together in the same layer out of necessity and small enough that the
architecture does not become un widely.
1. Physical layer
➢ The layer in concerned with transmitting row bits over a communication channel.
The design issue have to do with making sure that when one side send a 1 bit it is
received by other side as 1 bit.
➢ Here some problem arises what electrical signals used to represent 0 and 1, how
many nanoseconds this bit last , whether transmission proceed simultaneously in both
direction. How initial connection established how many pins the network connector has
and what each pin is used etc.
➢ There design issues deals with mechanical , electrical and timing interface as well
as physical transmission medium lies below physical layer.

he OSI Reference Model

Application A Application B

BCA Page 51
 Computer Networks & Security

Application layer

BCA Page 52
 Computer Networks & Security

Communication network

2. Data link layer

➢ he main task of data link layer is to transform a row transmission facility into a line
that appears few of undetected transmission errors.
➢ It does so by making the real errors so the networks layer does not seen them.

➢ It accomplishes this task by having the sender break up the input data into data
frames and transmit sequentially
➢ If the service is reliable the receiver confirms correct receipt of each frame by
sending back an acknowledgment frame.
➢ The issue arises in data link layer is how to keep a fast transmitter from drawing a
slow receiver in data.
➢ Another issue is how to control access to the shared channel.
➢ A special sub layer of data link layer. The medium access control sub layer deals
with the problem.
3. The network layer
➢ The network layer controls the operation of sub net
➢ A key design issue is determining how packets are rated from source to
destination.
➢ Router can be based on static table in the network will done them.

BCA Page 53
 Computer Networks & Security

➢ If too many packets are present in the subnet at the same time they will get in one
another way forming bottleneck.
➢ Handling is also a responsibility of network layer.
➢ When a packet is travelling from one network to another to get its destination
many problem arises
a) Addressing issue:- addressing used by second network is differ from first one.
b) Packet size
c) Protocol difference
The network layer overcome all their problems to allow heterogeneous network to
be interconnected.
4. The transport layer
➢ The basic function to transport layer is to accept data from session layer and given
to network layer. It ensure that all data arrive correctly at the other end.
➢ It provide a error free point to point channel connection that delivers messages or
byte in the order in which key where send
➢ The transport layer is true end to end layer. It should be sure that data send from
source to destination read safely.
➢ The program on source mechanism carries on conversation using message header
and control messages.
5. The session layer
➢ The session layer allow user on different machine for establish session between
them.
➢ The session offers various services
i. Dialog control:- Keeping track of whose turn it is to transmit.
ii. Token management:- Preventing two parties from attempting the same
critical operation simultaneously
iii. Synchronization:-Check pointing long transmission to allow them to pick
up from where they left off in the event of a crash and sub sequent
recovery.

BCA Page 54
 Computer Networks & Security

6. The presentation layer

➢ The presentation layer is concerned with syntax and semantics of information
transmitted.
➢ In order to make it possible for computer with different internal data
representation to communicates the data structures to exchanged can be defined
in an abstract way along with standard encoding to be used.
➢ The presentation layer manages these abstract data structures and allows higher
level data structures.
7. The application layer
➢ This layer contains all the commonly used protocols needed by users.
➢ Widely used application protocol is HTTP(hyper text transfer protocol) which is
basic for world wide web.
➢ When browser want to web page it sends the name of page it wants to serves
hosting the page using HTTP.
➢ The server send the page back.
➢ Other application protocols are used for file transfer, electronic mail and network
news.

THE TCP/ IP REFERENCE MODEL

➢ In 1970, the department of defense (DOD) wanted to interconnect computer and

network. Because progress on standard for OSI model was slow, the government
advanced research project agency (ARPA) developed a set of protocol called
transmission control protocol/internet protocol (TCP/IP) to enable the
interconnection.
➢ The original use of these protocols was in the ARPANET, an n/w that
interconnected various government and university research laboratories,
➢ The DOB eventually mandated that TCP/IP be used in all of its computer and
network. Then TCP/IP became the architecture and the protocol on which the
internet was based .the computer talk over the internet, the language they speak
is the transmission control protocol /internet protocol .the TCP/IP is also the
protocol choice for medium and large sized network.

BCA Page 55
 Computer Networks & Security

➢ The TCP/IP protocol made of four layers.

➢ 1. Link layer 2. Internet layer 3.transport layer 4. Application layer.
➢ The first 3 layers provide ,physical standard ,n/w interface ,internet working and
transport function corresponds to OSI model
➢ The top 3 layers of OSI model are represented in TCP/IP by a single layer called
application layer.

1. THE LINK LAYER:

➢ The lowest layer in the model, link layer describe what link to the network such
as serial lines and classic Ethernet must do the needs of the connectionless
internet layer.
➢ This layer is also known as host to network layer, any host can connect to the
network layer.
➢ It is not a layer in the normal sense of term, it is an interface between host and
transmission link.

BCA Page 56
 Computer Networks & Security

2. THE INTERNET LAYER:

➢ The internet layer defines an official packet format and protocol called IPC
(internet protocol), plus a companion protocol called ICMP (internet control
message protocol) that helps it function.
➢ The internet layer uses IP protocol to route data between networks.
➢ The job of internet layer I to deliver IP packet where they are supported to go.
➢ It provides connection less service and conjunction control.
3. THE TRANSPORT LAYER:

➢ The layer above the internet layer in TCP/IP model is called transport layer.
➢ It is designed to allow peer entities on the source and destination host to carry
on a conversation as in the OSI transport layer.
➢ The transport layer is responsible for providing reliable communication including
error checking procedures.
➢ Two end to end transport protocol are used in this layer .This protocol provides
services to this layer.
➢ The first one is TCP is reliable connection oriented protocol that allow a byte
stream originating an one machine to be delivered without error on any other
machine in the internet .it fragment the incoming byte stream into discrete
message and passes each one on to the receiving TCP process resembles the
received message into the output stream.
➢ TCP also handle flow control to make sure a fast cannot swamp a slow recives
with more message that it can handle.
➢ The second protocol in this layer is USP(user data gram protocol)is an unreadable
connectionless protocol for application that do not want TCP sequencing or flow
control
.
➢ It used in client sever type request reply queries and application in accurate
delivery of data .
4. THE APPLICATION LAYER

BCA Page 57
 Computer Networks & Security

➢ The application layer contains the programming required to support the user
application.
➢ This layer contain higher level protocol such as
FTP,SMTP,HTTP
➢ An application layer protocol is only one piece of n/w application.
➢ The file transfer protocol provides a way to move data efficiency from one
machine to another.
➢ The SMTP is for electronic mail (simple mail transfer protocol)
➢ The web application layer protocol HTTP defines the format and sequence of
message that are passed b/w browser and web application.

TCP/IP PROTOCOL GRAPH:

COMPARISON OF OSI AND TCP/IP REFERENCE MODEL:

SIMILARITIES:

➢ The OSI and TCP/IP are based on the concept of stack of independent protocol
.Also the functionality of layer are roughly similar.
➢ In both models, the layers above the transport layer are application oriented
used of transport services.
➢ In models, the layers up through and including the transport layer.

BCA Page 58
 Computer Networks & Security

DIFFERENCE:

➢ The three concepts are central to OSI model.

1) Services: each layer perform some services for above layer it tell what the layer
does.
2) Interfaces: A layer interface tells the process above it how to access it. It specifies
what the parameter are and what result to except.
3) Protocols: Peer protocols used in a layer are layer’s own duty .It provides offered
services.
➢ The TCP/IP model did not clearly distinguish b/w services ,interface and
protocol so the protocol in OSI model are better hidden than in the TCP/IP model
➢ The OSI reference model was devised before the corresponding protocol
were invented .In TCP/IP the protocol cause first and the model was just a
description of existing protocol.
➢ OSI has seven layer and TCP/IP has 4 layer
➢ The OSI models support both connection and connection oriented
communication in the network layer. But only connection oriented
communication in the n/w layer .The TCP/IP model has only one mode in network
layer but support both modes in transport layer giving the user a choice.
FRAMING:
 Data link control deal with procedures for communication between two adjacent
nodes, nodes to node communication.
 Data link control function includes framing and flow and error control.
 Data transmission in physical layer means moving bits in form of signal from source
to destination.
 The data link layer needs to pack bits into frames.
 Framing in the data link layer separates message from one source to a destination
by adding a sender address and a destination address.
 The destination address defines where the packets to go, the sender address help
the recipient acknowledgment the recipient.

FRAME SIZE:

BCA Page 59
 Computer Networks & Security

➢ Frames can be fixed or variable size. In fixed size framing there is no need for
defining the boundaries of frames.
➢ In variable size framing need define the end of one frames and beginning of next.
➢ Two approaches were used for their purpose 1. Byte oriented 2.bit oriented.

1. BYTE ORIENTED FRAMING:

In byte oriented data carried are 8 bit characteristics. It includes.

i. THE HEADER: carrier source and destination address. ii. CONTROL

INFORMATION:
iii. THE TRAILER: This carries error detection redundant bits also
multiples of 8 bits.
iv. FLAG: it is added at the beginning and end of a frame. The flag
composed of protocol dependent special characters, signals the
start or end of a frame.

➢ The flag should be a text, other information such as graphics audio, video that a
part of information.
➢ If this happens, the receiver when it encounters this pattern in the middle of data
thinks it reached the end of frames.
➢ To fix the problem byte stuffing strategy was added to the byte oriented framing.

➢ In byte stuffing, a special byte is added to the data section of the frame .when
there is a character with the same pattern as flag.
➢ The frame when there is a character with the same pattern as flag.
➢ The data section is stuffed with an extra byte is called escape character (ESC).and
it has a predefined bit pattern .whenever the receiver encounters the ESC
character ,it removes it from data section and treats the next as data.

BCA Page 60
 Computer Networks & Security

➢ Here also another problem arises if the text contains one or more escape
character followed by a byte with same pattern as the flag .receiver removes the
escape character, it removes it from data section and treats the next character
as data.
➢ Here also another problem if the text contains one or more escape character
followed by a byte with same pattern ass the flag. The receiver removes the
escape character and keeps next byte so it is incorrectly interrupted as end of
frames.
➢ To solve this problem ,the escape character that part of text must also marked
by another escape character
➢ In Short byte stuffing is the process of adding one extra byte whenever there is
a flag or escape character in the text.

2. BIT ORIENTED FRAMING:

➢ In bit oriented framing, it included a header trailer; data section includes text,
graphics, audio video etc and a flag to define the end and beginning of a frame.
➢ Most protocol uses 8 bit special pattern flag ‘01111110’in frame.

BCA Page 61
 Computer Networks & Security

➢ Here also the problem arises if the flag pattern appears in the data .we used to
inform receiver that this is not end of frame .This can be done by bit stuffing .
➢ The bit stuffing strategy is to stuff 1 single bit to present pattern looking like a
flag.
➢ In bit stuffing if a 0 and five consecutive 1 bits are encountered an extra 0 is
added.
➢ This stuffed extra bit is eventually removed from the data by receiver.
➢ In short stuff bit stuffing is the process of fading one extra 0 whenever five
consecutive is follow a 0 in the data, so that the receiver does not mistake the
pattern 0111110 for a flag.

ERROR CORRECTION AND ERROR DETECTION:

➢ Any time data can get corrupted can get corrupted in passing during transmission
from one device to another .The ability to detect when a transmission has been
changed is called error detection.
➢ When errors are detected, the message is discarded, the sender is notified and
the message is sent again.
➢ When an error is detection, it may fix without a second transmission this is called
error correction.
TYPE OF ERROR:

BCA Page 62
 Computer Networks & Security

1)Single bit error

2) Burst error
Whenever an electromagnetic signal flow from one device to another any
interface from heat, magnetism and other form of electricity can change shape
or timing of signal .if signal
carrying encoded binary data

1) SINGLE BIT ERROR:

In single bit error 0 is changed to 1 and 1 is changed to 0. Here only one bit of
given data unit is changed.

2) BURST ERROR:

Burst error means two or more than two bits in data unit have changed from 1 to
0 or 0 to 1.The difference b/w first corrupted bit and last corrupted bit is called
the length of the burst error.

ERROR DETECTION:

➢ When data transmitting from one device to another the receiving device does
not have the original copy of transmitted data, so it is not easy to detect the
error without comparison of receiving data and original data.
And if it satisfier of data cause the transmission slow.

BCA Page 63
 Computer Networks & Security

➢ Including extra information in transmission data for purpose of comparison

instead of repeating entire data stream, a shorter group of bit append to the
end of unit is called redundancy.
➢ Because the extra bit are redundant to the information and they are discard as
soon as the accuracy of transmission determined.
➢ The sender send data unit after the addition of group of bit. The receiver
checks the bit stream through the checking function.

SOME TYPES OF REDUNDANCY CHECK ARE:

BCA Page 64
 Computer Networks & Security

A. PARITY CHECK
B. CYCLIC REDUNDANCY CHECK

i. PARITY CHECK:

➢ The most common approach for error detection.

➢ A parity bit is added to every data unit.
➢ By adding 1 bit to make total no of 1 bit even(even parity ) or odd (odd parity
).The extra bit is called parity redundant bit .These method is called vertical
redundancy check( VRC).

➢ If the transmitter is transmitting 1100010 and using even parity it will append
1 and transmit.
➢ The receiver examined the received data and if total no of 1 is even it
assumes that no error that no error has occurred.
➢ If 1 bit is erroneously inverted during transmission then receiver will detect
an error and reject the whole unit.
➢ A parity check has its own limitation if two bits are inverted due to an error
an undetected error occurs.

fig

BCA Page 65
 Computer Networks & Security

E.g.: for example sender wants send “world’ .In ASCII 5 characters are
represented.

W=1110111

O =1101111 Even number of 1’s.

R =1110010 L =1101100

ii. CYCLIC REDUNDANCY CHECK:

➢ One of the most common and most powerful errors detecting technique in
CRC.
➢ CRC is based on binary division.
➢ In CRC a data or message of K bit block, the transmitter generates an n bit
sequence, so sender can transmit k + n bits.
➢ This k + n bits exactly divisible by same predetermined number.
➢ The receiver checks the data unit is then divided again by the
predetermined number if there is no reminder then there is no error.

BCA Page 66
 Computer Networks & Security

DATA: 1001

BCA Page 67
 Computer Networks & Security

ILLUSTRATION OF CRC GENERATION:

Step1: generator takes data and augmented it with n – k no

of 0’s
I.e., n – k + 1 = 4// 4 is no of bits in divisor.
n – K =3 //3 0‘s are augmented to the data. Step 2: The
newly elongated data is divided by the predetermined divisor,
which is n+1, this is called binary division .The remind Resulting
from this division is the CRC.

Step 3: The CRC of n bit derived in step 2.replaces the appended ‘0’ at
the end of data unit.

CRC CHECKER:

BCA Page 68
 Computer Networks & Security

Illustration of CRC checker:

Step 1: The data unit arrives at the receiver data first, followed by CRC.
Step 2: The receiver treats the whole string as a unit and divides it by the
same divisor that was used to find the CRC reminder.
Step 3: If the string arrives without error the CRC checks yield as reminder
of zero and data unit passes.
Step 4: if the string has been corrupted in transmission ,the divisor yield a
non zero reminder and data unit discarded.

