Presentation is loading. Please wait.

Presentation is loading. Please wait.

MSc WLAN, IP/TCP and COMM NETWORK Topics By Prof R A Carrasco School of Electrical,Electronic and Computer Engineering University of Newcastle Upon Tyne.

Similar presentations


Presentation on theme: "MSc WLAN, IP/TCP and COMM NETWORK Topics By Prof R A Carrasco School of Electrical,Electronic and Computer Engineering University of Newcastle Upon Tyne."— Presentation transcript:

1 MSc WLAN, IP/TCP and COMM NETWORK Topics By Prof R A Carrasco School of Electrical,Electronic and Computer Engineering University of Newcastle Upon Tyne Ext: 7332

2 MSc WLAN, IP/TCP and COMM NETWORK References [1]Tanenbaum, Andrew S., Computer Networks, Fourth Edition ed: Pearson Education International, 2003, ISBN: [2]Comer, Douglas E, Computer Networks and Internets with Internet Applications, Third Edition ed: Prentice Hall, 2001, ISBN: [3]Peterson, Larry L. & Davie, Bruce S., Computer Networks, A Systems Approach: Morgan Kaufman Publishers, 2000, ISBN: [4]Halsall, Fred, Data Communications, Computer Networks and Open Systems: Adison-Wesley Publishing, 1995, ISBN: X

3 Advanced Research Projects Agency Network (ARPAnet), The protocols in the TCP/IP suite either use transport control protocols (TCP) or user datagram protocol (UDP) as the transport protocol. Low level functions such as File Transfer Protocol (FTP), the Internet Terminal Protocol (TELNET) and Electronic Mail ( ), remote logon. IP is responsible for moving packets of data from node to node. IP forwards each packet based on a four byte destination address (the IP number), different organisation, IP operates on a gateway machine. TCP is responsible for verifying the correct delivery of data from client to server. TCP adds support to detect errors or lost data to trigger retransmission until the data is correctly and completely received. Sockets is a name given to the package of subroutines that provide access to TCP/IP on most systems Internet and Protocols

4 The Internet Protocol was developed to create a Network of Networks (the Internet). Individual machines are first connected to a LAN (Ethernet or Token Ring). TCP/IP shares the LAN with other users. One device provides the TCP/IP connection between the LAN and the rest of the World. A Network consisting of two or more far-apart LANs is a Wide Area Network (WAN) Typical Network consisting of Switches, Hubs and Routers are intermediary devices between clients and servers

5 The Network Layer in the Internet The Internet can be viewed as a collection of sub-networks or autonomous systems (AS) that are connected together The Internet can be viewed as a collection of sub-networks or autonomous systems (AS) that are connected together There is not real structure, but several major backbones exist There is not real structure, but several major backbones exist These are constructed from high-bandwidth lines and fast routers These are constructed from high-bandwidth lines and fast routers Attached to the backbones are regional networks, and attached to these regional networks are LANs (Universities, companies etc.) Attached to the backbones are regional networks, and attached to these regional networks are LANs (Universities, companies etc.) The glue that holds the Internet together is the network layer protocol, IP The glue that holds the Internet together is the network layer protocol, IP

6 The Network Layer in the Internet The Internet transmits data by packet switching using a standardised Internet Protocol (IP) The Internet transmits data by packet switching using a standardised Internet Protocol (IP) IP Datagram IP Datagram The header has a 20-byte fixed part and a variable length optional part It is transmitted in big edian order from left to right with higher-order bit of the version field going first It is transmitted in big edian order from left to right with higher-order bit of the version field going first

7

8 Ethernet hub is a device for connecting multiple twisted pair or fibre Ethernet devices together.

9 D. E. Comer, "Computer Networks and Internets with Internet Applications," Prentice Hall, 2001, pp [2] Ethernet bridge connects multiple network segments at the data link layer ( layer 2 ) of the OSI model.

10 A router is a computer networking device that forwards data across networks towards their destination, through a process known as routing.

11 Modem is a device that modulates an analogue carrier signal to encode digital information and also demodulate such a carrier signal to decode the transmitted information.

12

13 Popular Wired LAN Standards High-Level Data Link Control (HDLC) High-Level Data Link Control (HDLC) Ethernet (IEEE 802.3) Ethernet (IEEE 802.3) Token Bus (IEEE 802.4) Token Bus (IEEE 802.4) Token Ring (IEEE 802.5) Token Ring (IEEE 802.5) A. S. TanenBaum, "Computer Networks," Pearson Education, 2003, pp , pp , pp [1]

14 HIGH LEVEL DATA LINK CONTROL A. S. TanenBaum, "Computer Networks," Pearson Education, 2003, pp [1] Frame format for bit-oriented protocols. 8 8 > address control Data Checksum

15 HIGH LEVEL DATA LINK CONTROL(2) A. S. TanenBaum, "Computer Networks," Pearson Education, 2003, pp [1] 0 Seq P/F Next (a) Type P/F Next (b) Type P/F Modifier (c) Control Field of (a)An information frame (b)A supervisory frame (c)An unnumbered frame

16 PPP- Point to Point Protocol Bytes Flag Address Control Protocol Payload checksum Flag or 2 Variable 2 or 4 1 The PPP full frame format for unnumbered mode operation

17 Ethernet (IEEE 802.3) Bus Topology Bus Topology Carrier Sense Multiple Access with Collision Detection (CSMA/CD) Carrier Sense Multiple Access with Collision Detection (CSMA/CD) 10 Bases denoting 10 Mbit/s 10 Bases denoting 10 Mbit/s

