Chapter 5:

Local and wide area networks

5.1. LAN topologies (bus, ring, star)

5.2. LAN technologies (Ethernet, token Ring, Gigabit Ethernet)
5.3 Large networks and wide areas
ETHERNET (CSMA/CD)
Ethernet is the most widely-installed local area network ( LAN)
technology.

An Ethernet LAN typically uses coaxial cable or special grades of

twisted pair wires.

The most commonly installed Ethernet systems are called 10BASE-T

and provide transmission speeds up to 10 Mbps

Specified in a standard, IEEE 802.3, Ethernet was originally

developed by Xerox from an earlier specification called Aloha net and
then developed further by Xerox, DEC, and Intel.
ETHERNET (CSMA/CD)
Carrier Sense Multiple Access with Collision Detection (CSMA/CD)
is a network protocol for carrier transmission that operates in the
Medium Access Control (MAC) layer.

It senses or listens whether the shared channel for transmission is

busy or not, and defers transmissions until the channel is free.

The collision detection technology detects collisions by sensing

transmissions from other stations.

On detection of a collision, the station stops transmitting, sends a jam

signal, and then waits for a random time interval before
retransmission.
The algorithm of CSMA/CD is:

When a frame is ready, the transmitting station checks whether the

channel is idle or busy

 If the channel is busy, the station waits until the channel becomes idle

 If the channel is idle, the station starts transmitting and continually

monitors the channel to detect collision.

 If a collision is detected, the station starts the collision resolution

algorithm

 The station resets the retransmission counters and completes frame

transmission.
The algorithm of Collision Resolution is:

 The station continues transmission of the current frame for a specified

time along with a jam signal, to ensure that all the other stations
detect collision.

 The station increments the retransmission counter.

 If the maximum number of retransmission attempts is reached, then

the station aborts transmission.

 Otherwise, the station waits for a back off period which is generally a
function of the number of collisions and restart main algorithm.
FAST ETHERNET

The Fast Ethernet standard (IEEE 802.3u) has been established for
Ethernet networks that need higher transmission speeds.

This standard raises the Ethernet speed limit from 10 Mbps-100 Mbps
with only minimal changes to the existing cable structure.

Fast Ethernet provides faster throughput for video, multimedia,

graphics, Internet surfing and stronger error detection and correction.
GIGABIT ETHERNET
Gigabit Ethernet was developed to meet the need for faster
communication networks with applications such as multimedia

The most important differences between Gigabit Ethernet and Fast

Ethernet include the additional support of full duplex operation in the
MAC layer and the data rates.

10 Gigabit Ethernet
10 Gigabit Ethernet is the fastest and most recent of the Ethernet
standards.

IEEE 802.3ae defines a version of Ethernet with a nominal rate of

10Gbits/s that makes it 10 times faster than Gigabit Ethernet.
GIGABIT ETHERNET
 The need for higher data rate resulted in the design of the Gigabit
Ethernet (1000 Mbps).

 All configurations of gigabit Ethernet are point to point between two

computers or one computer –to –switch..
 It supports two different modes of operation: full duplex mode and
half duplex mode. Full duplex is used when computers are connected
by a switch.

Half duplex is used when computers are connected by a hub.

Token Ring
 A Token Ring network is a local area network (LAN) in which all
computers are connected in a ring or star topology and a bit- or
token-passing scheme is used in order to prevent the collision of data
between two computers that want to send messages at the same time.

The Token Ring protocol is the second most widely-used protocol on

local area networks after Ethernet.

The IBM Token Ring protocol led to a standard version, specified as

IEEE 802.5. Both protocols are used and are very similar.

The IEEE 802.5 Token Ring technology provides for data transfer
rates of either 4 or 16 megabits per second.
Very briefly, here is how it works:
Empty information frames are continuously circulated on the ring.

When a computer has a message to send, it inserts a token in an empty

frame (this may consist of simply changing a 0 to a 1 in the token bit
part of the frame) and inserts a message and a destination identifier in
the frame.

 The frame is then examined by each successive workstation. If the

workstation sees that it is the destination for the message, it copies the
message from the frame and changes the token back to 0.

When the frame gets back to the originator, it sees that the token has
been changed to 0 and that the message has been copied and received.
It removes the message from the frame.
The frame continues to circulate as an "empty“ frame, ready to be
taken by a workstation when it has a message to send.
Benefits of Token Ring Topology
 Packet collision is reduced and the flow of data is managed in only
one direction.