ERROR CORRECTION DURING HAMMING CODE

➢ A single bit error correction method developed by R.W. Hamming involves creating
special code words from data to be send. The code is called Hamming code.
➢ The Hamming code requires the insertion of multiple parity bits in the bit string before
sending.
➢ The parity bit checks the parity in strategic location. If the bits are altered, their positions
determine a unique combination of parity check errors.
➢ When the frame is sent the receiver recalculates the parity check. If the sending is failed,
the combination of failures tells the receiver which bits were affected.
➢ The receiver then can set the bits to their correct values.
➢ This technique is common for memory addressing and transmitting bits from registers to
RAM and back.
➢ For e.g.: to correct single bit error in ASCII character the error correction code
determines which of seven bits has changed, to distinguish between them 8 different

BCA Page 69
 Computer Networks & Security

states i.e. no error , error in position 1, position2,……up to position 7. This requires

enough redundancy bit to show all eight states.
➢ Hamming code can be applied to data units of any length.
➢ E.g.: seven bit it can be intercepted with original data bits.
RELATION SHIP BETWEEN DATA AND REDUNDANCY BIT

‘m’ is the number of data bit. ‘r’ is the number of redundancy bit. If ‘parity or redundancy check
used 2^r possible combination of failures and success.

2r ≥ m+r+1

Number of data Number of

bits redundancy bits
1 2
2 3
3 3
4 3
5 4
6 4
7 4
POSITION OF REDUNDANCY BIT IN HAMMING CODE
11 10 9 8 7 6 5 4 3 2 1

m1 m2 m3 r8 m4 m5 m6 r4 m7 r2 r1

Redundant bits

BCA Page 70
 Computer Networks & Security

Each ‘r’ bits has one combination of data bits r1:

bits 1,3,5,7,9,11 r2 : bits 2,3,6,7,10,11 r4: bits

4,5,6,7 r5: bits 8, 9, 10, 11

REDUNDACY BIT CALCULATION

Parity bit
r1

101’1’ 100’1’ 011’1 ’ 010’1’ 001’1’

000’1’

m1 m2 m3 r8 m4 m5 m6 r4 m7 r2
r1

BCA Page 71
 Computer Networks & Security

Parity bit

r4

0’1’11 0’1’10 0’1’01 0’1’00

m1 m3 r8 m4 m5 m6 r4 m7 r2 r1
m2

BCA Page 72
 Computer Networks & Security

Parity bit

r8

‘1’011 ‘1’010 ‘1’010 ‘1’000

m1 m2 m3 r8 m4 m5 m6 r4 m7 r2 r1

PROBLEM;

EG: if redundancy calculation of 7 bits data unit and 4 parity checks, total ‘11’ bits.

Data: 100110

11 10 9 8 7 6 5 4 3

1 0 0 r8 1 1 0 r4 1 r2 r1

2 1

Adding r1

BCA Page 73
 Computer Networks & Security

1 0 0 r8 1 1 0 r4 1 r2 1

[r1 is calculated to provide even parity for combination of bit 3,5,7,9,11] Adding r2

1 0 0 r8 1 1 0 r4 1 0 1

[r2 is calculated to provide even parity for bit combination 3,6,7,10,11] Adding r4

1 0 0 1 1 0 ‘0’ 1 0 1

[r4 is calculated by even parity for bit combination 7,6,5,4]

Adding r8

1 0 0 1 1 1 0 0 1 0 1

[r8 is calculated with bit 8,9,10,11]

BCA Page 74
 Computer Networks & Security

Code 10011100101

(Data 1 redundancy code)

BCA Page 75
 Computer Networks & Security

1 0 0 1 0 1 0 0 1 0 1

BCA Page 76
 Computer Networks & Security

For e.g.: imagine code 10011100101 will be received, 7 bit position number has been changed
from 1 to 0

BCA Page 77
 Computer Networks & Security

Sent

1 0 0 1 1 1 0 0 1 0 1

Error

Receiver

BCA Page 78
 Computer Networks & Security

1 0 0 1 0 1 0 0 1 0 1

r4

1 0 0 1 0 1 0 0 1 0 1

r8
The bit in position 7 is error ‘1’

MEDIUM ACCESS CONTROL

➢ When nodes or stations are connected and uses a common link called a broadcast link.
➢ In broadcast Network the key issue is how to determine who gets to use the channel when there
is competition of it.
➢ Many protocols have been devised to handle access to a shared link all of these protocols
belongs to the Sublayer in the Datalink layer called MEDIUM ACCESS CONTROL sublayer.

BCA Page 79
 Computer Networks & Security

The protocol used to determine who goes next on multi access channel belongs to a
sublayer of datalink layer called the MULTIPLE ACCESS PROTOCOLS.

MULTIPLE ACCESS PROTOCOL

RANDOM ACCESS PROTOCOL CONTROLLED ACCESS PROTOCOL CHANNELIZATION PROTOCOL

ALOHA CSMA CSMA/CD CSMA/CA

➢ In random access or contention methods no station is superior to another station and

none is assigned control over other.
➢ At each instance,a station has to send data defined by a protocol to make a decision it
include the listing of state of medium (ideal or busy).
➢ System in which multiple users share a common channel in a way that can lead to conflicts
are known as contention system.it collision deleted we should retransmit.
➢ In random access method one interacting protocol is ALOHA – which used a very simple
procedure calledmultiple access it is classified into PURE ALOHA and SLOTTED ALOHA.
➢ In CSMA-carrier sense multiple access it forces the station to sense the medium before
transmitting.
➢ In CSMA/CD - It lead the station what to do when a collision is detected.
In CSMA/CD –it is CSMAwith collision avoidance .which tries to avoid collision.

BCA Page 80
 Computer Networks & Security

1. ALOHA
➢ ALOHA is a random access method was developed at university of Hawaii in 1970.Itwas
designed for radio LAN.It can be used in shared medium.
➢ There will be potential collisions in this arrangement, the medium is shared between
station.
➢ When a station sends data another station may attempts to do so at the same time and
data from two stations will collide.

1. PURE ALOHA

➢ The original ALOHA protocol is called pure ALOHA.

➢ Each station sends a frame whenever it has a frame to send.
➢ There is one channel to share so there is possibility of collision between frames from
different station.
➢ No global synchronization for time in pure ALOHA use continuous time.
➢ The pure ALOHA relies on acknowledgement from receiver. When a station sends a frame,
it expects the receiver the receiver to send an acknowledgement.
➢ If the acknowledgement does not arrive after a time out period the station assume that
frame has been destroyed and resends the frame.
➢ A collision involves two or more station if there station tryto resend again there will be
frames collide again.
The pure ALOHA detects that when time out period passes, each station wait a random
amount of time before it resend the frame. This will help to avoid more collisions.

BCA Page 81
 Computer Networks & Security

Station 1

Station 2

Station3

Station4

Here 4 station attempts to send frame on shared medium .frames will collide and 2 frames
use survived from station 1 and station3 rest of them. Where destroyed and need to
resend.

DERIVATION FOR THROUGHPUT IN PURE ALOHA

THROUGHPUT: amount of data moved successfully from one place to another in a given period
or unit time.

VULNERABLE TIME PERIOD: length of time in which there is a possibility of collision.

FRAME TIME: frame time is the amount of time needed to transmit the fixed length frame.

BCA Page 82
 Computer Networks & Security

Assume users generate frames according to position distribution with mean

‘s’ frames per frame time

If s>1,the user generate frames at higher rate than a channel can handle and suffer a collision it
is reasonable to expect 0<s<1

Now addition to new frames, the retransmission of frames whoface the collision will be done.

So assume probability of K transmission attempts per frame time, old and new combined. It is
also a passion distribution with mean ‘G’ per frame time.

Ie G>=S [heavy load]

At low load (S~=0),few collision

. ‘. G=S

At high load many collision G>S

.’. Underall load,the throughput is the G timesprobability of transmission being successful.

Ie S=GP0 is the probability of frame do not suffer a collision.

The probability of K frames are generated during given frame time by passion distribution is

Pr(K)=(G)^K e^-G

K!
.’.probability of O frames is e^-G

P0(K)=e^-G^(k=0)

In an interval of 2 frame time long mean number of generated =2G

Pn=e^2G

.’.S=GP0

S=Ge^-2G

BCA Page 83
 Computer Networks & Security

The throughput is the total capacity of equipment to transmit the signals in frame time,S=Ge^-
2G

The through put for pure ALOHA,

S=Ge^-2G
The maximum through put ,Smax=1/(2e)=0.184
When G=1/2

2. SLOTTED ALOHA

➢ Slotted ALOHA has double capacity of an ALOHA System.

➢ In slotted ALOHA, divide the time into slots or discrete intervals, each slot or interval
corresponding to one frame.
➢ When a transmission is returned, it should wait for the beginning of next slot.
➢ The continuous pure ALOHA is turned into discrete one.
➢ Here also there is probability for collision if two stations try to send at the beginning of
same time slot.

Station1

Station2

BCA Page 84
 Computer Networks & Security

Station3

Station4

Slot1 slot2 slot3 slot4 slot5

Here station 2 and station3 collides at slot2,station 1and 4 collides at sloat3

DERIVATION FOR THROUGH PUT IN SLOTTED ALOHA

Assume that user generates frame according to positions distribution with mean ‘S’ frame per
frame time.

Assume that probability of K transmission attempts per frame time,old frame +retransmission at
the next turn of slot .it also passion distribution with mean ‘G’per frame time

S=GP0

Here the vulnerable period is now half

Probability of no other traffic during the same slot by positions distribution Pr(K)=(G)^K e^-G
K!

So the probability of no traffic during the same time slot Pr(0)= G^0e^-G

0^1

P0=e^-G

.’. S=GP0

S=Ge^-G

BCA Page 85
 Computer Networks & Security

The throughput for slotted ALOHA S=Ge^ -G

The maximum throughput , w hen G =1

S=1/e=0.368

EXPECTED NUMBER OF TRANSMISSION

Probability that frame will not have a collision =e^-G

Probability of a collision is 1-e^-G

Probability of transmission requiring K attempts (K-1 collision followed by 1 success)

Pk=e^-G(1-e^-G)^K-1

Expected number of transmission,E

∞

E=∑KPk

K=1

E= ∑ Ke^-G(1-e^-G)^k-1

K=1

=e^-G

3. CARRIER SENSE MULTIPLE ACCESS /CSMA

➢ To minimize the chance of collision and to increase the performance the CSMA method
was developed.

BCA Page 86
 Computer Networks & Security

➢ The chance of collision can be reduced if a station senses the medium before trying to
use it.
➢ The CSMA requires each station first listen the medium before sending.
➢ CSMA based on sense before transmit.
➢ CSMA can reduce the possibility of collision, but cannot eliminate it.
➢ The possibility of collision still exists because of propagation delay.

PERSISTENCE METHODS

What should a station do if the channel is busy? What should a station do if the channel is idle?
Three methods have been devised to answer these questions
1. 1-PERSISTENT METHOD 2. NON PERSISTENT METHOD 3. P-PERSISTENT METHOD

1. 1-PERSISTENT

➢ The 1 –persistent method is simple and straight forward.

➢ When a station has data to send it first listen to the channel to send if anyone else is
transmitting at that moment.
➢ If channel is busy, the station waits until it detects the ideal channel.
➢ If the station find that the channel is ideal it sends frame immediately.
➢ In this method there is chance of collision because two or more station may find the line
ideal and send these frame immediately.
➢ When collision occurs, the station waits a random amount of time and starts all over
again.
➢ So it is 1-persistent because the station transmits with a probability of 1 whenever it finds
the channel ideal.

2. NON PERSISTENT

➢ In non persistent CSMA ,a conscious attempt is made to be less greedy than 1-persistent.
➢ Before sending a station the channel if the line is ideal it send immediately.
➢ If the line is busy it waits a random amount of time and senses the line again.

BCA Page 87
 Computer Networks & Security

These approach reduces the channel of collision because it is differ from two or more
station will wait the same amount of time and retry to send simultaneously.
➢ But this method reduces the efficiency of network because the medium remains ideal
when station with frames to send.

3. P-PERSISTENT

➢ The p-persistent method is used in the slotted channel.

➢ It combines the advantage of 1-persistent and non persistent.It reduces the chance of
collision and improves efficiency.
➢ When a station become ready to send, It sense the channel, if it is ideal then it follows.
1. With probability P, the station send its frame.
2. With probability q=1-p the station waits for the beginning of next time slot and
check the line again. a)if the line is ideal , it goes to step1
b)if the line is busy,it act as through a collision has occurred and uses the back off
procedure

3. CSMA/CD
➢ The interference between two signals is called a collision.
➢ It does not allow to reach the data at the destination correctly
➢ The Ethernet standard requires a sending station to monitor signals on table,if the signal
on the cable differs from the signal that the station sending it means that a collision has
occurred.
➢ Whenever a collision is detected sending station immediately stops transmitting.
➢ Monitoring a cable during the transmission is known as collision detection (CD).
If two station sense the channel to be ideal and begin transmitting.so they will detect the
collision immediately rather than finish transmitting frames they should abruptly stop
transmission as soon as the collision is detected quickly terminating damaged frames save
time and bandwidth .Tis protocol known as CSMA/CD.
➢ It is widely used in LAN ie MAC sub layer.

BCA Page 88
 Computer Networks & Security

➢ The access mechanism used in a ether net is called carrier sense multiple access with
collision detection CSMA/CD

LAN STANDARDS

1. ETHERNET:IEEE Standard 802.3

➢ Ethernet is a most widely used computer networking technology in LAN.
➢ It was defined by802.3 standard by IEEE , the Ethernet access method is used to connect
computer in company ,home as well as to a single computer to a modem for internet
access.
➢ IEEE 802.6 supports LAN standard Ethernet was originally developed by Xerox and later
extended by join ***** digital equipment corporation, Intel corporation and Xerox.
➢ Ethernet has a bus topology it is commonly used to connect PCs, work stations , printers
and file servers even main frames.
➢ To understand IEEE 802.3 standard, it is important to understand where it fits in a layered
design.
➢ Network operations typically defined by the lowest three layers of OSI model ie, physical
layer, data link layer, network layer.
➢ The data link layer is responsible for performing services to OS the network layers and for
accurate communication between two nodes in a network.
The accurate communication involves frame format, error checking and flow control.
➢ The data link layer is divide into two sub layer.
1.LOGICAL LINK CONTROL (LLC)

2.MEDIUM ACCESS CONTROL (MAC)

BCA Page 89
 Computer Networks & Security

NETWORK LAYER

LLC IEEE 802.3 standards

MAC

Inter face

Data link layer

PHYSICAL LAYER

IEE2.3

➢ The logical link control handles logical link between stations,MAC controls access to the
transmission medium.
➢ IEEE 802.2 standards is an LLC based on HDLC protocol
(High level data link control)
➢ IEEE 802.3 standard is an MAC protocol , IEEE 802.3 defines two categories Base band and
Broad band.