18 Ethernet (IEEE 802.3) MAC Unit Protocol Firmware Network Service Drop cable Transceiver Tap

19 Ethernet (IEEE 802.3) PR = Preamble SFD = Start Frame Data DA = Destination Address SA = Source Address TYPE = Type of data FCS = Frame Checksum PRSFDDASAFCS TYPE INFORMATION Data frame

20 CSMA/CD MAC Protocol Station checks if there is data being currently transmitted (carrier sense) Station checks if there is data being currently transmitted (carrier sense) If no data is present, station begins to transmit data If no data is present, station begins to transmit data If two or more stations begin this process simultaneously, there will be a collision of frames If two or more stations begin this process simultaneously, there will be a collision of frames Station monitors its own receiver output and compares with transmitted signal to detect when this occurs (collision detection) Station monitors its own receiver output and compares with transmitted signal to detect when this occurs (collision detection)

21 CSMA/CD MAC Protocol If a collision is detected, the station aborts the transmission and sends a jamming signal to inform all other stations that a collision has occurred If a collision is detected, the station aborts the transmission and sends a jamming signal to inform all other stations that a collision has occurred Transmitting stations that have caused the collision wait a randomly generated time interval before reattempting to transmit Transmitting stations that have caused the collision wait a randomly generated time interval before reattempting to transmit This avoids step-lock in terms of retransmission causing repeated collisions This avoids step-lock in terms of retransmission causing repeated collisions

22 Capacity Calculations delay AB Time TX - ATX - B T = Transmitted frame length

23 Capacity Calculations TX-ATX-B 2 Sensing time Time to detect collision Collision interval Time to transfer information a = / T The maximum propagation delay to frame length ratio The figure above allows a new frame to be transmitted immediately following the previous one, giving a frame rate of 1/T frames/sec

24 Capacity Calculations If, on average K retries are necessary before the next frame can be transmitted (in a lightly loaded network k=0), then the average time for transmitting one frame, t v, is given by: If, on average K retries are necessary before the next frame can be transmitted (in a lightly loaded network k=0), then the average time for transmitting one frame, t v, is given by: t v = T K t v = T K = T + (1 + 2K) = T + (1 + 2K) = T [1 + /T(1 +2K)] = T[1 + a(1+2K)] = T [1 + /T(1 +2K)] = T[1 + a(1+2K)] Where a= /T

25 Capacity Calculations The utilisation factor, U, of the transmission medium is given by: The utilisation factor, U, of the transmission medium is given by: U = T/t v = 1/(1+a(1+2k)) U = T/t v = 1/(1+a(1+2k)) Let P t be the probability constant for all stations over all time that any particular station wishes to transmit at the end of a specific 2 collision detection interval Let P t be the probability constant for all stations over all time that any particular station wishes to transmit at the end of a specific 2 collision detection interval P t = 2 λ,(where λ is the rate of packets/s) P t = 2 λ,(where λ is the rate of packets/s)

26 Capacity Calculations For a successful event, one station transmits, but n-1 stations do not For a successful event, one station transmits, but n-1 stations do not The probability of n successful transmissions p is therefore given by: The probability of n successful transmissions p is therefore given by: p = nP t (1 - P t ) n-1 It can be shown by differentiating p with respect to P t that the maximum value of the probability P t is: It can be shown by differentiating p with respect to P t that the maximum value of the probability P t is: P t = 1/n Where n is the number of stations

27 Capacity Calculations Consequently the maximum value of p is given by: Consequently the maximum value of p is given by: p max = n 1/n(1 – 1/n) n-1 = (1 – 1/n) n-1 p max = n 1/n(1 – 1/n) n-1 = (1 – 1/n) n-1 If n then p max 1/e where e = 2.718… If n then p max 1/e where e = 2.718… At the end of a 2 collision detection interval, a further collision occurs with probability 1-p, while a successful transmission occurs with probability P At the end of a 2 collision detection interval, a further collision occurs with probability 1-p, while a successful transmission occurs with probability P Thus, a sequence of K collision intervals occupying a time 2 K sec, occurs with probability: Thus, a sequence of K collision intervals occupying a time 2 K sec, occurs with probability: P (k) = p(1-p) K-1 at least one collision occurring P (k) = p(1-p) K-1 at least one collision occurring

28 Capacity Calculations The average number of collisions is therefore given by: The average number of collisions is therefore given by: k= Σ k=1 kp(k) = Σ k=1 kp(1-p) k-1 k= Σ k=1 kp(k) = Σ k=1 kp(1-p) k-1 From this it can be proven that k=1/p, and we obtain the limiting utilisation: From this it can be proven that k=1/p, and we obtain the limiting utilisation: U = T/t v = 1/(1+a(1+2k)) U = T/t v = 1/(1+a(1+2k)) U max = 1 / (1+a( )) = 1/(1+6.44a) U max = 1 / (1+a( )) = 1/(1+6.44a)

29 Utilisation with different values for the a parameter a a

30 Ethernet Exercises Problem: A certain Ethernet system has a maximum bus delay of 16 μsec, and operates with a bit rate of 10 Mbit/sec. Each frame is 576 bits in length. Determine the maximum utilisation factor of the medium under collision conditions Problem: A certain Ethernet system has a maximum bus delay of 16 μsec, and operates with a bit rate of 10 Mbit/sec. Each frame is 576 bits in length. Determine the maximum utilisation factor of the medium under collision conditions For the system above, calculate the actual capacity if there are 15 active stations, each with an equal amount of data to transmit For the system above, calculate the actual capacity if there are 15 active stations, each with an equal amount of data to transmit