 High-speed data transfer between workstations.

 Easier maintenance of the network
 Server is not needed to control the connectivity between every workstation.
 Workstations can be added to the network when required, which does not affect the
performance of the network

 Fault in data transfer can be easily identified in the network through

cable connectivity.

 Compatible in cost when compared to other network topologies

Drawbacks of Token Ring Topology
 If one workstation slows down also, the entire network will get
collapsed.

 The transfer of data must pass on each network’s workstation. It can

make slower than other topology.

 Expensive will be more when hubs, switches or Ethernet cards are

used or introduced to increase efficiency.

 As the topology is uni-directional, the data i.e. token should pass the
entire network – it should cross through all the nodes.

 Though the addition of nodes increases performance, it is difficult to

add a node to the existing network and may cause the issue.
Fiber Distributed Data Interface(FDDI)
 FDDI is a standard developed by the American
National Standards Institute (ANSI) for
transmitting data on optical fibers

 Supports transmission rates of up to 200 Mbps

 Uses a dual ring

• First ring used to carry data at 100 Mbps
• Second ring used for primary backup in case first ring fails
• If no backup is needed, second ring can also carry data, increasing
the data rate up to 200 Mbps

 Supports up to 1000 nodes and has a range of up to 200 km

 FDDI uses three basic topologies Ring, Star, and Tree

 FDDI uses optical fiber as the primary transmission medium, but it
also can run over copper cabling.

 FDDI over copper is referred to as Copper-Distributed Data Interface (CDDI).

 FDDI defines two types of optical fiber: single-mode and multimode.

 Multimode.

 Uses LED as the light-generating device.

 allows multiple modes of light to propagate through the fiber..

 generally used for connectivity within a building or a relatively

geographically contained environment.
Single-mode:
 Single-mode fiber generally uses lasers.

 Single-mode fiber allows only one mode of light to propagate through

the fiber.

 Therefore, single-mode fiber is capable of delivering considerably

higher performance connectivity over much larger distances, which is
why it generally is used for connectivity between buildings and within
environments that are more geographically dispersed.
FDDI Specifications/component of
FDDI
• FDDI is defined by four separate specifications:

1. Media Access Control (MAC)-Defines how the medium is accessed,

including frame format, token handling, addressing, algorithm for calculating a
cyclic redundancy check value, error recovery mechanism

2. Physical Layer Protocol (PHY)-Defines data encoding/decoding

procedures, clocking requirement, framing and other function.

3. Physical Layer Medium (PMD)-Defines the characteristics of the

transmission medium, including the fiber-optic link, power levels, bit error rates,
optical components, and connectors.

4. Station Management (SMT)---Defines the FDDI station configuration, ring

configuration, and ring control features, including station insertion and removal,
initialization, fault isolation and recovery, scheduling, and collection of statistics.
FDDI Basic Principle

• Token circulates around a ring in network. A station first capture the

token ,send packet of data to network.

• After transmission token is released. Every station on the network

will receive the transmission and repeat it.

• The transmission will travel around the ring until it is received by the
station which originally sent it, which removes it from the ring.

• If a station does not receive its transmission back, it assumes that an

error occurred somewhere. To solve this problem fault isolation
techniques is used.
FDDI Frame Format

 Preamble (16 bits)- Gives a unique sequence that prepares each station for an
upcoming frame.

 Start delimiter (8 bits)- Indicates the beginning of a frame by employing a

signaling pattern that differentiates it from the rest of the frame.

 Frame control (8 bits)- Indicates the size of the address fields and whether the
frame contains asynchronous or synchronous data, among other control information.

 Destination address (48bits)- Contains a unicast (singular), multicast (group), or

broadcast (every station) address. As with Ethernet and Token Ring addresses,
FDDI destination addresses are 6 bytes long.

 Source address (48 bits) - Identifies the single station that sent the frame. As with
Ethernet and Token Ring addresses, FDDI source addresses are 6 bytes long.
 Data - Contains either information destined for an upper-layer protocol or control
information.

 Frame check sequence (FCS) (32 bits)- - Is filed by the source station with a
calculated cyclic redundancy check value dependent on frame contents. The
destination address recalculates the value to determine whether the frame was
damaged in transit. If so, the frame is discarded.

 End delimiter (16 bits)- - Contains unique symbols; cannot be data symbols that
indicate the end of the frame.