2.IEEE STANDARD 802.5 : TOKEN RING

➢ Token ring LAN is defined by IEEE standard 802.5.
Like ether net, the token ring is a MAC protocol sitting between logical link control (LLC)
and physical layer in OSI model.
➢ Stations on a token ring LAN are connected in a ring using ring interface or network
inter face card (NIC).

BCA Page 90
 Computer Networks & Security

➢ A station can send directly to only its neighbour (clock wise) ie only to one
neighbours
➢ If a station wants to send to another station on ring. The frame must go through
all intermediate inter face.
➢ Ring contention (collision) is handled through a special bit pattern or frame called
token , circulate around the ring whenever all stations are ideal.
➢ The network access mechanism used by ether net may result in collision and
produce delay by multiple station attempting to capture link at same time.
➢ Token ring resolves this uncertainty by requiring the station take turn sending data,
each station transmit only during its turn and only send one frame during each
turn. This rotation is co-ordinated by token passing.
➢ If the station wants to transmit a data frame it is required to seize the token and
remove it from ring before transmitting.

BCA Page 91
 Computer Networks & Security

➢ This actin can be done by inverting a single bit in 3-byte token.

3.IEEE STANDARD 802.4: TOKEN BUS

➢ LAN have direct application in factory automation and process control which controls the
manufacturing process , so they need real time processing with minimum delay.
➢ 802.3 ether net is not suitable for this purpose because number of collision is not predictable.
➢ Token bus (IEEE 802.4) combines the features of ether net and token ring.
➢ It combines the physical configuration of ether net (a bus topology) and collision free feature token
ring.
➢ Token bus is a physical bus that operates as a logical ring using token.

Token circulates
: A-B-C-D-E
Fig; token bus
The stations are logically organized into a ring and token ****** them a station wants
to send something must wait for the token to arrive. Stations must communicate via
common bus in ether net.
Five stations A,B,C,D,E connected to a bus. The logical order is A-B-C-D-E , then starts by
sending token to B along the bus. As ether net each station is capable of receiving it but
token’s destination address specifies which station is goes on. When B received the token
it has permission to send frame if it has no frame, it sends token to C .similar process go
on.

BCA
Page 92
 Computer Networks & Security

➢ A station receives a token from its predecessor and send a token to its
successor .
➢ Another difference between token bus and ring is token bus station must know
there successor and predecessor.
➢ Token bus is limited to factory automation and process control and no
commercial application in data communication

INTER FACING DEVICES

➢ Interfacing devices are hardware component or system component used to connect host
together to make a network or to connect networks together to make an internet.
➢ Interfacing devices can operate in different layer of internet model

Application layer Application gateway

Transport layer
Transport layer gateway

Network layer
Router
data link layer

Bridge, switch
physical layer

Repeater, Hub
1. BRIDGE
➢ Bridge is a network device that connect
one LAN segment to another.
➢ A bridge is a hardware device used to extend a LAN. A bridge which connects two cable
segment forwards complete correct frames from one segment to another.
➢ A bridge does not forward inter face or other problem. Any pair of components on the
extended LAN can communicate the computer do not know whether a bridge separates
them.

BCA
Page 93
 Computer Networks & Security

➢ Bridge operates at data link layer of OSI model and perform error detection, frame
formatting frame routing.
➢ Bridge used to
• Extend LAN when maximum connection limit such as 30 node limit an ether
net segment has been reached.
• Extend LAN beyond length limit.
• Segment LANs to reduce data traffic bottlenecks.
• Prevent unauthorized access to a LAN.
➢ Bridge intercepts all network traffic and reads the destination address on each frame to
determine if the frame should be forwarded to next network.
➢ Bridge can be used as firewall to keep intruders out of network.
➢ Bridges are popular than repeats because they help to isolate problem.
➢ If two segments connected to repeats and lightning causes Ethernet interference an one
of them, repeats will propagate the interference to the other segment.
➢ In interference occurrence in one of two segments connected by a bridge, the bridge will
receive an incorrectly formed frame bridge simple discard the frame, contains error.
➢ Bridge will not forward a collision from one segment to another, thus bridge prevents
protection on one segment from affecting the other.

BCA
Page 94
 Computer Networks & Security

2. HUB

➢ A hub is a central network device that connect network nodes such as workstation and servers
in a star topology.
➢ Hub is a device which have multiple inputs and outputs,all active at one time.
➢ A hub can
1) Provide a central unit from which to connect multiple nodes one network.
2) Permit large number of computers to be connected on single or multiple LANs.
3) Reduce network congestion by centralizing network design.
4) Provide multi-protocol services.
5) Consolidate the network backbone.
6) Enable high speed communication.
7) Provide connections for different media types (coaxial, twisted pair, fiber).
8) Enable centralized network management.
➢ Hubs are sometimes called multi station access unit(MAU). The MAU act as a central hub on
a token ring network.
➢ The MAU connect work station into logical ring through a physical star topology.
➢ It means token and frames around the ring and amplify data signals.
➢ There are different kinds of hub.
▪ Passive hub

BCA
Page 95
 Computer Networks & Security

▪ Active hub
▪ Intelligent hub
▪ Switching hub
➢ A passive hub act as a pathway allowing data to flow from one device on a segment to
another. It simply resends a signal without regenerating it.
➢ An active hub serve ass repeater to boost the signal strength, there by longer cable runs out
to individual workstation or servers. They regenerate and process signals.
➢ An intelligent hub can detect errors and provide assistance to a technician when attempting
to locate a failing component, such as cable with high error rate, cable cut, failing work
station.
➢ A switching hub re broad cast every packet to every port. It reads the address of destination
for each packet and forward it to the proper port.

3. SWITCH
➢ A switch is a device that connects two or more network segment and allow different nodes to
communicate smoothly.
➢ A switch make a direct connection between the transmitting device and receiving device.
➢ Switches provides bridging functionality with greater efficiency.
➢ Switch may operates both physical and data link layer.
➢ As a physical layer device, it regenerates the signal it receives, as a link layer device, it check the
source and destination address contained in the frame.
➢ The switch will hold the destination address and port in a switching table.

BCA
Page 96
 Computer Networks & Security

Switch table

Address Port

A switch may act as a multiport bridge to connect device or segments in a LAN. The switch
has buffer for each link to which it is connected.

➢ When a station switch receives a packet, it stores the packet in the buffer of receiving link and
checks the address to find the outgoing link.
➢ If the outgoing link is no chance for collision and the switch sends the frame to particular link.
➢ Switches are made based on two different strategies

▪ Store and forward

▪ Cut through
➢ A store and forward switch stores the frame in the input buffer until the whole packet has
arrived.

BCA
Page 97
 Computer Networks & Security

➢ A cut through switch, forward the packet to the output buffer as soon as the destination
address is received.

4. ROUTER
➢ A router is an internet working device it connect independent network to from an internet world.

BCA
Page 98
 Computer Networks & Security

To the rest of internet

Router

10 gigabit LAN
Main frame server

LAN LAN

➢ A router is a 3 layer device it operates in physical layer to regenerates the signal it receives, in data
BCA
Page 99
 Computer Networks & Security

link layer check the source and destination address layer, router checks the network layer
address .

BCA
Page 100
 Computer Networks & Security

Eg: Two separate building LAN connected by switching to the sever the router the connect the
whole system to internet.
➢ A router perform some of same function of bridge.
➢ A router is used to

1) Efficiently direct packets from one network to another reducing excessive traffic.
2) Join neighbouring or distant network.
3) Connect dissimilar networks.
4) Prevent network bottlenecks by isolating portion of a network.
5) Secure portion of a network from intruders
➢ A router performs two basic activities
I. They determine the optional routing path and transporting data through network.
▪ The router use a packet’s destination address and routing table stored in m/m
to determine how to forward the packet. They maintain the routing table with
the last information.
▪ The logic that router use to determine how to forward data is called a routing
algorithm.
II. Router provide connectivity inside enterprises, between enterprises and the internet
and internet service provider (ISP).
• Router need to communicate with other router so they exchange routing
information. This can be done by routing protocols.
• The typical routing protocol for internet communication are
❖ BGP (border gateway protocol)
❖ EGP (exterior gateway protocol)
❖ OSPE (Open shortest path first)

BCA
Page 101
 Computer Networks & Security

❖ RIP (routing information protocol)

5. GATEWAYS
➢ The gateway is a software or hardware interface that enable two different type of networked
system or software to communicate.
➢ If two network operate according to different network protocol a gateway is used to connect them.
➢ Gateway usually operate as OSI layer 4.
➢ It translate the protocol to allow terminals on two dissimilar network to communicate.
➢ Gateway also translate data code eg: ASCII to EBDIC code.
➢ The gateway used to

1) Convert communication used protocol to a specialized protocol (eg. TCP/IP to SNA)

2) Convert message format from one format to other.
3) Translate different addressing schemes.
4) Link a host computer to a LAN.
5) Connect network with different architecture
➢ They may be implemented on a specially designed circuit lard or by using specialized software in
a standard PC.
➢ An ISP which connect user in a home to the internet is a gateway.
➢ Gateway can suffer for, slow performance because of protocol translation.
➢ Difference between bridge and gateway is bridge connect network use same protocol

BCA
Page 102
 Computer Networks & Security

PREVIOUS UNIVERSITY QUESTIONS

SECTION A
1. Give an example of simplex mode of data flow (Dec 2015)
2. What is Nyquist bit rate formula? (Dec 2015)
3. What is microwave frequency range? (Dec 2015)
4. What is HDLC protocol? (Dec 2016)
5. What is flow control? (Dec 2016)
6. Which layer in OSI model use switches (Dec 2016)
SECTION B

BCA
Page 103
 Computer Networks & Security

1. What are the two reasons for using layered protocol(Dec 2015)
2. Explain the functions of data link layer (Dec 2015) 3. What is meant by error
detection and correction? (Dec 2015)
4. Explain the functions of data link layer (Dec 2016)
5. Give example where pipe lining can be applied in data
communication (Dec 2016)
6. Explain the byte oriented type of framing (Dec 2016)
SECTION C
1. Explain the different type of data transmissions used in wire
mode (Dec 2015)
2. Explain the hamming code correction with an example of four bit data
(Dec 2015)
3. Explain the different types of framing techniques in DLL
(Dec 2015)
4. Compare TCP/IP and OSI model (Dec 2016)
5. Explain the different type of standard organization used in data communication
(Dec 2016)

SECTION D
1. Explain the OSI reference model in detail with functions of
each layer (Dec 2015)
2. Explain the TCP/IP model in detail with functions of each
layer (Dec 2016)
3. Explain CRC code. find the CRC for the data polynomial x4+x2+x+1 where
generator polynomial is x3+1. (Dec 2016) PREVIOUS UNIVERSITY
QUESTIONS
SECTION A
1. What is the maximum throuput in slotted ALOHA protocol?
(Dec 2015)
2. What is the maximum throuput in slotted ALOHA protocol?

(Dec 2015)

BCA
Page 104
 Computer Networks & Security

SECTION B
1. What are the different type of random access protocol?
(Dec 2015)
2. Write short notes on Ethernet (Dec 2015)
3. Explain the functions of bridge (Dec 2015)
4. What are the different types of random access protocol?
(Dec 2016)
5. Explain the term hub and switch (Dec 2016)
6. Explain the functions of token ring (Dec 2016)

SECTION C
1. Explain the function of pure ALOHA and derive the
maximum throughput (Dec 2015)
2. Write short notes on different type of LAN standard (Dec2015)
3. Explain the checksum method of error detection in detail
(Dec 2016)

4. Explain the different types of CSMA techniques in detail

(Dec 2016)
5. Explain the different types of Ethernet (Dec 2016)

SECTION D

1. Explain the different types of ALOHA protocol and derive its maximum throughput.
(Dec 2016)

BCA
Page 105
 Computer Networks & Security

MODULE - 3

INTERNETWORKING Module III

Internetworking- datagrams, fragmentation – routing-Distance vector routing, Link state routing.

Concepts of congestion control-leaky bucket algorithm. Process to Process delivery -TCP, UDP,
Application Layer DNS, Remote login, file transfer protocol(FTP).

INTERNETWORKING

When two or more networks are involved in an application, the mode of working between
system as internetworking. The term internetwork refers to composite networks[LAN,WAN.MAN]
being used. Each constitute networks of internetwork is a subset. Each constitute network in an
internet support communication among the devices attached to that network. There are end
systems .

DATAGRAMS

• The packet sent across the TCP/IP layer is called an IP datagram.

• A Datagram is a unit of transfer associated with networking.
• Each datagram consists of a header followed by data.
• Source and destination address in datagram header are ip address

BCA
Page 106
 Computer Networks & Security

• Each router along the networking path receives datagram and use the destination address to
determine the next loop to which datagram should be sent.
• The router forward datagram again to the next loop and reaches destination
• The router keeps the information in a routing table.

HEADER DATA AREA

Protocol function

IP provides a no: of Core function to carry interworking with networks it includes Fragmentation,
reassembly, routing, error reporting etc.

FRAGMENTATION:

• Each network technology defines a maximum amount of data that can be transmitted in a
packet. The limit is known as the network Maximum Transaction Unit (MTU).
• A datagram cannot be larger than the MTU of a network over which it is sent.
• When a router receives a datagram that is larger than the MTU of the network over which it
is to be sent, the router divides the datagram into smaller piece called fragments. Each
fragment uses the IP datagram formed, but carries only part of the data.
• The process of creating the copy of original datagram from fragments is called reassembling.
• Each fragment carries some data from original datagram and have ip headed similar to the
original datagram

BCA
Page 107
 Computer Networks & Security

IP HEADER ORIGINAL DATAGRAM DATA AREA

IP HEADER 1 DATA1 IP HEADER 2 DATA2 IP HEADER 3 DATA3

ROUTING:

• To transfer packet from a sending host to the destination host ,the network layer must
determine the path or route that the packet are to follow
• The network layer must determine the path for a packet .This can be done by network layer
routing protocol.
• Routing is the process that a router uses to forward .Packet forwards the destination network.
It also a path determination function.
• The purpose of routing algorithm is to determine the path for a packet.
• In the given set of routers with links connecting the router ,a routing algorithm finds a good
path from source to destination.
• A good path is one that has least cost.
• Some routing algorithm are
❖ Distance vector routing
❖ Link state routing

BCA
Page 108
 Computer Networks & Security

DISTANCE VECTOR ROUTING

• The distance vector routig is a methid for exchange routing information via router as a vector of
direction and distance.
• In a distance vector routing ,least cost router between any node is the router with minimal
distance
• The router keeps a list of all known router in a table.
• Each node maintain a vector table of minimal distance to everyone.
• Each entry in the table identifies a distance network and gives the distance to that network usually
measured in hop.
• The term distance vector comes from the information sent in the periodic message.
• A message contains a list of pairs (V,D) where V identified a destination vector and D is the distance
to that destination.