31 Token Ring (IEEE 802.5) Ring Structure SDACFCDASAFCSEDFSINFORMATION Data frame SDACED Token frame

32 Token Ring Frame Structures SD = Start Delimited (1 octet) SD = Start Delimited (1 octet) AC = Access Control (1 octet) AC = Access Control (1 octet) FC = Frame Control (1 octet) FC = Frame Control (1 octet) DA = Destination Address (2/6) DA = Destination Address (2/6) FCS = Frame Check (4) FCS = Frame Check (4) ED = End Delimiter (1) ED = End Delimiter (1) FS = Frame Status (1) FS = Frame Status (1)

33 Token Ring MAC Unit Protocol Firmware Network Service Drop cable Ring cable Trunk Coupling Unit (TCU)

34 Token Ring AC B D Free Token AC B D A C B D A C B D Busy Token Free Token A generates data frame for station A A removes the data frame

35 Capacity Calculations Empty Ring Empty Ring C = Capacity (bits/sec) C = Capacity (bits/sec) = Propagation time around ring = Propagation time around ring N = Number of stations N = Number of stations L = Delay of L bits in each station on the ring (station latency) L = Delay of L bits in each station on the ring (station latency)

36 Capacity Calculations The ring latency is given by: The ring latency is given by: T L = + (NL)/C T L = + (NL)/C The free token is 24 bits (3 bytes) in length, thus the maximum waiting time, if no other station is transmitting, is given by: The free token is 24 bits (3 bytes) in length, thus the maximum waiting time, if no other station is transmitting, is given by: T max,empty = (24/C + T L ) T max,empty = (24/C + T L )

37 Capacity Calculations Full Ring Full Ring Consider a full ring, where all stations have data to transmit Consider a full ring, where all stations have data to transmit Each station can only transmit when it has the token Each station can only transmit when it has the token If each frame is limited to M bytes, the transmission time is: If each frame is limited to M bytes, the transmission time is: T = 8M/C T = 8M/C The maximum waiting time is: The maximum waiting time is: T max, Full = (N-1)(T+T L ) T max, Full = (N-1)(T+T L )

38 Capacity Calculations Exercise Exercise A 4Mbit/s ring has 50 stations, each with a latency of 2 bits, the total length of the ring is 2km, and the propagation delay of the cable is 5μs/km A 4Mbit/s ring has 50 stations, each with a latency of 2 bits, the total length of the ring is 2km, and the propagation delay of the cable is 5μs/km Determine the maximum waiting time when the ring is empty, and when all stations are transmitting. A full frame is 64 bytes in length Determine the maximum waiting time when the ring is empty, and when all stations are transmitting. A full frame is 64 bytes in length

39 Capacity Calculations Loaded Ring Loaded Ring Traffic load of λ i frame/sec Traffic load of λ i frame/sec T = Time when transmitted on the ring for each frame T = Time when transmitted on the ring for each frame T c = time interval elapsed before the free token arrives T c = time interval elapsed before the free token arrives t i = λ i T c T t i = λ i T c T

40 Capacity Calculations The maximum waiting time experienced by every station on the ring Tc is given by: The maximum waiting time experienced by every station on the ring Tc is given by: T c = T L + Σ N i=1 t i = T L + t c ΛT T c = T L + Σ N i=1 t i = T L + t c ΛT Where Λ = Σ N i=1 λ i Where Λ = Σ N i=1 λ i Here the parameter Λ represents the gross input to the ring in frame/sec Here the parameter Λ represents the gross input to the ring in frame/sec T c /T L = 1 / (1-U) and U = ΛT T c /T L = 1 / (1-U) and U = ΛT

41 Tutorial: Network Systems and Technologies by Professor R. A. Carrasco 1) Describe the basic differences between a wide area network and a local area network in terms of: 1) Describe the basic differences between a wide area network and a local area network in terms of: a) Structure a) Structure b) Operation b) Operation 2) The techniques of passing information from node to node across a broadcast network differ according to the type of configuration employed. 2) The techniques of passing information from node to node across a broadcast network differ according to the type of configuration employed. Compare the methods used for bus and ring networks. 3) a) What is a baseband LAN? 3) a) What is a baseband LAN? What is a broadband LAN? What is a broadband LAN? b) What are the advantages of using a star ring architecture in a computer network? What are its disadvantages? 4) Describe the effects of a complete failure of a node in the operation of the following network configurations: 4) Describe the effects of a complete failure of a node in the operation of the following network configurations: a bus a bus a ring a ring a star a star 5) List the seven layers of the CCITT ISO architecture for network communications. 5) List the seven layers of the CCITT ISO architecture for network communications. a) Describe their function and justify the existence of each one. a) Describe their function and justify the existence of each one. b) Which layers are essential to LAN communications and why? b) Which layers are essential to LAN communications and why?

42 6) Assuming HDLC protocol 6) Assuming HDLC protocol a) Distinguish between the normal response mode and the asynchronous mode of working. How are they defined in the HDLC frame structure? a) Distinguish between the normal response mode and the asynchronous mode of working. How are they defined in the HDLC frame structure? b) How is flow control achieved through this frame structure? b) How is flow control achieved through this frame structure? 7) Describe the function of the logical link control and medium access control layers as defined in the IEEE 802 standards and indicate their relationship with the lower protocol layers in the ISO seven-layer reference model. 7) Describe the function of the logical link control and medium access control layers as defined in the IEEE 802 standards and indicate their relationship with the lower protocol layers in the ISO seven-layer reference model. 8) a) Describe the basic differences between circuit switching, message switching and packet switching. b) Give examples of each switching technique. Advantages and disadvantages of switching techniques. c) For packet switching technique: give an example. How will the network handle stream of packets? 9) i) Discuss IEEE 802 standards and frame format for CSMA/CD, token bus, token ring, (logical link control), 802.3, and standards. 9) i) Discuss IEEE 802 standards and frame format for CSMA/CD, token bus, token ring, (logical link control), 802.3, and standards. ii) Briefly discuss the comparison of 802.3, and standards. 10) Imagine two LAN bridges, both connecting a pair of networks. The first bridge is faced with byte frames per second that must be forwarded. The second is faced with byte frames per second. Which bridge do you think will need the faster CPU? Discuss. 10) Imagine two LAN bridges, both connecting a pair of networks. The first bridge is faced with byte frames per second that must be forwarded. The second is faced with byte frames per second. Which bridge do you think will need the faster CPU? Discuss. 11) Suppose that the two bridges of the previous problem each connected an LAN to an LAN. Would that change have any influence on the previous answer? 11) Suppose that the two bridges of the previous problem each connected an LAN to an LAN. Would that change have any influence on the previous answer?