 Frame status (16 bits)- - Allows the source station to determine whether an error
occurred; identifies whether the frame was recognized and copied by a receiving
station.
 The physical layer defines the electrical, mechanical, and logical characteristics for
transmitting bits across the physical medium. Examples of physical media include
twisted pair, coaxial, and fiber optic cable. Dual ring FDDI specifies fiber optic
cable as the physical medium.

 The data link layer specifies the way a node accesses the underlying physical
medium and how it formats data for transmission. FDDI specifies formatting data
into frames, using a special set of symbols and following a special set of rules. The
MAC sublayer within the data link layer specifies the physical address (MAC
address) used for uniquely identifying FDDI nodes
5.3 Large networks /wide areas
 WAN is a network that covers a broad area i.e., any
telecommunications network that links across metropolitan, regional,
or national boundaries using private or public network transports.

 Business and government entities utilize WANs to relay data among

employees, clients, buyers, and suppliers from various geographical
locations.

 WANs are generally grouped into three separate connection types:

• Point-to-Point technologies
• Circuit-switched technologies
• Packet-switched technologies
 Point-to-Point technologies

 point-to-point connection refers to a communications connection

between two nodes or endpoints..
• An example is a telephone call, in which one telephone is connected with
one other, and what is said by one caller can only be heard by the other

• Examples of point-to-point technologies include:

1. A T1 line is a communications transmission service that uses 2

twisted pair copper wires to transmit and receive data or voice traffic
• A T1 line can transmit data at a speed of 1.544 Mbps.

2. A T3 line comprises 28 T1 lines, each operating at total signaling

rate of 1.544 Mbit/s.
 For a typical telephone call, the analog sound is digitized with PCM
method at 8,000 samples per second.

 Using 8-bit depth / resolution. The result is 64Kbps. (8b X

8000ps=64,000bps=64Kbps)

 This digital signal rate, known as DS0, makes up the base digital unit
of the telephone system
 Each analog voice call gets converted into a DS0 signal at the central
office of the PSTN(Public Switched telephone Network)

 The DS0 rate also forms the basis for T-carrier, E-carrier, SONET or
SDH.
Carrier Channels Maximum
Throughpu
t
T1 24 1.544Mbps

T3 672(28 multiple of T1 lines) 44.736Mbps

E1 32 2.048Mbps

E3 512(16 multiples of E1 lines) 34.368Mbps

 T-carrier technologies are used in America and Asia. In other regions,

like Europe, a similar technology E-carrier is used .
 Circuit-Switched technologies
 Circuit-Switched technologies is a type of switching in which a dedicated channel
or circuit is established for the duration of communications

 A method used by the old traditional telephone call-carried over the public switched
telephone network(PSTN)

 Circuit-Switched technologies are Normally used for traditional telephone calls

 When you are making circuit-switching, you are actually renting the lines. That is
why international calling/ long distance phone calls was expensive.

 Examples of circuit-switched technologies include:

• Dial-up
• ISDN (Integrated service for Digital Network)
Packet-Switched technologies
 Packet-Switched technologies share a common infrastructure between
all the provider’s subscribers.

 Packet-Switched technologies are Normally handle digital data.

 Chapter 6:

Data security and integrity

6.1 Fundamentals of secure networks; cryptography

6.2 Encryption and privacy
6.3 Authentication protocols
6.4 Firewalls
6.5 Virtual private networks
6.6 Transport layer security
Fundamentals of secure networks; Cryptography
 Computer Security - generic name for the collection of tools designed
to protect data and to thwart hackers

 Network Security - measures to protect data during their transmission

 Internet Security - measures to protect data during their transmission

over a collection of interconnected networks

 Security attack – Any action that compromises the security of

information owned by an organization.
 Security mechanism – A mechanism that is designed to detect,
prevent or recover from a security attack.

 Security service – A service that enhances the security of the data

processing systems and the information transfers of an organization.
Encryption Terminology

 Encryption: Transform representation so it is no longer understandable

 Cryptosystem: A combination of encryption and decryption methods

 Clear text or Plaintext: Information before encryption

 Cipher text: Information in encrypted form

 One-way cipher: Encryption system that cannot be easily reversed

(used for passwords)

 Decryption: Reversing encryption process

 Encryption And Decryption
To ensure the privacy of messages sent over a network between a source and
destination, the text can be encrypted.
 Cryptography - study of methods to encrypt text.
 Cryptanalysis - study of how to decode an encrypted text.