In eg node A thinks that it is not connection to h because corresponding cell show the least cost of
infinity

• To improve the vector ,the nodes need to help each other Bby exchanging information
• After each node has created its vector it sends a copy of the vector to all its immediate neighbor.
• After a node receives a distance vector from a neighbor ,it updates its distance vector
• UPDATING DISTANCE VECTOR FROM FIG:

BCA
Page 109
 Computer Networks & Security

NEW B OLD B A
A A A 0
B B B 2
C C C ∞
D D ∞ D 3
E E 4 E ∞
F ∞ F ∞ F ∞
G ∞ G ∞ G ∞

• First Event ,A has sent its vector to node B,B receives a copy of A’s vector so node B updates using
cost CBA=2 ,here least cost of node D changes from “∞” to “5”.
NEW B OLD B E
A 2 A 2
B 0 B 0 A
C 5 C 5
B
D 5 D 5
C
E 4 E 4
F 6 F ∞ D

G ∞ E
G ∞
F
G

• Second Event, Node E has sent its vector to node B,B receives a copy of E’s vector. Node B updates
using cost CEF=4.Here least cost of node F changes from “∞” to “6”.
LINKING STATE ROUTING /SPF ROUTING

BCA
Page 110
 Computer Networks & Security

• A routing algorithm which creates least cost tree and forwarding table is Link state routing.
• The cost associated with an edge define the state of the link.
• Link with lower cost are preferred.
• Link state routing consists of
▪ Link state packet (LSP) : a small packet of information send between routers.
▪ Link state database: a collection of information gathered from LSP, used to create least cost
tree.
▪ SPF algorithm : A collection performed on the database that results in SPF tree.

Weighted Graph Link State Database

A B C D E F G
A 0 2 ∞ 3 ∞ ∞
∞
B 2 0 5 ∞ 4 ∞
∞
C ∞ 5 0 ∞ ∞
4 3
D 3 ∞ ∞ 0 5 ∞
∞
E ∞ 4 ∞ 5 0
2 ∞
F ∞ ∞ 4 ∞ 2
0 1
G ∞ ∞ 3 ∞ 2
1 0

BCA
Page 111
 Computer Networks & Security

Node Cost Node Cost

A 2 B 5
C 5 F 4
E 4 g 3
Node Cost
Node Cost
B 2
C 3
D 3
F 1
Node Cost
A 3
E 5
Node Cost Node Cost
B 4 C 4
D 5 E 2
E 2 G 1

Formation of Least Cost Tree/SPF algorithm

To create leas cost tree using link state database, each node needs to run Dijkstra’s Algorithm.

Dijkstra’s Algorithm

Step 1: The node chooses itself as the root of the tree, creating a tree with a single node , and set
the total cost of each node based on the information in the link state database.

BCA
Page 112
 Computer Networks & Security

Step 2: The node selected one node, among all node, in the tree which is chosen to the root and
add this to the tree after this node is added to the tree the cost of all other node in tree need to
update because the path may have been changed.

Step 3:The node repeats step 3 until all nodes are added to the tree.

Concept of Congestion Control

• Congestion control is a technique and mechanism that can either prevent congestion before
it happenes or remove congest before it happens.
• Congestion control is a mechanism for improving performance.
• Congestion in network layer is related to two issues throughout and delay ,both measures as
function of load.
• The congestion control mechanism divided into two :
➢ OPEN LOOP CONGESTION (PREVENTION)
➢ CLOSED LOOP CONGESTION (REMOVAL)
OPEN LOOP CONGESTION CONTROL

It prevents congestion before it happens, congestion control handled by either sender or receiver.
List of policies can prevent congestion.

a) Retransmission policy: If sender feels that sent packet is lost or corrupted packet need to
retransmission, good retransmission policy prevents congestion.
b) Window policy: The type of window may also affect congestion .The selective repeat
window is better than go back window for congestion[go back N window resent when
time expires selective repeat tries to send specific packet lost or corrupted]
c) Acknowledgment policy: The acknowledgement policy imposed by receiver may also
affect congestion .If the receiver does not acknowledge every packet it receives ,it may
slow down the sender and help prevent congestion.
d) Discarding policy: A good discarding policy by the router may prevent congestion and at
the same time may not harm the integrity of transmission.
e) Admission policy: An admission policy which is quality of service mechanism also prevent
congestion in virtual network.

BCA
Page 113
 Computer Networks & Security

CLOSED LOOP CONGESTION CONTROL

It lay to alleviate congestion after it happens .some mechanism used here are

a) Backpressure: This technique refer to a congestion control mechanism which is congested node
stop receiving data from immediate upstream node.
b) Choke packet: A choke packet is sent by a node to the source to inform it of congestion.
c) Implicit signaling: In implicit signaling, there is no communication between the longest node and
the source.
d) Explicit signaling: The node that experiences congestion can explicitly send a signal to the source
or destination.

LEAKY BUCKET ALGORITHM

• Leaky bucket algorithm is used to implement traffic policing and traffic shaping in Ethernet
and cellular data network.
• It is used to control rate in a network
• It is implemented as a single server queue with constant service time.
• If the bucket is overflow then packets are discarded
• In this algorithm input rate can vary but o/p remains constant.
• This algorithm saves busty traffic into fixed rate traffic by averaging data rate.
• The algorithm works similarly to the way an actual leaky bucket holds water the leaky bucket
takes data and collects it up to a maximum capacity
• Data in the bucket is only released from the bucket at a set rate and size of packet..
• When bucket runs out of data the leaking stops, if the incoming data would overfill the bucket
then the packet is non conformant and not added to the bucket.

BCA
Page 114
 Computer Networks & Security

ALGORITHM
Step 1: Initialize the counter to ‘n’ at every tick of clock. Step 2: If n greater that the
size of packet in the front of queue send the packet into the network and decrement
the counter by size of packet .Repeat the step until n is less than size of packet. Step
3: Reset the counter and go to step 1.

PROBLEM:

Let n=1000 front

Packet=
200 700 500 450 400 200

n>front of queue ie n>200

n=1000-200=800 packet size of 200 is sent to network.

200 700 500 450 400
again n>front of queue ie n>400 n=800-400=400 packet size of 400 is

sent to network.

BCA
Page 115
 Computer Networks & Security

200 700 500 450

n<front of queue ie 400<450 procedure is stopped .

And we initialize n=1000 on another tick of clock This procedure is repeated until all packets are sent.

Process to Process Delivery

• The transport layer is located between network layer and application layer .Transport layer is
responsible for providing services to the application layer
• The duty of transport layer is to provide process to process communication.
• The network layer is responsible for communication at host to host
.
• A network layer protocol deliver the message only to destination computer It is an incomplete
delivery. The message still needs to be handed to the correct process.
• The transport layer is responsible for delivery of message to the appropriate process
• To achieve the process to process communication via client server paradigm.
• A client is a local host and server is a remote host
TCP TRANSMISSION CONTROL PROTOCOL

• It is a connection oriented, transport level protocol that provides reliability in TCP/IP protocol
suite.
• TCP allows 2 application program to form a connection, send data in sseither direction and
then terminate the connection.
• Each TCP connection is started reliable and terminated gracefully with all data being
delivered before the termination occurs.
Services offered by TCP to the process at application layer

• Connection orientation-TCP provides connection oriented services which

application request a connection to destination and use connection to data
transfer.
• Point to point communication- Each TCP connections has exactly two endpoints.

BCA
Page 116
 Computer Networks & Security

• Complete reliability- TCP guarantees that the data sent across a connection will be
delivered exactly as sent, with no data nursing and out of order.
• Full duplex communication-A TCP connection allows data to flow in either
direction and allows either application pgm to send data at any time.
• Stream interface-Application sends a continuous sequences of octets across a
connection.
• Reliable connection startup: TCP requires that when two application creates a
connection, both must agree to the new connection.
• Graceful connection shutdown: An application pgm can open a connection send
data and then request that connection be shutdown .TCP guarantees to deliver all
the data reliably before closing the connection.

• TCP uses single type of protocol data called TCP segment.

BCA
Page 117
 Computer Networks & Security

An end to end transport protocol

• Here two host & a router illustrate the TCP and IP relationship
&TCP an end to end transport protocol
UDP-USER DATAGRAM PROTOCOL

• UDP is an unreliable connectionless transport layer protocol used for its simplicity and efficiency
in application. It provides process to process communication.
• UDP provides an end to end services that allow an application program to send and receive
individual messages each of which travel in a separate datagram
• UDP is a simple protocol using a minimum of overhead. If a process want to send a small message
and does not care much about reliability ,it can use UDP
• UDP packet called user datagram have fixed size header of 8 byte made of 4 fields Each of 2 bytes
• The first 2 fields define source & destination port no, third field defines total length of user
datagram, header plus data, last field is checksum

BCA
Page 118
 Computer Networks & Security

CHARECTERISTICS OF UDP
• End-End: UDP is a transport protocol provides process to process communication.
• Connectionless services: The interference that UDP supplies to application follows a
connectionless paradigm.
• Message Oriented :An application that user UDP sends and receives individual messages

• Best effort: UDP offer application the same best effort delivery semantics as IP.
• Arbitrary interaction: UDP allow an application to send many other app and receive from many
other app.
• Operating system independency

APPLICATION LAYER:
The application layer contains commonly used protocols for users. The client to server
communication can be done by DNS, Remote login, File transfer protocol etc.
1. Domain Name System(DNS)
The naming schema used in internet is called the domain Name System.

BCA
Page 119
 Computer Networks & Security

Computer name consists of a sequence of alphanumeric segments separated

by periods e.g.: computer in Vellore engg college at madras university has
domain name www.vel.madrasuni.edu
Domain names are hierarchical with most significant part of the name on right.

The left segment of computer is the name of an individual computer.

Other segments In the domain name identify the group that owns the name
The domain name system specifies values for significant segment called TOP LVEL
DOMAIN.
To obtain domain ,an organization must register with an approved register ,a
unique domain suffix is a assigned to each organization.

Domain name Assigned

COM COMMERCIAL ORGANIZATION
EDU EDUCATIONAL INSTITUTE
GOV GOVERNMENT ORGANIZATION
MIL MILITARY GROUP
NET MAJOR N/W SUPPORT
ORG ORGANIZATION OTHER THAN ABOVE
INT INTERNATIONAL
COUNTRY CODE A COUNTRY

2. REMOTE LOGIN
It is One of the most popular internet application .Instead of having a
hardwired terminal to each host, we can login to one host and then remote
login across the network to any other host.
The main task of internet & its TCP/IP protocol to provide services for user.

BCA
Page 120
 Computer Networks & Security

If user want to be able to run different application pgm at remote site & create
result that can be transferred to their local site.
Allow user to login on remote computer ,use the services available on remote
computer and transfer result back to local computers
Client server application pgm called telnet (terminal network ),it enables the
establishment of connection to a remote system that local terminal appears to
be a terminal at remote system.

When a user want to access the application program on remote machine

should perform remote login .Here TELNET client and server programs come
to use.
User sends the key stroke to terminal drives where local os accepts character
but does not interpret them.
The character are sent to telnet client network virtual terminal character and
delievers them to local TCP/IP stack.

BCA
Page 121
 Computer Networks & Security

The command travel through internet and arrive at TCP/IP stack at the remote
machine.
The character cannot be passed directly to the OS because the remote OS is
not designed to receive character from a terminal drive.
The solution is to add a piece of software called Pseudo terminal drive which
pretends the character as coming from a terminal .The OS then passes the
character to appropriate application program.

3. File Transfer Protocol(FTP)

The file transfer services in the internet uses file Transfer protocol.
FTP is a general purpose protocol that can be used to copy an arbitrary file from
one point to another.
FTP is designed to permit interaction
FTP client establishes connection with a specified server to transfer file.
Client server interaction in FTP

FTP uses client server paradigm .Assure runs on local FTP application which
interprets the command and specifies remote computer.

BCA
Page 122
 Computer Networks & Security

Client uses TCP connection to establish a control connection to an FTP services.

The client and server uses the FTP protocol when they communicate over the
control connection.
When user enter a command the client interprets the command. The
command requires interaction with the services. The client form a request
using FTP protocol and sends request using the FTP protocol and sends request
to the services. The server uses the FTP protocol when it sends a reply.
FTP uses a control connection only to send commands and receive response.
When it transfers a file FTP does not send data across the control connection.
So client and server establish a separate data connection for each file transfer.
Use it to send one file and then close connection if user request another
transfer, the client and server establish a new data connection. To avoid conflict
between data and control connection, FTP uses a different protocol port no:
for each.
So the data connection appear and disappear frequently the control
connection persist ant for entire session.
While a transfer client and sever have two connection open data & control
connection once transfer complete client & server close the data connection &
continue to use the control connection.

BCA
Page 123
 Computer Networks & Security

PREVIOUS UNIVERSITY QUESTIONS

SECTION A
3. What is congestion control? (Dec 2015)
4. What is http in application layer (Dec 2015)
5. Name the two types of congestion control algorithm(Dec 2016)
6. TCP and UDP protocol belongs to which layer? (Dec 2016)

SECTION B
7. What is congestion control? (Dec 2015)
8. Explain the functions of adaptive and non adaptive routing
(Dec 2015)
9. Explain remote login function (Dec 2015)
10.Explain the two types of congestion handling methods
(Dec 2016)
11.Explain the functions of routing and their classification (Dec 2016)
12.Write a short note on file transfer protocol (Dec 2016) SECTION C
6. Compare congestion control and flow control (Dec 2015)

7. What is UDP and explain the UDP segment structure

(Dec 2015)
8. Compare congestion control and flow control (Dec 2016)
9. Write short notes on DNS (Dec2016)

SECTION D
2. What is TCP and explain the TCP header format in detail?
(Dec 2015)
3. Explain the link state routing mechanism in detail (Dec 2015) 4. Explain
the link state routing mechanism in detail (Dec 2016)

BCA Page 124

 Computer Networks & Security

MODULE - 4

INFORMATION SECURITY

BCA Page 125

 Computer Networks & Security

MODULE – 4

Network security – concepts and policies, cryptography -encryption, ciphers, steganography,

symmetric and public key encryption, RSA algorithm, authentication methods, message digest,
digital signatures, DSS, E-mail security, MIME, IP Security, Web Security: Secure Socket layer.
Malicious Software, viruses & anti-virus software, firewall. Security and Law: - Regulations in
India. Indian Copyright Act,
Consumer Protection Act. Future Trends – The Law of Convergence.

NETWORK SECURITY

Introduction

The word security states that, it is the state or the quality of being secured. It means the
software or the system is to be free from any hazards. The attackers can attack the system
intentionally or unintentionally. Network security means protection of the network and allows
only authorised users to access the network. To protect the operation of any organization the
following security layers are needed.

1. Physical security: It provides security to physical objects. It includes the access control to
authorized person to physical devices such as pen drive, CD, computers.

2. Private security: It provides security to individual or group

3. Project security: It provides security to the details of any project such as design code etc.

Information security supports to protect the information from unauthorized persons. In the
modern world computers are used for various applications. So it is very important to protect the
computer from accessed by unauthorised persons. The modifications can happen in storage,
processing or transmit information many times. The attackers make the system busy so that the
authorized users are unable to get the service at the same time unauthorized users may access
the information. This type of attack is called Daniel of service attack.

BCA Page 126

 Computer Networks & Security

Information Security Law

Information Security Law is the body of legal rules, codes, and standards that require to protect
the information and the information systems that process it, from unauthorized access. The
legal risks are potentially significant if we don’t take a pragmatic approach. Information Security
Law forms a key part for successful organisations.