43 12) A bridge between an LAN and an LAN has a problem with intermittent memory errors. Can this problem cause undetected errors with transmitted frames, or will these all be caught by the frame checksums? 12) A bridge between an LAN and an LAN has a problem with intermittent memory errors. Can this problem cause undetected errors with transmitted frames, or will these all be caught by the frame checksums? 13) A large FDDI ring has 100 stations and a token rotation time of 40 msec. The token holding time is 10 msec. What is the maximum achievable efficiency of the ring? 13) A large FDDI ring has 100 stations and a token rotation time of 40 msec. The token holding time is 10 msec. What is the maximum achievable efficiency of the ring?

44 A. S. TanenBaum, "Computer Networks," Pearson Education, 2003, pp [1]

45 The Internet uses almost exclusively TCP for layer 4 and IP for layer 3 Clients and servers typically implement all of the seven OSI layers whilst hubs and switches are only aware of MAC addresses Routers are aware of network address (IP addresses), a layer 3 switch is really a fast router Routing protocols differ from routed protocols since they dynamically determine routing and the route taken by one packet can be different to that of another packet taking place in the same transaction. Transmission Control Protocol (TCP) is a transport layer protocol layered on top of IP and below the application layer SMTP, Telnet, FTP, HTTP(web) etc.

46 Transmission Control Protocol (TCP) (RFC 793) Van Jacobsons algorithm Karns algorithm Nagles Algorithm

47

48 IEEE 802.x, TCP/IP and ISO/OSI Architecture Comparison IEEE IEEE 802.3IEEE IEEE 802.5IEEE Application Presentation Session Transport Network Data Link Physical ISO/OSI Application Transport Network (IP) Ethernet TCP/IP IEEE 802.x

49

50 SMTP (Simple Mail Transfer Protocol) Simple Mail Transfer Protocol is the de facto standard for transmission across the internet. This is a text based protocol. SMTP uses TCP port 25. FTP (File Transfer Protocol) FTP is used to connect two computers over the internet so that users of one computer can transfer files and perform file commands on the other computer. TELNET (TELe type NETwork) TELNET is a network protocol based on the internet or the local area network (LAN) connections. The term telnet also refers to software which implements the client part of the protocol.

51 DNS (Domain Name System) Domain Name System ( DNS) stores and associates many types of information with translation of domain names ( computer host names ) to IP addresses. SNMP (Simple Network Management Protocol) SNMP is used by network management system to monitor network attached devices for conditions that warrant administrative attention ( Application Layer, database scheme, date objects) TFTP (Trivial File Transfer Protocol) TFTP is a very simple file transfer protocol ( basic form of TFTP). TFTP is therefore useful for booting computers such as routers which doesnt have any mass storage devices.

52 ARP (Address Resolution Protocol) ARP is a protocol used by the internet protocol (IP) specifically IPV4, to map P network addresses to the hardware addresses used by the data link protocol. RARP (Reverse Address Resolution Protocol) RARP is a network layer protocol used t resolve an IP address from a given hardware address. It has been rendered obsolete by BOOTP and modern DHCP ( Dynamic Host Control Protocol ). ICMP (Internet Control Message Protocol) ICMP is one of the core protocols of the internet protocol suite. IGMP (Internet Group Message Protocol) IGMP is a communication protocol used to manage the membership if internet protocol multicast groups.

53 A. S. TanenBaum, "Computer Networks," Pearson Education, 2003, pp [1]

54 IP The IP is the internetworking protocol that offers a service with the following characteristics: It is connectionless, so units of network layer data protocol,denominated datagram in the IP context, are dealt with in an individual way from the source host up to the destination host It is connectionless, so units of network layer data protocol,denominated datagram in the IP context, are dealt with in an individual way from the source host up to the destination host It is not reliable. The data-grams can be lost, duplicated, or disordered, and the network does not detect or report this problem A. S. Tanenbaum, "Computer Networks," Pearson Education, 2003, pp [1]

55

56 IP Header format The version field keeps track of which version of the protocol the datagram belongs to. The version field keeps track of which version of the protocol the datagram belongs to. Hlen is provided to tell how long the header is in 32-bit words Hlen is provided to tell how long the header is in 32-bit words The type of service field allows the host to tell the subnet what kind of service it wants. Various combinations of reliability and speed are possible. The three flag bits allow the host to specify what it cares most about from the net [delay, throughput, reliability] The type of service field allows the host to tell the subnet what kind of service it wants. Various combinations of reliability and speed are possible. The three flag bits allow the host to specify what it cares most about from the net [delay, throughput, reliability] The total length includes everything in the datagram – both header and data The total length includes everything in the datagram – both header and data