Conventional or single key encryption - a simple algorithm is used to transform the text
 substitution cipher - each letter of the alphabet is substituted with a different letter or symbol.
 Cesar's method - replace every letter in the alphabet with the letter 3 away
A->D
B->E
C->F
...
X->A
Y->B
Z->C
 Encryption And Decryption

 Other substitution ciphers assign random substitutions, so they

are a bit harder to crack.
 The sender uses the encryption to encrypt the message
 The sender transmits the message to the receiver
 The receiver decodes the message

 How does the receiver decode the message? The sender needs
to send the key to the receiver.
 How can this be done securely so that no one else can decode
the message?
 To secure e-commerce transactions on the Web, the buyer’s
machine must encrypt the data before it sends it over the
Internet to the merchant’s Web server
 Encryption And Decryption
•Symmetric/ Private Key Encryption
– Uses a single number key to encode and decode the data. Both
the sender and receiver must know the key
– DES (Data Encryption Standard) is the most widely used
standard for symmetric encryption
– Because each sender and receiver would require a different key,
this type of encryption is basically used by government entities
– It is rarely used for e-commerce transactions over the Internet
– Requires a secure way to get the key to both parties
Asymmetric / Public Key Encryption
 Uses two numeric keys
 The public key is available to anyone wishing to communicate securely
with the key’s owner
 The private key is available only to the owner

 Both keys are able to encrypt and decrypt each other’s messages
 It is computationally infeasible to deduce the private key from the
public key. Anyone who has a public key can encrypt information but
cannot decrypt it. Only the person who has the corresponding private
key can decrypt the information.
 Example: encode by raising to 5th power and moding result with 91
Decode by raising to 29th power mod 91
325= 2 (mod 91) and 229=32 (mod 91)
What Is a Firewall?
• A firewall is a system that enforces an access control policy between two networks-
such as your private LAN and the unsafe, public Internet.
• The firewall determines which inside services can be accessed from the outside, and
vice versa.

• The actual means by which this is accomplished varies widely, but in principle, the
firewall can be thought of as a pair of mechanisms: one to block traffic, one to
permit traffic
• A firewall is more than the locked front door to your network— it’s your security
guard as well.

 Firewalls are also important because they provide a single “choke point” where
security and audits can be imposed.
 A firewall can provide a network administrator with data about what kinds and amount of
traffic passed through it, how many attempts were made to break into it, and so on.

 Like a closed circuit security TV system, your firewall not only prevents access, but also
monitors who’s been sniffing around, and assists in identifying those who attempt to breach
your security.
Basic Purpose of a Firewall

Basically, a firewall does three things to protect your network:

1. It blocks incoming data that might contain a hacker attack.
2. It hides information about the network by making it seem that all outgoing
traffic originates from the firewall rather than the network. This is called
Network Address Translation (NAT).
3. It screens outgoing traffic to limit Internet use and/or access to remote sites.

 Screening Levels
• A firewall can screen both incoming and outgoing traffic. Because incoming traffic
poses a greater threat to the network, it’s usually screened more closely than
outgoing traffic.

• When you are looking at firewall hardware or software products, you’ll probably
hear about three types of screening that firewalls perform:
1. Screening that blocks any incoming data not specifically ordered by a user on
the network
2. Screening by the address of the sender
3. Screening by the contents of the communication
Transport Layer Security
 Transport Layer Security (TLS) is a cryptographic protocol that is designed to
provide both security and data integrity for communications over a reliable transport
protocol such as Transport Control Protocol (TCP).

 TLS allows client-server applications to communicate across a public network while

preventing eavesdropping, tampering, and message forgery by providing endpoint
authentication and confidentiality over the Internet.
 The goals of the TLS protocol, in order of priority, are cryptographic security,
interoperability, extensibility, and relative efficiency.

 TLS is designed to be application protocol independent.

TLS protocol consists of two main components:

1. Handshake protocol, to set session states and shared private keys, and
2. Record protocol, to transmit data securely using the shared keys.
SSL Handshake Protocol
 Allows server and client to:
 Authenticate each other
 To negotiate encryption & MAC
algorithms
 To negotiate cryptographic keys to be
used
 Comprises a series of messages in phases
1. Establish Security Capabilities
2. Server Authentication and Key
Exchange
3. Client Authentication and Key
Exchange
4. Finish
THANK YOU!!!