ELEMENTS OF INFORMATION SECURITY

It provides services such as

1. Confidentiality: It makes sure that only authorized users can access the data. The data
should not be accessible to an unauthorized person or groups.

2. Integrity: The validity of the data is checked by integrity. Integrity means that data
received are exactly as sent by an authorized sender. That is at the time of transmission
there is no change of data happened in the data. The modification as change includes
deletion, modification & creation of new information in the data.

3. Availability: It means a functioning condition of a system at any particular instance. It is

a measure to which a system or information is accessible and use full upon request by an
authorized user at any particular time.

Security Policy:

Information security/computer security is concerned with the control of threat created to

the use of information a computer to achieve a security policy. We should develop a secure
computing platform that can resist the users to perform only the particular actions that is
permitted to him/her. Restricting the user to misuse the rights to use the system is called
access control. The security to the information in every computer system can be provided by
using two approaches

BCA Page 127

 Computer Networks & Security

A: External approach: Suppose the system is to be secured from external attackers, necessary
external measurements should be applied. This is called external approach

B: Internal approach: If the internal environment and system itself is not secure necessary
measurements should be applied to protect internal attacks. It is called internal approach.

Different techniques are available to provide necessary security. Any particular technique can’t
provide the full fledge to a system. This is clue to some fundamental flaws present in the
system. Flaws (human made or software errors).

OPERATIONAL MODEL OF NETWORK SECURITY

Security to data can be provide by using different security mechanisms. Such as

encryptions. Secure transmission of data can be done by using secure algorithm, password,
keys can be used to prove security to the data. There are different algorithms available for key
distribution

To send digital information technology called encryption is needed. The original message
is encrypted by a small password which is known to sender and receiver only. Any third party
cannot decrypt the password known to them. Here this password is known as the key.

SECURITY SERVICES

The different security services which help to provide the strong security are

1. Authentication: It is a process of confirm or verifying that some is who be clam key is

2. Data confidentiality: It ensures that information is only accessible to the authorised

person. It is the process of protection of data of information from unauthorised person. In
cryptography confidentiality is done by using encryption.

3. Access control: This ensures that privilege access is withdrawn when the privileges are
revoked.

BCA Page 128

 Computer Networks & Security

4. Integrity: Integrity means the data received are exactly as send by an authorised
sender. I.e. in transmission there is no change happened in the data. In cryptography
hashing algorithms are used to check the integrity of the message.
5. Non reputation: It is the assurance against denial by one of the parties in a
communication. I.e. the receiver and the sender are authorised persons digital signatures
are used for this purpose.

6. Availability: It is the measure to which a system or information is accessible and usable

up on request by an authorised user at any particular time.

BASIC NETWORK SECURITY TERMINOLOGY

1. Cryptography: It is the science of using mathematics to encrypt and decrypt data. It is

the secret writing.

2. Hacking: A hacker is a person or a group of person who creates or delete and modifies
software and hardware of the computer. The hackers break the security for different
purposes. Hacking is of two types depending upon purpose.

a. Ethical hacking

b. Non ethical hacking: they are of 3 types

b.i.White hats: They are also called ethical hackers. They use their knowledge for the best.

e.g.: if we forgot our password of our system. They help us to break the password.
b.ii.Black hats: They are also known as hackers. They break the security of computer for wrecked
intentions.

b.iii.Grey hats: A hacker who is the combination of both white hat and black hat is known as grey hat.

3. Encryption: It is the technique of translation of data (plain text) into a secure code (cipher
text). This is done by using secret keys.
Depending up on number of keys for encryption and decryption.
There are two types of encryption technique.
a. Symmetric encryption: only one key is required for encryption and decryption. There are
many symmetric encrypted algorithms.

BCA Page 129

 Computer Networks & Security

Eg: DES, AES, 3DES

b. Asymmetric encryption: In this encryption two different keys are required. These keys are
called public keys and private keys. The key which is publically available for all are called
public key. The key which is known to the owner is called the private key. Eg:Diffie
Hellman,RSA

4. Decryption: It is technical translation of decoded data into original data. A secret key is used
for decryption.

Crypt analysis:

It is the act of decrypting the encrypted data without knowing the key.

There is different technique for cryptic analysis.

a. Chosen plain text attack

Here key is not known to the attacker. The purpose for this attack is to get the decided cryptic
text.
b. Known plain text attack

In this technique the attacker knows about some parts of the plain text key uses this
information to decrypt rest of the cryptic text.
c. Cyber attack: In this technique the attacker does not have any information about
the original message. The attacker only has cipher text. Using the text attackers
try to find out the original message.

d. Man in the middle: This attack is related to key transmission

Egg: when 2 parties A and B try to communicate each other attackers place himself
between 2 parties A and B. Then the attacker captures data which A and B transfer each
other.

SECURITY ATTACKS

It can be defined as any actions that compromise the security of computer system.

Types of attacks: classified into two categories

BCA Page 130

 Computer Networks & Security

1. Passive attacks: The attack in which the attackers tries to learn something from the
data or to make use of information from system. It does not harm the information or
computer system. The attackers capture data during transmission of data this type of
attacks are phished by dropping (unauthorised listening of private communication).

Passive attacks are of two different types

a. Release of message content:

The attackers capture the content of a message without the knowledge of the
sender and the receiver.
b. Traffic analysis:
The attacker observes the pattern of flow of information during
transmission. Using this observation and the attacker draws the
conclusion about the flow of traffic.
2. Active attack:
In this type of attack the information is altered,
changed or modified by the attacker. The attackers either
modify the information during transmission or at the time when the user create the
information. Active attacks are of four different types.
a. Masquerade
In this type of attack, when A and B are in communication with each other
the attacker communicate with B by saying that he is A.
b. Message replay
In this type of attack the message and information is captured during
transistor then replay or retransmit the previous message.
c. Message modification
In this type of attack the message is first captured, then modify it
and retransmit or resent the modified message.
d. Denial of service attack
In this type of attack the server is overloaded by sending a number falls
request to the server. This prevents the authorised users to use the system
resources on services of the server.

BCA Page 131

 Computer Networks & Security

DATA ENCRYPTION TECHNIQUES

The security measures are very important to protect data and information. The security
measures include authentication access control, encryption, and confidentiality.etc. Encryption
is the process of converting the original information which is meaningful and readable form into
unreadable form. Encryption process requires a key for the conversion .The process of
converting cipher text to plain text is called decryption. The decryption process also uses a key
for conversion. There are a number of algorithms available for encryption. Depending upon the
number of keys used for encryption
The encryption process is divided into two types.
1. Symmetric
2. Asymmetric
A model used for encryption and decryption process called cryptosystem. The study of
various techniques of encryption is known as cryptography the technique used to derive the
plane text from the cipher text without much knowledge about the key and plain text is known
as crypt analysis or breaking the code the cryptography and cryptanalysis together are called
cryptology.
Encryption and Decryption process

The sender sends the plain text by encrypting it using a key and an algorithm. The
generated cipher text will transmitted through the channel, at the recipient end the cipher text
is converted to the plain by using the key and a decryption algorithm.

Encryption methods

Encryption algorithms are classified into two types.

1. Symmetric encryption
2. Asymmetric encryption/public
key cryptography Symmetric
encryption
It is a conventional encryption technique which uses only one key encryption and decryption.

BCA Page 132

 Computer Networks & Security

E.g. if A and B want to communicate with each other first A encrypt the message by using
encryption algorithm and a secret key then A sends the encrypted message to B. The recipient B
uses the same key and algorithm to decrypt the message.

The various components of symmetric encryption and decryption techniques are. a.

Plain text
It is the original message return or created by the sender.
b. Encryption algorithm
There are various algorithms available for encryption; using one of the algorithms plain
text can be converted to cipher text. c. Key
Key is a pattern of alphabets or numbers use to convert plain text into cipher text. In
symmetric encryption the same key is used for encryption and decryption. The security
of any encryption algorithm depends upon the key. To provide more security new key
should be used for every new message.
d. Cipher text:
The encryption algorithm converts the plain text into unreadable form using the key.
This output is called cipher text.
e. Decryption algorithm
It is an algorithm used to convert cipher text to plane text.
Asymmetric decryption
In asymmetric encryption, two different keys are used. The two keys are mathematically
related to each other. Some time each user uses two keys called public key is publically available
and private key is a secret key which knew only to the owner. For asymmetric encryption
algorithm key distribution is not required as each user have their own key.

SUBSTITUTION CIPHER
In substitution cipher one element of plane text is substituted by other element. These
ciphers are also called mono alphabetic ciphers.
In some ciphers, the group of bits are replaced by group of another bit they are known
as poly graphic substitution cipher. a. Caesar cipher:
It is a mono alphabetic cipher it was proposed by Julies Caesar. The cipher text is generated
by shifting each letter from the plain text by same distance.
CT i= E(PTi) = P(Ti + 3) mod 26

BCA Page 133

 Computer Networks & Security

Where CTi is the cipher text letter PTi is the plain text letter in this cipher each alphabet is
numbered such as A=0, B=1........Z=25. As there are total 25 letters mode 28 is used to convert
the last 3 letters. E.g. Convert the word ‘work patiently’ using Caesar cipher.

Plain text : a b c d e f g h i j k l m
Cipher text : D E F G H I J K L M N O P
Plain text : n o p q r s t u v w x y z
Cipher text : Q R S T U V W X Y Z A B C

Plain text : w o r k p a t i e n t l y
Cipher text : Z R U N S D W L H Q W O B
Advantages
a. It is easy to implement.
b.Caesar Cipher is very simple.
Disadvantages
a. Force is possible.
b. It observed it is easy to find out the plain text.
c. Maximum number of key space is 25 which help the attackers to find out the
plain text easily.
b. Mono alphabetic ciphers
It is also known as cryptogram the key for the cipher is generated by rearranging the
alphabets. The mono-alphabetic cipher can have greater than 4x1026 possible keys this larger
numbers of key help to estimate the brute face attack.

E.g. Find the cipher text of ‘we are the best’ using mono-alphabetic cipher.
Plain text : a b c d e f g h i j k l m n o p q r s t u v w x y z
Key :BDFHJLNPRTVXZACEGIKMOQSUWY

Plain text : w e a r e t h e b e s t Key :SJ

B I J M P J D J K M c. Play fair cipher

BCA Page 134

 Computer Networks & Security

It is a well known encryption algorithm. It divides the plain text into a group of two letters
each. each group is treated as a single unit. It is a block cipher of block size 2 the total
encryption process is divided into two parts.
1.preparing the plain text.
2.preparing the key.
3.encription.
Preparing the plain text.
* The Message 1st converted into lower case remove the punctuation and then spilt it
into two group of two bit each.
* Any group has same letters then spilt that group by adding extra letter between the
two letters.
* the last group having only one letter then append into one more letter to complete
the pair.

Preparing the key.

1. Move the duplicate letters from the key and convert the letter into upper case letter.

2. Write the letter into 5x5 matrix from the remaining letters of the alphabet which are
not present in the key . one filled in alphabetical order.
Since there are total 25 alphabets to form 5x5 matrix combine two letters which
occur less in the language.

Encryption
Encryption procedure is done according to following steps:
Step 1 : Read the pair of letters from the plain text if both the letters of plain are on the
same row , the each letter of a pair is replaced by the letter in the right of that letter. If
the letter in a pair is the last letter on the row, then replace it with a first letter of the
same row.
Step 2 : If both the letters of the pairs are in same column, each letter is replaced by next
letter in the same column. If the letter in a pair is last letter in a column, then replace
it with the first letter of the same column.

BCA Page 135

 Computer Networks & Security

Step 3 : If both the letters of pairs are neither in the same column then substitution is
based upon the intersection in the key matrix. Take the first letter from the plain text
locate its position and move across the row. The letters at the intersection is the
cipher text then starts with the second letter and move up and down. The letter at the
intersection is the second letter of the cipher text.
Crypt analysis
The study of methods of breaking the cipher known as is called crypt analysis. The crypt
analyses drive twice to search for the flows and loopholes in the design of the ciphers. The crypt
analyst guesses the key and tries to break the cipher. If the message length in long and the key is
small then crypt analysis is easy.
In transposition cipher the order of letter in the plain text in shuffled. Even then if the key
length in short then it is possible to break the ciphers.
In columns transposition cipher the message is written in row wise the number of letters in a
row is fixed and equal to the length of the key. Then permutation is performed on the letters of
each block which help the crypt analyst to break the cipher.

STEGNOGRAPHY
Hiding information by embedding the message within another message is called
stegnography. It help to keep the message secret can be used to hide text or images. It is used
to support the encryption.
Applications.
Stegnography can use for legal as well as illegal purpose.
Legal purpose
1. Copy writer.
2. To tag notes on online images.
3. To maintain confidentiality of valuable information.
4. To protect the data from unauthorized access.
Illegal purpose
1. For selling the data.
2. Militates use the technique to send their messages.
Limitations
1. A lot of overhead is required.

BCA Page 136

 Computer Networks & Security

2. Once the attacker knows the system then it becomes workless.

DATA ENCRYPTION STANDARDS

Encryption techniques are classified into two types.
1. Block ciphers
In this technique the plain text is divided into a block of fixed number of bits
and processed at a time.
2. Stream cipher
In this technique one bit is processed at a time.
Block cipher data encryption standard uses a plain text block of size 64 bits. Whereas advanced
encryption standard (AES) uses plain text block of size 128,192 or 256 bits.

PUBLIC KEY CRYPTOSYSTEM

Encryption techniques are of two type’s symmetric and asymmetric encryption in symmetric
encryption same key is used for encryption and decryption. Here sender and recipient are
located at different physical locations, So the key should transmitted securely. Some mechanism
is required for transmission of the key. This secure transmission is known as key distribution.

Asymmetric encryption

➢ Two different keys are used.

➢ The keys are mathematically related to each other.

➢ Sometimes two keys are used in each user that in public key and private key.
To maintain the security of the key, only the secrecy of the key in transmission is not
sufficient but one should take care of secrecy of key from creation of the key to distribution
and storage of the different steps in key management are.
1. Authentication of user on the key

2. Insertion of the key.

3. Distribution of the key.

BCA Page 137

 Computer Networks & Security

4. Storage of the key.

Asymmetric cryptography is also known as public key cryptography. The asymmetric key
encryption algorithms are of two type,

1. 4 keys, 1 for each uses.

2. 4 keys, each uses have a pair of keys.

3. Asymmetric encryption algorithm can’t be decrypted easily.

Key distribution is not require has each uses has their own keys.

Therefore public key cryptography provides more security than symmetric encryption.

The components of asymmetric encryption

1. Plain text.

2. Encryption algorithm.

3. Public key & private text.

4. Cipher text.

5. Decryption algorithm.
In asymmetric encryption system a pair of keys is used. A key which is freely available to
all users is called public key, and the private key is a secret key that is never transmitted from
the owner to other users.

Working of public key cryptography

Asymmetric encryption technique takes more computation time as compared to symmetric

encryption technique, so it is not suitable for large message but as it is more secure. It is used to
send key for symmetric encryption. This help to solve the problem of key distribution in
symmetric encryption.