57 IP Header Format The identification field is needed to allow the destination host to determine which datagram a newly arrived fragment belongs to. All the fragments of a datagram contain the same identification value The identification field is needed to allow the destination host to determine which datagram a newly arrived fragment belongs to. All the fragments of a datagram contain the same identification value DF = Dont Fragment MF = More Fragment The fragment offset tells where in the current datagram this fragment belongs The fragment offset tells where in the current datagram this fragment belongs The time to live field is a counter used to limit packet lifetimes The time to live field is a counter used to limit packet lifetimes The protocol field tells it which transport process to give it to, TCP, UDP and some others The protocol field tells it which transport process to give it to, TCP, UDP and some others

58 IP Header Format The header checksum verifies the header only. Checksum is useful to detecting errors generated by bad memory words inside a router The header checksum verifies the header only. Checksum is useful to detecting errors generated by bad memory words inside a router The source address and destination address indicate the network number and host numbers The source address and destination address indicate the network number and host numbers The option field was designed to provide an escape to allow subsequent version of the protocol to include information not present in the original design The option field was designed to provide an escape to allow subsequent version of the protocol to include information not present in the original design OptionDescription Security Strict source routing Loose source routing Record route Timestamp Specifies how secret the datagram is Gives the complete path to be followed Gives a list of routers not to be missed Makes each router append its IP address Makes each router append its address and timestamp

59 Fragmentation The IP-level datagram must be encapsulated in a lower network level packet to travel in the network The IP-level datagram must be encapsulated in a lower network level packet to travel in the network The rules for the fragmentation are as follows: The rules for the fragmentation are as follows: The size of the resulting fragments must be a multiple of an octet so that the data displacement records, offset, within the datagram are done correctly The size of the resulting fragments must be a multiple of an octet so that the data displacement records, offset, within the datagram are done correctly The size of the fragments are freely chosen The size of the fragments are freely chosen The gateway must accept datagram with a greater size than that of the network they are connected to. This is so larger datagram can be admitted to the network The gateway must accept datagram with a greater size than that of the network they are connected to. This is so larger datagram can be admitted to the network The host and gateways must handle datagram larger than 576 octets The host and gateways must handle datagram larger than 576 octets

60 D. E. Comer, "Computer Networks and Internets with Internet Applications," Prentice Hall, 2001, pp [2]

61

62

63

64

65 ARP Address Resolution Protocol The IP packet are sent encapsulated in LAN or WAN frame such as Ethernet, token ring or ATM The IP packet are sent encapsulated in LAN or WAN frame such as Ethernet, token ring or ATM Q. How does the host needs to know the correct Ethernet destination address to put in the frame? Q. How does the host needs to know the correct Ethernet destination address to put in the frame? EtherDes EtherSour length IP header Payload EtherDes EtherSour length IP header Payload A. It uses ARP to map from the IP destination address to the Ethernet destination address A. It uses ARP to map from the IP destination address to the Ethernet destination address A. S. TanenBaum, "Computer Networks," Pearson Education, 2003, pp [1]

66 ARP cont The host broadcasts an APR request packet which contains the IP address of the required station The host broadcasts an APR request packet which contains the IP address of the required station The station which has that IP address replies directly (unicast) returning the correct IP address The station which has that IP address replies directly (unicast) returning the correct IP address Now the IP packet can be sent directly to the correct Ethernet address Now the IP packet can be sent directly to the correct Ethernet address

67 Reverse Address Resolution Protocol (RARP) Allows a station to determine its IP address from its hardware address Allows a station to determine its IP address from its hardware address A server can be configured to respond to RARP request automatically allocating IP address across the network A server can be configured to respond to RARP request automatically allocating IP address across the network Not used much nowadays, replaced instead by more powerful auto configuration protocols such as DHCP (Dynamic Host Configuration Protocol) Not used much nowadays, replaced instead by more powerful auto configuration protocols such as DHCP (Dynamic Host Configuration Protocol) A. S. TanenBaum, "Computer Networks," Pearson Education, 2003, pp [1]

68 Dynamic Host Configuration Protocol DHCP Allows a client to be configured automatically over the network. Allows a client to be configured automatically over the network. Means that machines do not have to have configured by hand Means that machines do not have to have configured by hand New machines can be added to the IP network more easily New machines can be added to the IP network more easily Less chance of error (for example duplicate IP addresses being configured) Less chance of error (for example duplicate IP addresses being configured)

69 Domain Name Service DNS IP addresses are very difficult to remember IP addresses are very difficult to remember DNS translates easier to remember text names DNS translates easier to remember text names into IP address When a host requires a domain name translation it makes the request to its local Domain Name Server When a host requires a domain name translation it makes the request to its local Domain Name Server A. S. TanenBaum, "Computer Networks," Pearson Education, 2003, pp ,. [1]

70 Domain Naming Each name in DNS can be split up a series of domains Each name in DNS can be split up a series of domains E.g. E.g. uk=domain of the UK uk=domain of the UK ac.uk= academic domain within the UK ac.uk= academic domain within the UK ncl.ac.uk=Newcastle University domain within UK academic ncl.ac.uk=Newcastle University domain within UK academic soc.ncl.ac.uk School of computing domain within Newcastle University within UK academic soc.ncl.ac.uk School of computing domain within Newcastle University within UK academic

71 Domain Name Servers Each domain name server is responsible domain Each domain name server is responsible domain The first request will go to the server which is the local machine domain The first request will go to the server which is the local machine domain DNS server can react in 3 different way DNS server can react in 3 different way -DIRECT just send back the correct IP address -DIRECT just send back the correct IP address -RECURSIVE if it doesnt know the IP address make a request to another DNS server for the IP address then send back the IP address -INDIRECT send back the IP address of another DNS server

72 The change from IPv4 to IPv6 falls primarily into the following categories: Expanded Addressing Capabilities IP address size from 32 bits to 128 Header format simplification Improved support for extensions and options Flow labelling capability Authentication and privacy capabilities

73 IPv6 extension headers A. S. TanenBaum, "Computer Networks," Pearson Education, 2003, pp [1] D. E. Comer, "Computer Networks and Internets with Internet Applications," Prentice Hall, 2001, pp [2]

74 Order of extension headers for IPv6

75 Option header formats Hop-by-hop extension IPv6 options header Routing Extension IPv6 header

76 Routing type 0 header

77 Fragment extension IPv6 header TCP and UDP pseudo-header for IPv6

78 Tutorial Sheet: Network Systems and Technologies by Prof R. A. Carrasco 1) What is the principal difference between connectionless communication and connection-oriented communication? 2) Two networks each provide reliable connection-oriented service. One of them offers a reliable byte stream and the other offers a reliable message stream. Are these identical? If so, why is the distinction mode? If not, give an example of how they differ. 3) What are two reasons for using layered protocols? 4) Give two example applications for which connection-oriented service is appropriate. Now give two examples for which connectionless service is best. 5) Are there any circumstances when a virtual circuit service will (or at least should) deliver packets out of order? Explain. 6) Datagram subnets route each packet as a separate unit, independent of all others. Virtual circuit subnets do not have to do this, since each data packet follows a predetermined route. Does this observation mean that virtual circuit subnets do not need the capability to route isolated packets from an arbitrary source to an arbitrary destination? Explain your answer. 7) What does negotiation mean when discussing network protocols? Give an example of it.

79 8) Give three examples of protocol parameters that might be negotiated when a connection is set up. 9) Discuss the advantages and disadvantages of message switching over circuit switching and performance comparison. 10) Discuss the advantages/disadvantages of packet switching over circuit switching (and performance comparison) 11) Discuss the characteristics and medium access control techniques of Broadcast Networks. 12) Describe the routing functions attributes and their elements. 13) Describe the following routing strategies: Fixed Routing Flooding Random Routing Adaptive Routing

80 TCP Transmission Control Protocol Services -Guarantees end to end delivering of packets -Control the flow of data from host to host and host into the network -Multiplexing, the TCP header has a port number which is used to determine which application should receive the packet A. S. TanenBaum, "Computer Networks," Pearson Education, 2003, pp [1]

81 TCP Datagram Format, RFC 793 A. S. TanenBaum, "Computer Networks," Pearson Education, 2003, pp [1]

82 TCP Client Ports Q. If you have a computer running an package, 2 web browsers (e.g. Netscape and IE) how does the compute know when a TCP/IP packet arrives which application should receive the packet? Q. If you have a computer running an package, 2 web browsers (e.g. Netscape and IE) how does the compute know when a TCP/IP packet arrives which application should receive the packet? A. Each application sets up its connection using a different port number, when the replies come back from the server the port number is used to send the packet to the current connection. A. Each application sets up its connection using a different port number, when the replies come back from the server the port number is used to send the packet to the current connection.

83 TCP SERVER PORTS The server must respond to client requests The server must respond to client requests Q. How does the client know which port to send its request to? Q. How does the client know which port to send its request to? A. Well known port numbers are assigned to particular services A. Well known port numbers are assigned to particular services

84 TCP Error control The acknowledgment (ack) and sequence number fields are used to guarantee delivery of packets to the destination The acknowledgment (ack) and sequence number fields are used to guarantee delivery of packets to the destination For each packet sent out an ack must be sent back. For each packet sent out an ack must be sent back. If no ack is sent back within a certain time the packet is sent again. If no ack is sent back within a certain time the packet is sent again. Each new packet to be transmitted is allocated a new sequence no. the returning ack no. informs the sender of the next expected sequence no. Each new packet to be transmitted is allocated a new sequence no. the returning ack no. informs the sender of the next expected sequence no. The sequence no. is used to keep the packets in order The sequence no. is used to keep the packets in order

85 TCP flow control The window size field is used by the receiver to control the flow of packets from the sender. The window size field is used by the receiver to control the flow of packets from the sender. If the receiver sets the window size to 400 the sender is only allowed to send 400 bytes before stopping. If the receiver sets the window size to 400 the sender is only allowed to send 400 bytes before stopping. The receiver can stop the sender by setting the window size to 0 The receiver can stop the sender by setting the window size to 0

86 TCP congestion control TCP uses a slow start algorithm to initially limit a new connections bandwidth. TCP uses a slow start algorithm to initially limit a new connections bandwidth. This is so that the connection does not overload the network infrastructure This is so that the connection does not overload the network infrastructure TCP increases the flow of data into the network until an ack timeout occurs it will then cut back TCP increases the flow of data into the network until an ack timeout occurs it will then cut back

87 UDP User Datagram Protocol Services Services -provides port allocations the same as TCP -does NOT guarantee delivery -does not guarantee sequencing -useful when speed is more important than reliability e.g. Internet telephony A. S. TanenBaum, "Computer Networks," Pearson Education, 2003, pp [1]

88 User Datagram Protocol (UDP), RFC 768 Source Port Destination Port Length Field The Checksum Internet Protocol IP RFC 791, RFC 792, RFC 826 IPv4, IPv6

89 Applications of UDP Appropriate when Appropriate when - transport layer overhead must be minimized or - transport layer overhead must be minimized or - data reliability is not crucial - data reliability is not crucial - Services such as NFS, DNS, SNMP and Voice over IP (VoIP) use UDP - Services such as NFS, DNS, SNMP and Voice over IP (VoIP) use UDP

90 Sockets TCP UDP TCP ports UDP ports Sockets bound to ports UDP sockets Socket references TCP sockets Applications IP A socket allows applications to send and receive data. It allows an application to connect to a network and communicate with other applications on that network Stream sockets use TCP as the end-to-end protocol with IP underneath Datagram sockets use UDP end-to-end with IP underneath A TCP/IP socket is uniquely identified by an Internet address, type of protocol and a port number