BCA Page 138

 Computer Networks & Security

This help to solve the problem of key distribution in symmetric encryption. The same
approach is used in SSL protocol.

Authentication, Secrecy and Confidentiality

Authentication is provided by using a private key for encryption of the message by the sender.
So that the recipients knows the message is encrypted by the sender and not any other person.
The sender can send the message to anybody using their email id the recipient opens the maid.
By using his own password. This provide secrecy. In confidentiality each user has two keys and
two algorithm for encryption and decryption. When data is received at the receiving end the
recipient’s private key is required for decryption this authenticates that only intended recipient
can decrypt the message. This provides confidentiality.

Comparison between Asymmetric and Symmetric

Asymmetric Symmetric

BCA Page 139

 Computer Networks & Security

➢ Also known as public key encryption.

➢ Two keys are used public and private
key.
➢ Public key is freely available to all the
key should be kept secret.
➢ Same key is used for encryption as
well as decryption.
➢ It is generally used for encrypting
small messages.
➢ Also known as secret key encryption.
➢ Only one key is used.
➢ Private key is a secret key.
➢ One key is used for encryption and
another for decryption.
➢ Usually faster than Asymmetric
encryption.
➢ It is used for small or large messages.

RSA Algorithm

RSA algorithm is contented by Ron Revest, ADI Shamir, and Leonardo Adelman. It is the most
widely used public key encryption method. It is the most secure algorithm if the key is
sufficiently large. The exchange of key is not required in RSA algorithm some algorithm is used
for encryption and decryption. It uses variable key algorithm on the size of the key, large key
makes the algorithm depends on the size of the key. Large key makes the algorithm slow but
provides more security.

The working of RSA algorithm is divided into 3 parts,

1. Key generation

2. Encryption

3. Decryption
RSA ALGORITHM

Step1: generate two large prime NOS p and q randomly.

BCA Page 140

 Computer Networks & Security

Step2: calculate n=p*q and m=(p-1)*(q-1)

Step3: select key for encryption ie, public key KPU=(e,n)

Step4: calculate key for decryption ie, private key KPR=(d,n)

Step5: c=pe mod n , ie c= cipher text p= plaintext

Step6: p=ed mod n,

AUTHENTICATION TECHNIQUES

IN cryptography and new secondary, authentication is done by verifying the digital information
of the sender or the recipient. The traditional method of authentication is user id and password.
Now a days alternative techniques are used for authentication. The different new techniques
are:

1. token based authentication

2. biometric based authentication
3. certificate based authentication
The main objectives of authentication are:-
1. To ensure that the claimant really what they claim to be.
2. Avoid compromising the security.
An authenticating system may be simple or complicated.
Simple system includes systems which are using a plain text password. Complicated system
includes systems like Kerberos system were authentication process is complex. It is more secure
authentication mechanism. Advanced authentication system uses thumb impression, its image
or hash values which provide more security.

AUTHORIZATION

Authentication is the mechanism through which a system

determines what level of access to be provided to a particular authenticated user. Authorization
of any application needs the authentication of the user. Authorisation gives the full access to a
specific application. To provide the security the prerequisite to authorization is authenticated.

BCA Page 141

 Computer Networks & Security

Authentication vs authorization

AUTHENTICATION METHOD

There are different authentication method available:-

1. PASSWORD BASED AUTHENTICATION :

A password is a pattern of characters contains alphabets, numbers and special characters. For
a multiple user or security protected single user system. Each user has a unique identity called
user id which is publically known to all. For authentication each user should have an additional
identification called password. When the user wants to use the computer system he use his user
id and password thus the authentication system verifies the user id and password with the
database. Once the information provided by the user matches with the database,
authentication system allows the user to access the application.

• Client sends the user id

• Client sends the password
• Server verifies the user id and the password with the database called
password table
• Server provides user id and password matches with the database
DISADVANTAGES
▪ Password can be dropped by eaves dropper
▪ If there is too many different password for different application it may be difficult to
remember the password
2) TWO FACTOR AUTHENTICATION METHOD

In this system identification and authentication of the user takes place in two different ways to
establish once identity egg: if a user wants to withdraw money from the ATM machine a two
factor authentication is required.

• The ATM card issued by the bank

• The pin number of the bank

BCA Page 142

 Computer Networks & Security

The ATM is issued by the bank do the authored account

holder of the bank to provide security measures .pin for the card is initially provided by the bank
which the user can change periodically this also provides necessary security

In online banking the physical card is not required .in such

cases user id is required as one of the factor of authentication. The other factor is OTP which is
send to the registered mobile number of the user. OTP is the most secure way of encryption
because pin is no longer valid
to give access to the system. Its life time is small and for every new transaction user gets new
OTP. (ONE TIME PASSWORD) DISADVANTAGES:

▪ Two methods suffers by Trojan horse

▪Man in the middle attack

3)BIOMETRIC AUTHENTICATION

Two methods uses thumb impression, iris or voice for authentication

Eg: the adhere card project of government of India uses biometric authentication method. For
this the finger print and iris impression of the user is taken before issuing the card.
Authentication of employee in different organization use thumb impression for the same.
Thumb impression authentication is also used in college for taking attendance of the students.
Throughout the lifespan of the user his finger point remains invariant. So biometric
authentication better accessibility security

DISADVANTAGE FINGER PRINT AUTHENTICATION SYSTEM: -

1. file to enroll rate. This occur when same people has no finger or may have very faint
finger print impression.

2. REJECT:- this issue is based on the quality of the input image during such cases
authentication is failed due to incorporative users, dust on the finger and improper
usage

BCA Page 143

 Computer Networks & Security

3. if there are cuts and burns on the finger then the match on the current finger
impression and the stored finger impression will never match

4. false accept ratio and false reject ratio

5. FALSE ACCEPT RATIO:-wrong user is identified and authenticated

6. FALSE REJECT RATIO: - the true user is located as none authenticated

These errors occurs with respect to the threshold values

4)EXTENSIBLE AUTHENTICATION PROTOCOL (EAP):-

Extensible authentication protocol support point protocol (PPP)

Microsoft windows operating system uses extensible

authentication protocol to authenticate network access. EAP provides the flexibility to allow for
secure authentication method once the authentication takes place the EAP infrastructure
contains:-

1) ACCESS CLIENT: the computer that bends the request to access the network
2) AUTHENTICATOR: it is an access point or network server
3) SERVER: a computer system which is responsible for authentication
Client and authentication server exchange the message using

Software and a data link layer transport protocol such as PPP or IEEE802.1x. The EAP
authenticator and authentication server send EAP messages are exchange between the EAP
components on the client and the authentication server

MESSEGE DIGEST

Encryption technique provide confidentiality to the message. Authentication technique provide

the access control. Integrity of a messages checked using the hash value or the message digest
calculated from the message. The hash value of the message remains same if the message is
unaltered. (The hash value is also called message digest).

BCA Page 144

 Computer Networks & Security

There are various algorithms to generate the hash value of the message. The message digest is
developed by Ronald Rivets in 1989. The message digest algorithm are of different type MD 2,
MD 4, and MD 5 MD2

the initial version of message digest algorithm is MD2. The working of MD2 is follow:

Step1: the input is the message of an arbitrary length

Step2: pad necessary number of bits to make the message a multiple of 16 octal

Step 3: add a checksum value of 16 bytes

Step 4: the 128 message digest or hash value is generated

PADDING

Padding is always used for MD2even if the message is of

multiple of 16 octal. If the message is the multiple of 16 octal then other octal are added. The
number of padding octal is from 1to15

CHECKSUM

MD2 checksum is like a message digest but is not secured itself.

It is always appended to the message for the actual calculation a 48 byte auxiliary block and a
256 byte table generated indirectly from the digest of the fractional part .(add a checksum value
along with the padded message, after adding the checksum value it become the hash value of
the message)

MD4

the new version of message digest is called MD4 (Ronald rivets 1990)

• It operates on 32 bit word

• It is faster than MD2

• It can handle 2 message of any arbitrary length

PADDING

BCA Page 145

 Computer Networks & Security

Padding is done to ensure that its length is 64 bit and is divisible by 512. The message digest
generated using MD4 is 128 bit

MD5 (1991-ronald rivets)

MD4 is treated as non-secure hashing algorithm. Another secured hashing algorithm was
developed the md5. It generate message digest a 128 bit hash value. It uses the internet
standard and was widely used as a secured version of message digest.

In 1996 a flaw was found with MD5design also flow was discovered in 2004 for integrate checking
of the message.

➢ Length of the input message –arbitrary

➢ Block size -512 bit

➢ Padding – 1 to 512 bit

➢ Message length – k mol 2^64

➢ Length of the output – 128 bit

DIGITAL SIGNATURE

The new method of authentication in electronic form is called digital signature it may be in the
form of text,symbol,image or audio. Digital signature is a strong method for authentication
code (MAC) hash value of a message digital pen pad devices and cryptographically based
signature protocols

Systematic key encryption and public infrastructure are

used for digital signature. Digital signature algorithm are divided into two parts.

1) Signing part :- it allows the sender create his digital signature

2) Verification parts: - the second part is used by the receiver for verifying the signature
after receiving the message many electronic signatures use digital signature
technologies to ensure that the legal intent is also cryptographically secure. The digital
signatures are mainly used to verify:- 1) Authentication of the sender

BCA Page 146

 Computer Networks & Security

2) Integrity of the message revived

3) Non –reputation

1) authentication:-there are two issues related to authentication

• Confidentiality: - in the public key infrastructure each user has two keys and
public keys. The private key is used for encryption of the message by the sender.
The description of the received encrypted message is done using senders public
key. I.e. the recipient is not sure whether the sender has himself signed the
message or somebody else has used sender privet key for encrypting the
message.

• Time span: if the time span is very small it provides more security as the message
is very important. If the time span is more the sender key can be composed and
replay attack is possible

2) Integrity : It helps in checking whether the message is the same message which is send
by the sender or a modified message. This can be advised by the use of message digest.

Encryption message confidentiality to the message if the

key gets compromised then it is possible for the crypt analysis to modify the message

3) Non-reputation: reputation means that a person who signs a document is always able
to claim a signature is credited to that person itself

Non reputation can be achieved by using digital signature. If the sender’s private key is
compromised even digital signatures cannot be helpful for Non reputation

IMPLEMETATION OF DIGITAL SIGNATURE

DS have three algorithms

1) Key generation algorithm

2) Signing algorithm

BCA Page 147

 Computer Networks & Security

3) Verification algorithm
Message digest is used to generate the signature. MD is calculated from the plain text. The MD
for two different message are never same. The MD is encrypted for using user’s private key.
Then the sender sends the encrypted MD with the plain text to the receiver

The receiver calculates the MD from the received plain text. The receiver decrypts the
encrypted MD using sender’s public key. If both the MD’s are not same, then the plain text is
modified after signing.

ALGORITHMS FOR DS

There are many DS algorithms:-

➢ Full domain hash algorithms

➢ Digital signature algorithms

➢ Ecliptic curve DS algorithm

➢ Elgamal OS scheme

➢ SHA & RSA

➢ Rabin signature algorithms

Digital signature algorithms

In 1991 the national institute of standards and technologies (NUT) proposed the DSA. The DSA
standards was expanded in 2000. It generates the message digest of length 160 bits. The
algorithm has 3 steps

1) Key generation

2) Signature generation

3) Signature verification

BCA Page 148

 Computer Networks & Security

DIGITAL SIGNATURE STANDARD ( DSS )

For performing ds of any message some standards are

required. These standards are called digital signature standards. The NIST publish the standards
in 1991. DSS is a standard of DSA is an algorithm. As per the standard the message digest of a
document is calculated using secured hash algorithm –I (SHA-1).

Using this algorithm a signature is generated which include a part of large nos. a set of rules of
parameters used to compute the signature is called DSS. The DSA algorithm has 3 parts – key
generation, signature generation, and signature verification. Using user’s private key a signature
is generated. Sender’s public key is used for the verification of the signature.

SHA is used to generate the MD for signature generation of signature verification in DSS

Digital signature provides integrity and authentication.

Therefore it is used in various areas such as email, online transactions, ecommerce, and billing,
registration, of flags and other properties and tax returns

ELECTRONIC MAIL SECURITY

The message send through email is in the form of plain

text. It may cause harm to the sender and the receiver to provide security to the message pretty
good privacy (pgp), multipurpose internet mail extension (mime) and secure multipurpose
internet mail extension (SMIME) is used.
PRITY GOOD PRIVACY

PGP is used to encrypt and descript email message over the internet. PGP use a combination
of systematic and asystematic encryption algorithm for encryption and description of message.
It was developed in 1980 by Philsimmer man an encrypted ds can be send to the receiver by
using PGP it is available as free where and also in low cost, commercial version PGP is used for:-

1) Authentication of the sender

2) Encrypting the documents NEED OF PDP:

BCA Page 149

 Computer Networks & Security

1) Suppose two friends are exchanging unencrypted message through email the other
people may read down. In such case of the message encrypted then other may not be able
to read them

2) The development team of a company, if they want to keep all the communication
between the members of the team to be secrete encryption is required. This
communication should be kept secret not only till the product become pay tended but also
till the launching of the product in the market.

3) On the computer system at office, if we store some important personal data, credit
cards number, personal scan documents then it should be kept in encrypted

PGP should be used in the following cases where financial data to be send through the email,
some data released to claim, personal information or information related to some new products
before its launching.

WORKING OF PGP

1) Authentication: - when the sender sends the message the receiver wants to
authenticate the message. So the sender use ds for authentication

• Sender creats the message

• MD is generated by the sender

• MD is encrypted using senders private key

• The encrypted message, the digest system, the original message is attached to the ds
• The receiver descripts the message using senders public key
• The MD of the received message is generated
• If the MD matches, then the received message is encrypted as authentication
2) Confidentiality: - PGP is used to provide confidentiality. For providing confidentiality the
message encryption can be used. But the algorithm work on the block if. Fenced size
should be chosen.

BCA Page 150

 Computer Networks & Security

3) Confidentiality of authentication: - to provide move security to the message to email we

can choose the combination of authentication and confidentiality. To provide
confidentiality and authentication the message is encrypted uses sends private key and
session key.
Also the message is decrypted using session key and sender’s public key.

4) Compression: - means compact or reduced the size of the message. Compression of the
message is done after the generation of digital signature but before encryption of the
message. It provides advantages like saving of space for transmission and storage. The
digital signature is generated before compression so that one can store only the on
compressed message with the digital signature for future verification. Encryption is done
after compression to provide strong security.

5) Email compact ability:- when PGP is used at least the peat of the block that needs
encryption should be encrypted

• If authentication is needed than message digest is encrypted

• If confidentiality is needed then the message and digital signature both are
encrypted

6) Segmentation and reassembling: - we cannot send large message through email. If the
message is very large then it should be divided into smaller parts and then email the
smaller segment separately. PGP automatically subdivides the larger message into smallest
parts. When all the process that is digital signature, message digest or compression on the
original message are completed. Then before sending through email segmentation is
done. At the receiving and PGP collects all the email header and the reassembles the
original segment of the message before decryption.

MIME

MIME stands for multipurpose internet mail extension. It

adds some additional fields to the old standard. Initially email system are used to send only text
message. Now email can be used to send text message as well as audio, video and multimedia
files and also documents various formats.

BCA Page 151

 Computer Networks & Security

By using MIME the message may contain

1) Text with additional fields

1) Any size
2) Other than English characters
3) Text with different fonts
4) Binary files
5) A number of sections

6) Application files
7) Images, audios, videos and multimedia files
There are different header files provided by the email system. The different MIME headers
are:-

1) MIME version:-it is used to declare that a message matches will the MIME standards
2) Content type: - the message contains data with different types and subtypes. This header
is used to provide information about the encoding of data.

3) Transfer encoding: - its specifies the encoding mechanism for the message.
4) ID:- this refers to unique identification of entities with reference to multiple content
5) Description :- it gives more information about the data in a message
SMIME

SMIME starts for secure multipurpose internet mail extension. The first version of SMIME was
proposed by RSA data security INC in 1995. The SMIME standard uses public key encryption and
digital signing of email. Before SMIME email administration used the protocol called SMTP
(simple mail transfer protocol). The SMTP protocol was not secure. The SMIME provides

BCA Page 152

 Computer Networks & Security

widespread email connectivity with strong security. It helps in reducing the cost of services and
improves the security, makes user friendly, connectivity and reduces response time.

WORKING OF SMIME

SIME uses symmetric encryption algorithms, public key

cryptography, message digest algorithm and certified for authentication and message integrity

1) Symmetric encryption algorithm –RC2 and triple

DES

2) Key generation algorithm- RSA algorithm

3) Message digest algorithm – SHA1 or MO5
1) Secrecy:- suppose A wants to send a secret message to be the different steps used to
private security to the message are :-

Step 1) generate a random key called session key. Encrypt the email using the session key. The
encryption is done using symmetric encryption algorithm

Step 2) session key is also encrypted using receipt public key

Step 3) the email program creates the folder. Folder contains encrypted message, encrypted
session key, centers certified and information if the encryption algorithms

Step 4) the folder is transmitted to the receiver. This SMIME email message is called digital
envelop
Step 5) when the receiver receives the message his private key is used to decrypt the session key

Step 6) this session key is used to decrypt the message

2) Authentication

To provide authentication of the sender the following steps have to be performed:

Step 1) message digest is created using a message digest algorithm

Step 2) the message digest is encrypted using sender’s private key

BCA Page 153

 Computer Networks & Security

Step 3) a folder is created which contains the original message encrypted message digest,
senders certificate and information about encryption algorithm

Step 4) the folder is transmitted to the receiver

Step 5) the receiver verifies whether the certificate is valid or not. If the certificate is valid the public
key is retrieved.

Step 6) senders public key is used to decrypt the message digest

Step 7) the two message digest values are compared if the values match then the receiver
authentication the sender as the originator.

3) Security and authentication:

To provide both secrecy and authentication. The steps for secrecy and authentication are
combined together.

1) Authentication technique is used to calculate message digest

2) Authentication folder is transmitted to the recipient
3) The receiver decrypt the message using sender’s key and decrypt the folder by
recipient private key.

IP SECURITY

One of the attacks on the network is IP spoofing. In IP spoofing the attackers create packets with
false IP address and explicit the application.

To generate the security services like integrity, confidentiality, authentication of information

during transmission over insecure channel one of the security mechanism to be used is IP
security.
This security mechanism is implemented at the internet protocol layer. To provide security for
individual. Applicants as well as for virtual private networks (VPN) the security should be added
at the network layer.

BCA Page 154

 Computer Networks & Security

STRENGTHS OF IPsec

IPsec is an internet standard for network layer security. It provides additional security for
application, it provides multivendor and scalability. IPsec uses cryptography algorithms to
provide security to the message. Encryption and hashing are used for security transmission of
data. Confidentiality is provided using encrypted authentication and integrity is provided using
hashing algorithms.

The different services provided by IPsec are:-

1) Data authentication
2) Data origin authentication
3) Integrity using hash function
4) Data encryption to provide privacy
5) Protection against reply attack
6) Provide confidentiality to the traffic flow modes
7) To different modes i.e. transport and tunnel mode to meet different between needs
The difference between sp transport mode and tunnel m transport mode

Transport mode
IP header Sp header IP payload SP trailer Sp
authentificatio n
trailer

Tunnel Mode

Ip header Sp header Ip header Ip payload Sp trailer Sp authentificati

on trailer

BCA Page 155

 Computer Networks & Security

Web Security
Secure socket layer {SSL} is a certificate based general purpose protocol
developed by net sccape.it is used for management. The encryption of information is
transmitted over the internet is uses public key .
So encryption is done using a public key. This encrypted data is transmitted over the SSL
connection. The transmission and SSL of data on internet is inntrelled by TCP/IP protocol. The
SSL protocol executes above the TCP IP protocol and below higher level protocols. The SSL allow
the server to authenticates the client by using the certificate Transport Layer Security

MALICIOUS SOFTWARES AND ANTI VIRUS SOFTWARE

Malicious software: it is also called malware or malicious code. Malicious softwares is used to
prevent the computer system to perform its regular functions in the normal manner. it is a
software purposely designs to damage the computer system.

The various types of malicious programs are

1 virus parasite

2 worms boot sector

3 Trojans poly moiphic

4 spyware memory resident

5 Bots stealth
Macro

By prides
email
1. Virus
Computer Virus refers to a program which damages computer systems and destroys or
erases data files. A computer virus is a malicious program that self-replicates by copying
itself to another program. In other words, the computer virus spreads by itself into other

BCA Page 156

 Computer Networks & Security

executable code or documents. The purpose of creating a computer virus is to infect

vulnerable systems, gain admin control and steal user sensitive data. Hackers design
computer viruses with malicious intent and prey on online users by tricking them.

The software which intense to damage the OS is called

virus. It is a piece of software that damages the software residency on the computer. The
damage may be in terms of deletion, modification or corruption of the software. Viruses have
the ability to replicate themselves and thus spread replications.
TYPES OF VIRUS

Viruses can be classified according to their origin, techniques used, damage caused
etc.

1. Parasite virus: the files with extensions .com and .ext files are infected easily.
This virus is spread by attacking itself to particular program or a file. It resides at the start or at
the end of the file.
Exp:
JERUSALEM virus

2. Boot sector: This type of viruses affect the boot section.

This type of virus spreads when the infected floppy disk, CD or a pen drive. By used to boot
the computers Ext: michale achelo, polyboot.b

3. Polymorphic virus: This type of virus changes itself and creates multiple copies.
It is very difficult for antivirus to detect polymorphic virus.

Exp:stimulate cascale

4. Memory resident virus: This is a virus which installs the code in the computer
memory. It sets activated when the OS runs and, it damages all the tiles opened at the time.
Exp: randen
5. Stealth: This type of virus hides its path after it infects the computer system.
After the infections it modifies itself. It makes the size of infected tiles. Ex: joshiwhale

BCA Page 157

 Computer Networks & Security

6. Macro virus: this type of virus infects the files that are created using some
applications. macro virus commonly attack

doc.ex/x tiles Ex: Melissa

7. Hybrid virus: this viruses are commonly spread through email attachments. It is
most dangerous virus which has the properties of different viruses. Ex: happy 99 virus

8. Email viruses: email is the easier way to which viruses can be spread in a very
easy manner. These types of viruses are sent with the attachments. The attachments is
downloaded immediately the virus program runs and infect the files stored in the computer.
These type of viruses use the address book of the email folder and sent the message to all the
email address. Ex: kelz

TO PROTECT FROM EMAIL VIRUS 1. Use licensed

antivirus software.

2. Don’t open email attachments director.

3. Use a document viewer.

4. Enable virus protection.

WORKING OF ANTIVIRUS SOFTWARE

A user can protect his system from virus by installing a licensed copy of antivirus
software. It is a program which is used to scan files and identify and eliminate the malicious
software. The antivirus software uses different approaches to detect the viruses.

1. Signature approach ( pattern based) In

this approach the directory has a database containing the pattern of virus. This information
from the files is checked with the pattern from the directory. If there is a match found then
the antivirus program can either delete the file or repair it. It also tries to remove the virus
from the infected file and recover the original document. The database should be updated
periodically. The polymorphic virus, which hide there identity are difficult to detect this
approach.

BCA Page 158

 Computer Networks & Security

2. Behaviour based approach

The detection of viruses depends on the suspicious behaviour of the computer
program. It monitors the behaviour of all programs. If some program tries to modify an
executable program, then this behaviour is treated as suspicious and it sent an alert message
to the user. This approach can detect even new viruses which is not possible by using
signature approach The drawback of this approach is it creates long no of false positives.

3. Other approaches
another approach is sand box method .The sand box method contain 3 steps.
Prevention, detection and eradication.

a. Prevention: to protect the computer system from viruses

and installation of antivirus. This software helps in detecting and eradicating viruses.

b. Detection: for detection of viruses run the antivirus

software to scan the computer system every day. This helps in detecting the viruses and
infected files.

c. Eradication: the most important measure is to use it real time Antivirus

software when the virus is detected, immediately the alarm is given and the warning message
is displayed on the screen. The virus protection program counter the virus by either repairing
or deleting it.

2. Worms

A worm is a small piece of software different from virus. It can execute and spread itself
where as virus. Program for its execution and to spread. Some modern worm also hide itself a
file. It uses security loop holes with in network to reproduce itself. It does not make any
changes in tile and reside in active memory.
It copies itself to the new
computers and then replicate itself. It affects the performance of the computer by using its
resources and shutdown the computer. It expands quickly and uses all the available memory
of a computer.

BCA Page 159

 Computer Networks & Security

3. Trojans

Trojan programs are named for the famous hollow filled with enemy soldiers used by
ancient to enter into the city of TROY. It is a program that console its purpose. Trojan program
claims that it do one thing and it performs another thing. It appears as an attachments in the
email and it is a non replicating program. A specific type of Trojan force program is a logic
worm. It is a program that hides inside some application program and when it invoke it
performs some harmful functions.

4. Spyware
it is used to gather secret and private information about the user from
computer system. Spyware can be used to connect personal information’s and to change the
configurations of the targeting system. When the user install some free software from the
internet, spyware is installed with it. It start collecting the personal information’s from
computer system. It is also installed with Trojan force and also with some free antivirus
softwares.

Spoofing

In spoofing attack one person or program act as another person or program by hiding his
own identity and giving falls information and then by gaining and legitimate advantages.

Phishing:
A fake attempt to steal the person’s information of the user by an attacker is called
phishing.

Referer spoofing:

When the user visits some webpage the web server collects information about the
web URL. The http headers identify the address of the webpage and give the link of
previously requested resources. This is called referer spoofing is the sending of incorrect
referer information which is helpful to prevent a website from obtaining accurate identities
of the address Denial of service:

The attack is made by flooding the network with some useless trapping. This attack
makes memory resources too busy to serve the user and hence access to legitimate users.

BCA Page 160

 Computer Networks & Security

Distributed denial of service attack:

Distributed denial of service attack is done through distributed networks. In this type of
attack It prevents authorized users of the target system to use the system resources.

Man in the middle attack:

A man in the middle attack in which attackers intersect the communication between the
attacker controls the it is the form of eaves dropping

Spam:

It is used for advertising the product. Many copies of the same message are sent
through internet through different users. Spam is of two types. Use net spam and email spam.

Email bombing:

It is an attack by repeatedly sending the message through email To a particular address.

The message will be large and have meaning less data.

Sniffer:A sniffer is a software that captures all the traffic flowing in both the directions. It
is also known as network protocol analyser. The address use sniffers to capture the package
flowing across the network to get the information.

Time attack:

It is also known as slide channel attack. In this timing the attacker analysis the time taken
by the algorithm for its execution using this analysis the attacker try to break the algorithm.

Firewall

Firewall prevents unauthorized access to and from. It is an effective tool use to protect
the network from the attackers. Firewall are of different type.

BCA Page 161

 Computer Networks & Security

1. Software

2. Hardware

3. Combination of both

Firewall observe each and every packet coming inside and going outside in the packet
and allows only authorized packets. If the packets are not authorized then the firewall blocks
such packets to block the firewall.That is firewall isolates one network from other network.
The different security functions performed by the firewall are

1 it blocks unauthorized traffic

2 it forwards the incoming traffic to more reliable internal computer system.

3 It hides internal computer or networks

4 it hides information about internal networks

5 it provides strong user authentication

1. Firewall must act as the gateway between the two networks.

2. It allows to pass only authorized traffic.
3. It cant give assurance about protection from attacks coming from outside
network.

4. Firewall itself is protected from any types of penetration.

5. Firewall implements different local security policy.
1. Define what type of protection is to be excepted
2. Specifies the cases when the exceptions are considered

BCA Page 162

 Computer Networks & Security

3. Define the roots for determining authorized and

unauthorized graphics.

Firewall uses 4 techniques to control access and force the securith policies.

1. service control: it filters the traffic on the ban’s of port no or / IP address. The
access to any specific type input or output service is controlled by these techniques.

2. Direction control: it decides whether to allow the request to flow through the
firewall or not it desigdes from wahere the particular service request should be initiated.

3. User control: depending on the user access it control the access to a service.

4. Behaviour control: it controls the behaviour of a particular service.

Types of firewall

Firewalls are generally of two types: Host-based and Networkbased.

✓ Host- based Firewalls : Host-based firewall is installed on each network node which
controls each incoming and outgoing packet. It is a software application or suite of
applications, comes as a part of the operating system. Host-based firewalls are needed
because network firewalls cannot provide protection inside a trusted network. It
protects each host from attacks and unauthorized access.

✓ Network-based Firewalls : Network firewall function on network level. In other words,

these firewalls filter all incoming and outgoing traffic across the network. It protects the
internal network by filtering the traffic using rules defined on the firewall. A Network
firewall might have two or more network interface cards (NICs). A network-based
firewall is usually a dedicated system with proprietary software installed.

Packet filtering

It works on the rule and allows the IP packet for incoming and outgoing. Using this rule
the packets are forwarded or discarded. This firewall works at OS level 3 and 4. It is
generally designed to filter packets going in both the directions. It takes the source

BCA Page 163

 Computer Networks & Security

address and destination address and the bode nos. the content of the packets are not
analysed.

Advantages

1. Its performance is good.

2. It is very fast and simple.

3. Relatively inexpensive.

4. Traffic management is good.

Disadvantage

1. Direct connections are allowed between crusted and uncrusted code it is

vulnerable to spoofing attacks.
2. Most of these firewall do not support advanced user authentication.

3. Some of the attacks against packet filtering firewall are

IP address spoofing, counter measure, source rooting attack tiny fragment attack.

Application level gate:

It is used for which provides more security on all levels on the OSI model is examined
simultaneously. It uses server based program known as promi server or pastion host. It
forwards or rejects the packets by ensuring the protocol specifications is correct.

promies accept request from the external site, examines the

request and forward to the destination host. This type of firewall makes decisions at all the 7
layers of OSI model advantages. It is contigured so that firewall is the only host address that is
visible to outside networks

1. Support strong user authentication. It provides strong access control.

2. It is more secure than packet filtering.

BCA Page 164

 Computer Networks & Security

Disadvantage

For each application special promy is required. Sometimes it is inconvenient to the

user.