91 Relationship of Socket Classes TcpListener TcpClient Class UdpClient Class Socket Class WinSock 2.0 Implementation WinSock was developed by Microsoft and provides standard socket functions. The.NET framework provides higher level classes to simplify programming tasks. The.NET socket class allows access to the underlying sockets interface. TcpListener, TcpClient and UdpClient are higher level.NET socket classes that are implemented using the.NET Socket wrapper class..NET Framework Classes Underlying Implementation

92 TCP Sockets The.NET framework provides two classes for TCP: TcpClient and TcpListener The.NET framework provides two classes for TCP: TcpClient and TcpListener.NET uses the EndPoint class and IPEndPoint subclass to represent the TCP channel..NET uses the EndPoint class and IPEndPoint subclass to represent the TCP channel. Communication with a TCP client is initiated in three steps: Communication with a TCP client is initiated in three steps: 1. Construct an instance of TcpClient 2. Communicate using the sockets stream 3. Close the connection

93 TCP Client and Echo server in C# 0. using System;//For string, Int32, Console, ArgumentException 1. using System.text;//For Encoding 2. using System.IO;//For IOException 3. using System.Net.Sockets//For TcpClient, NetworkStream, SocketException class TcpEchoClient{ static void Main(string[] args){ if ((args.Length 3)) { // Test for correct no of args 10.throw new ArgumentException(Parameters: [ ]); 11. } String server = args[0];// Server name or IP address // Convert input String to bytes 16. byte[] byteBuffer = Encoding.ASCII.Getbytes(args[1]); //Use port argument if supplied, otherwise default to Int servPort = (args.Length == 3) ? Int32.Parse(args[2]) : 7; 20.

94 TCP Client and Echo server in C# 21. TcpClient client = null; 22. NetworkStream netStream = null; try{ 25. // Create socket that is connected to server on specified port 26. client = new TcpClient(server, servPort); Console.WriteLine(Connected to server… sending echo string); netStream = client.GetStream(); // Send the encoded string to the server 33. netStream.Write(byteBuffer, 0, byteBuffer.Length); Console.WriteLine(Sent {0} bytes to server…, byteBuffer.Length); int totalBytesRcvd = 0; // Total bytes received so far 38. int bytesRcvd = 0;// Bytes received in last read 39.

95 TCP Client and Echo server in C# 40. //Receive the same string back from the server 41. while(totalBytesRcvd < byteBuffer.Length){ 42.if((bytesRcvd = netStream.Read(byteBuffer, totalBytesRcvd, byteBuffer.Length – totalBytesRcvd)) == 0){ 43. Console.WriteLine(Connection closed prematurely.); 45.break; 46. } 47. totalBytesRcvd += bytesRcvd; 48. } Console.WriteLine(Received {0} bytes from server: {1}, totalBytesRcvd, 51.Encoding.ASCII.Getstring(byteBuffer, 0, totalBytesRcvd)); } catch (Exception e){ 54. Console.WriteLine(e.Message); 55.} finally { 56. netStream.Close(); 57.client.Close(); 58. } 59. } 60.}

96 TCP Client and Echo server in C# Lines convert the echo string to bytes Lines convert the echo string to bytes Line 19 finds the echo server port Line 19 finds the echo server port Lines create the TCP socket Lines create the TCP socket Line 30 gets the socket stream Line 30 gets the socket stream Lines send the string to the echo server Lines send the string to the echo server Line receive the reply from the echo server Line receive the reply from the echo server Lines print the echoed string Lines print the echoed string Lines handle errors Lines handle errors Lines close the stream and socket Lines close the stream and socket

97 UDP Sockets The.NET framework provides UDP sockets functionality using the class UdpClient. This allows for both sending and receiving UDP packets, and can be used to construct a UDP client and server. The.NET framework provides UDP sockets functionality using the class UdpClient. This allows for both sending and receiving UDP packets, and can be used to construct a UDP client and server. The UDP client works in the following way: The UDP client works in the following way: 1. Construct an instance of UdpClient 2. Communicate using the Send() and Receive() methods of UdpClient 3. Use the Close() method of UdpClient to deallocate the socket.

98 UDP Client and Echo Server in C# 0. using System;//For String, Int32, Console 1. using System.Text;//For Encoding 2. using System.Net; //For IPEndPoint 3. using System.Net.Sockets//For UdpClient, SocketException class UdpEchoClient { static void Main(string[] args) { if((args.Length 3)) { // Test for correct no of args 10.throw new System.ArgumentException(Parameters: [ ]); 11.} String server = args[0];// Server name or IP address // Use port argument if supplied, otherwise default to int servPort = (args.Length == 3) ? Int32.Parse(args[2]) : 7; // Convert input String to an array of bytes 19. byte[] sendPacket = Encoding.ASCII.GetBytes(args[1]); // Create a UdpClient instance 22. UdpClient client = new UdpClient();

99 UDP Client and Echo Server in C# 23try { 24. // Send the echo string to the specified host and port 25. client.Send(sendPacket, sendPacket.Length, server, servPort); Console.WriteLine(Sent {0} bytes to the server…, sendPacket.Length); // This IPEndPoint instance will be populated with the remote senders endpoint information after the Receive() call 30. IPEndPoint remoteIPEndPoint = new IPEndPoint(IPAddress.Any, 0); // Attempt echo reply receive 33. byte[] rcvPacket = client.Receive(ref remoteIPEndPoint); Console.Writeline(Received {0} bytes from {1}: {2}, rcvPacket.Length, remoteIPEndPoint, 36.Encoding.ASCII.Getstring(rcvPacket, 0, rcvPacket.Length)); } catch (SocketException se) { 39. Console.WriteLine(se.ErrorCode + : + se.Message); 40. } client.Close(); 43. } 44. }