Circuit level gateways:

It validates connections and then allows the exchange of data. It also works aster the
defined set of rules. The connections are allowed or discarded based on the predefined rules.
It is more secure than packet filter. This firewalls are installed between the rooter and the
external network. Advantages
Transparent to the users it is excellent for relaine.

Disadvantage

Slower than packet filtering.

Firewall architecture:

The strong firewall has multiple component.

The different firewall architecture

1. dual home host architecture.

It is a computer system which has separated network interface for minimum two
networks. The computer act as a rooter between the networks the rooting function is disabled
when it is used in firewall architecture. The host computer isolates the network from each
other, but it can see the traffic on all the networks the system cannot communicate directly
with each other.

For example: external network or internet are not directly rooted to the other network Systems
inside the firewall that is internal network can communicate with the dual homed host using an
interface and system outside the firewall.

2. Screened host architecture

If this architecture packet filter is used to provide the main security the required applications
are provided by the bastion host. The pact filtering rules are configure in such a way that the

BCA Page 165

 Computer Networks & Security

bastion host as the only host on the network that is accessible from the internet. If any external
computer wants to use some services. It has to first connect to its host. The bastion host is
responsible to maintain a high level of security for the host. The major disadvantage of screen host
architecture is I an attacker become successful then the whole network
The reason for the popularity of screened host architecture is it allows
components to easily enforce various security policies in different directions. It is relatively
easy to implement.
3. Screened subnet architecture:
The screened subset architecture is functionally similar to screen host architecture. But
it provides some extra security by adding a permanent network.
If the promi or bastion host is isolated on a perimeter network then the attacker may be
able to get only partial access. But the complete internal network is not available to the
attacker. It uses a perimeter network which is a firewall and it contains two screened rooters
one rooter is installed between the internal network and the perimeter net and the other
rooter is installed between the external network and the parameter net the two rooter are
used to protect the network. To break into the internal network the attacker has to pass both
the rooter.
To provide more security a no perimeter nets can be used between the outside
world and the interior network.
4. Perimeter network:
A perimeter network is a firewall which is installed between a private network and
internet it controls all the traffic between the networks. It is an additional network between
the two network to provide additional security to internal router. It is also called shoke router.
It protect the internal network from the external network and also from the perimeter net.

Security And Laws

Regulations in India

Cyber world refers to the world of online computers and communications.It is an online world
where user can communicate, Transact any bussiness, personal activity easily and freely than in
the physical world.

Cyber space

BCA Page 166

 Computer Networks & Security

Cyber space refers to the virtual computer world or it in electronic medium used to form a
global computer network to facilitate online communication.Cyber space allows user to share
information,to interact,play games engage in discussions and conduct bussiness and many other
activities.

Cyber crime

Cyber crime include attacks against computer data and system,identity threeft,distribution of
child pronography,internet option trone,diployment of virus and various e-mail scams.

The cyber crime is categorised into two ways:-

1)Computer as a target eg:- virus or worm attack 2)Computer as

a weapon eg:-Cyber terrorism,printing fake currencies etc.

Cyber crimes are broadly classified into:- a) Individual

b) Property
c) Government

Phishing

It is a type of online identity threft.It uses e-mail and fraud websites to steal the personal data
or information .Data can be credit card details, passwords,account data etc.

eg:-Individuals will be getting fraud mails to send there personal details and financial
information for getting prices.This e-mails appear to have orginated from one source will they
are actually send from another source .This is termed as e-mail spoofing..

Cyber stalking

It is kind of online harassment.

Identity Thereaft

BCA Page 167

 Computer Networks & Security

Identity threaft is a major problem with people using the internet for cash transactions.The
criminal access the data adout the person and buy things online in the victims name.

Cyber law in India

➢ Cyber Law also called IT Law is the law regarding Informationtechnology including
computers and internet. It is related to legal informatics and supervises the digital
circulation of information, software, information security and e-commerce.

➢ Cyber law in India is not a separate legal framework. Its a combination of Contract,
Intellectual property, Data protection, and privacy laws.

➢ Cyber laws in India are important because the cybercrime act in India encompasses and
covers all the aspects which occur with the internet transactions and activities which
concern the internet and cyberspace.

➢ Cyber laws contain different types of purposes. Some laws create rules for how
individuals and companies use computers and the internet while some laws protect
people from becoming the victims of crime through unscrupulous activities on the
internet.

Information Technology Act,2000/2008

The primary source of cyber law is the information technology act 2000 which came into force
on 17th october ,2000.The primary purpose of the act is to provide legal recoginisation to
electronic commerce and to facilitate filling of electronic records with the government.The IT
Act also penalizes various cyber crimes and provide strict punishment.

Provides under IT Act 2000

The IT act has 13 chapters and 94 sections .The major provisions are:-

Penalty for damage to computer and computer system.As per the section 43 of IT Act 2000.A
person commits a computer crime when he/she does the following :-

1)Access computer system or computer network without authorization.

BCA Page 168

 Computer Networks & Security

2)Download or copy any data or information form a computer system or remove any data in the
computer network without permission. 3)Introduce any computer virus into any computer or
computer network.Damage or cause damage to any programs residing in a computer or
computer network.

4)Provide any assistants to any person to facilitate access to a computer or computer system
without permission.

In the above circumstances, he/she shall be liable to pay a compensation not exceeding one
crore rupees to the person so affected. *Penalty for pampering for computer source
documents:-

As per section 65 if a person knowingly or intentionally destroys or alters any computer source
code. In a computer or computer network he/she shall be punishable with imprisonment upto 3
years or with fine which may extent up to 2 lakes or with both.

*Penalty for hacking computer system:-

As per section 66 who ever commits hacking shall be punishable with imprisonment up to 3
years ,or with fine which may extent upto 2 lakh rupees or with both.

*Penalty for sending offensive messages:-

As per section 66A sending offensive message through electronic means is punishable with
imprisonment up to three years and with the fine.

*Penalty for buying stolen computer resources:-

As per section 66B receiving stolen computer resources is punishable with imprisonment up to three
years or one lakh rupees fine or with both

*Penalty for identity threaft:-

As per section 66C identity threaft are punishable with 3 years imprisonment or fine of one
lakh rupees or with both.

*Penalty for cheating using computer resources:-

BCA Page 169

 Computer Networks & Security

As per section 66D cheating by impersonation using computer resources or a communication

device shall be punished with imprisonment for a team which extend to 3years and shall also be
liable to find which may extend to one lakh rupees.

*Penalty for privacy violation:-

As per section 66E,privacy violation that is publishing or transmitting private area of any person
without his/her consent is punishable with 3 years imprisonment or 2 lakh rupees fine or both.

*Penalty for Cyber Terrorism:-

As per section 66F cyber terrorism (intend to threaten the unity,integrity,security,sorereignity of

the nation)or denying access to any person authorized to access the computer resource or
attempting to penetrate or access the computer resource or attempting to penetrate or access a
computer resource without authorization or acts likely to cause death or injuries to person or
damage to property are punishable with life imprisonment .

*Penalty for public obscene material:-

As per section 67 of the IT Act 2000,publishing of obscene information in electronic form in a

cyber crime who ever publishes or transmits or causes to be published in the electronic
form,any material which obscene shall be punishable ,in the first instant,with imprisonment for
a team which may extend to 5 years and with fine which may extend to 1 lakh rupees.In the
event of second or subsequent occurance he is punishable with imprisonment for a team which
may extend to 10 years and also with fine which may extend to 2 lakh rupees.

IT Amendment Act 2008

Being the first legislation in the nation on the technology, computers and e-commerce and e-
communication,the act was the subject of extensive debates ,elaborate services and detailed
criticisms.There were some conspicuous omissions in the act.Thus the need for an amendment a
detailed one was feet for the IT Act almost from the year 2003 itself Information Technology
(Amendment)Act was passed on December 2008.ITAA 2008 provides additional focus on
Information security.It has added several new section on offences including cyber terrorism and
data protection.In the 2008 version of the act,there are 14 chapters and 124 sections.

BCA Page 170

 Computer Networks & Security

Copy Right Act

The growth of IT has led to proliferation of e-bussiness due to its cause

effectiveness,accessibility,convenience and vast user base.

The global nature of internet has provided immersive visibility to start up enterprices and
medium size bussiness on the internet to efficaciously showcase its products and services.

The touch screen age today knows very well the importance of
software,multimedia,trademarks,artworks and icons.Mobile phones have become smart phones
and computers are now tablets,diminishing .The utility differences in the two gadgets as a
precursor through converging technology.

While the digital age has its multiple advantages .the flipside is that the case of availabilityof
information online and case of duplicating it along with anonymity pose.A continuous threat to the
protection of intellectual property rights including copy right on the internet.

Indian Copyright Act

➢ The Copyright Act 1957 governs the subject of copyright law in India. The Act is
applicable from 21 January 1958. Copyright is a bundle of rights given by the law to the
creators of literary, dramatic, musical and artistic works and the producers of
cinematograph films and sound recordings.

➢ The rights provided under Copyright law include the rights of reproduction of the work,
communication of the work to the public, adaptation of the work and translation of the
work. The scope and duration of protection provided under copyright law varies with the
nature of the protected work.

➢ Indian Copyright Act protects intellectual property from copying from others. The
protection is applicable against copying part or full in any manner. The act is penal and
attracts heavy penalty.

Feautres Of Copyright Act 1976

1)Copy right laws protect orginal works,but not ideas or facts.

BCA Page 171

 Computer Networks & Security

2)The copyright act of 1976 grants exclusive rights to copyright holder.

3)A copyright act protects the orginal work-literally works,musical works,architectural

works,written words on a website,software programs etc.

4)Copyright is automatically created on orginal works.A copyright created after first january
1978 have protection during life time +70 years after the death of the author.

5)In case of work made for hire the protection term is 95 years from the first publication.

6)If someone hires a web designer to create their website,the website designer holds the
copyright,unless it is specified in the contract.

Indian Penal Code(IPC)

The Indian penal code 1860 is normally referred to us the IPC which is very powerfull.Important
cyber related provisions under IPC are:-

1)Sending threatening messages by e-mail (IPC section 503):-

When a person threatens another person through e-mail with any injury to reputation of his
family or relatives or reputation to the person itself comes under the section IPC 503.

The section provides punishment with imprisonment for a term which may extend to two years or
with a fine or with both.

2)Forjery of electronic record (section IPC 463):-

When a person makes any false documents or part of a document to cause damage to the
public or to the person comes under this section.

The section provides a punishment with imprisonment for a term which may extend to 3 years and
shall also be liable to pay the fine.

3)Threaft of computer hardware(IPC section 378-379):-

As per section 378 who ever intending to take the property of the person without the persons
constent is said to commit threaft.

BCA Page 172

 Computer Networks & Security

Section 379 provides the punishment for the threaft with imprisonment for a term which may
extend two years or with fine or with both.

Consumer Protection Act

➢ The Consumer Protection Act, 1986 (COPRA) was an Act of the Parliament of India to
protect the interests of consumers in India. It was replaced by the Consumer Protection
Act, 2019 . It was made for the establishment of consumer councils and other
authorities for the settlement of consumer's grievances and matters connected there
with it.

➢ This Act is regarded as the 'Magna Carta' in the field of consumer protection for checking
unfair trade practices, ‘defects in goods’ and ‘deficiencies in services’ as far as India is
concerned. It has led to the establishment of a widespread network of consumer forums
and appellate courts all over India. It has significantly impacted how businesses
approach consumer complaints and have empowered consumers to a greater extent.

Indian Contract Act 1872

An electronic contract is an agreement created and signed in electronic form.An e-contract can
also be in the form of 'a clock to agree' contract.It is commonly used in the online contract
agreement.The user clocks an I agree button on the page containing the terms of the software
liceuse before the tranaction can be completed.

Feautures Of Online Contract

1)Created and signed in electronic form.

2)Paperless contracts
3)Reducing cost and time

Validity Of Contracts

The contracts that are formed through the internet are legally binding and providing the
following conditions.

1)Offer

BCA Page 173

 Computer Networks & Security

One party must contract with other.

2)Acceptance

Other party must accept the offer.

3)Intention to create legal relations

4)Consideration

Structure Of IPC

The Indian penal code is subdivided into 23 chapters with 511 sections.The code starts with an
introduction providing explanation and expectations used in it.

Copy right and Internet

Internet activities like browsing uploading and downloading may result in:-

1)Violation Of copy right act

2)An unauthorised storage for such information.

3)Transmission of one information from a computer or a network to another computer

involving temporary storage.

4)An infringment the copy right on a exclusive right to a adaption.

Software Privacy

It includes:-

1)End-user privacy: It is illegal to copy a software without liceuse to copy the same.

2)Manufacture Privacy: It is illegal for a computer manufacturer to copy software without permission
on more than one computer.

3)Internet Privacy:It is illegal to download softwares from the internet without authorisation.

BCA Page 174

 Computer Networks & Security

INDIAN CONVERGENCE LAW (LAW OF CONVERGENCE)

➢ Convergence Law aims to promote, facilitate and develop in an orderly manner the
carriage and content of communications including broadcasting, telecommunications
and multimedia. It further aims to establish an autonomous commission to regulate
carriage of all forms of communication.

➢ This law mandates that no one shall use any part of the spectrum without assignment
from the Central Government or the statutory body.

➢ Owning or providing any network infrastructure facility without a proper license or

registration under the proposed law has been made illegal. It has been mandatory to
have a license before possessing any wireless equipment.

➢ The objectives of this law is to make the communication services available at affordable
costs to all.

THE COMMUNICATION CONVERGENCE BILL, 2001

India has taken a bold step forward in the field of regulating the emerging industry of
convergence. A Bill to promote, facilitate and develop in an orderly manner, the carriage and
content of communications (including broadcasting, telecommunications and multimedia) for
the establishment of an autonomous commission to regulate carriage of all forms of
communications.
The existing licensing and registration powers and the regulatory mechanisms for the telecom,
Information Technology & Broadcasting Sectors are currently spread over different authorities.
Government has proposed the new Bill as a flexible type of legislation to accommodate and
encourage permutation and combination of technologies and services.
Future Trends

Some of the future trends of cyber law are:

✓ Stringent regulatory rules are put in place by many countries to prevent unauthorized
access to networks. Such acts are declared as penal offences.

BCA Page 175

 Computer Networks & Security

✓ Stakeholders of the mobile companies reinforce cyber-legal systems and administrations

to regulate the emerging mobile threats and crimes.
✓ The growing awareness on privacy is another upcoming trend.
✓ Cloud computing is another major growing trend. With more advancements in the
technology, huge volumes of data will flow into the cloud which is not completely
immune to cyber-crimes.
✓ The growth of Bitcoins and other virtual currency is yet another trend.
✓ The arrival and acceptance of data analytics, which is another major trend to be
followed, requires that appropriate attention is given to issues concerning Big Data.

BCA Page 176