100 UDP Client and Echo Server in C# Lines create the UDP socket Lines create the UDP socket Lines send the datagram Lines send the datagram Lines create a remote IP end point for receiving Lines create a remote IP end point for receiving Lines handle datagram reception Lines handle datagram reception Lines print reception results Lines print reception results Line 42 closes the socket Line 42 closes the socket

101 Voice over IP (VoIP) VoIP is the routing of voice signals over an IP-based network. VoIP is the routing of voice signals over an IP-based network. The analogue voice signal is converted to a digital signal. The analogue voice signal is converted to a digital signal. The digital signal is compressed using a codec (G.7xxx for voice, H.26xx for video) The digital signal is compressed using a codec (G.7xxx for voice, H.26xx for video) The digital signal is then split into packets by a process called Packetization The digital signal is then split into packets by a process called Packetization

102 Voice over IP (VoIP) Advantages: Incoming calls can be routed to a VoIP phone anywhere on the network Incoming calls can be routed to a VoIP phone anywhere on the network Lower cost especially for international calls Lower cost especially for international callsDisadvantages: Received IP packets can arrive in any order or even be missing resulting in poor QoS. Received IP packets can arrive in any order or even be missing resulting in poor QoS. Susceptible to power cuts Susceptible to power cuts

103 RTSP Audio/Video Applications ENUM Codecs G.xxx, H.26x SDP H.323 MEGACO/ H.248 DNS RTP SAP RTCP MGCP RSVP SIP TCP UDP IP Network Interface Layer Protocols Voice over IP Protocols

104 Protocols supporting VoIP Multicast IP Multicast IP Real-Time Transport Protocol (RTP) Real-Time Transport Protocol (RTP) Real-Time Control Protocol (RTCP) Real-Time Control Protocol (RTCP) Resource Reservation Protocol (RSVP) Resource Reservation Protocol (RSVP) Real-Time Streaming Protocol (RTSP) Real-Time Streaming Protocol (RTSP) Session Description Protocol (SDP) Session Description Protocol (SDP) Session Initiation Protocol (SIP) Session Initiation Protocol (SIP) Electronic Numbers (ENUM) Electronic Numbers (ENUM)

105 Protocols supporting VoIP Multicast IP efficiently sends data to multiple receivers at the same time on TCP/IP networks. Multicast IP efficiently sends data to multiple receivers at the same time on TCP/IP networks. RTP provides end-to-end delivery services for data that requires real- time support. RTP provides end-to-end delivery services for data that requires real- time support. RTCP monitors the QoS and conveys information about each user in the communication session. RTCP monitors the QoS and conveys information about each user in the communication session. RSVP requests an appropriate level of service from the network. RSVP requests an appropriate level of service from the network. RTSP controls the delivery of data that has real-time properties. RTSP controls the delivery of data that has real-time properties. SDP describes a multimedia session for the purposes of session announcement and invitation. SDP describes a multimedia session for the purposes of session announcement and invitation.

106 Protocols supporting VoIP SIP establishes a communication session between two end-points. It creates, modifies and terminates sessions between participants. SIP establishes a communication session between two end-points. It creates, modifies and terminates sessions between participants. ENUM bridges the gap between telephone numbers and IP addresses. ENUM bridges the gap between telephone numbers and IP addresses.

107 Real-Time Transport Protocol (RTP) V=2 Contributing Source (CSRC) Identifier (0 to 15 items) 20 ms Voice Sample P X CC M PT Sequence Number Timestamp Synchronisation Source (SSRC) Identifier Bits V = Version (currently 2) CC = CSRC Count. Counts the number of CSRC identifiers in the RTP header CSRC – Identifies contributing sources (conferencing) in the payload. There can only be a maximum of 15 contributing sources. These are inserted by a mixer. SSRC – Identifies synchronisation sources. It is chosen randomly so that two or more synchronisation sources in the same RTP session have the same SSRC identifier.

108 Voice over IP Packet Format VER Identifier Time to live Source Address Destination Address Options + Padding Source Port V=2 Contributing Source (CSRC) Identifier (0 – 15 items) 20 ms Voice Sample IHL Type of service Total Length Flags Fragment Offset Protocol Header Checksum Destination Port LengthChecksum P X CC M PT Sequence Number Timestamp Synchronisation Source (SSRC) Identifier Bits IPv4 Header 20 octets + Options + Padding UDP Header 8 Octets RTP Header 12 octets + Identifiers Data 20 octets

109 References TCP/IP Illustrated, Volume 1, The Protocols, W. Richard Stevens, Addison-Wesley Professional Computing Series, 1994 TCP/IP Illustrated, Volume 1, The Protocols, W. Richard Stevens, Addison-Wesley Professional Computing Series, 1994 TCP/IP Sockets in C#, Practical Guide for Programmers, David B. Makofske, Michael J. Donahoo, Kenneth L. Calvert, The Practical Guide Series, Elsevier, 2004 TCP/IP Sockets in C#, Practical Guide for Programmers, David B. Makofske, Michael J. Donahoo, Kenneth L. Calvert, The Practical Guide Series, Elsevier, 2004 Voice over IP Technologies, Building the Converged Network, Mark A. Miller, M&T Books, 2002 Voice over IP Technologies, Building the Converged Network, Mark A. Miller, M&T Books, 2002

110 ALOHA and Packet Broadcasting Channel Prof. R. A. Carrasco School of Electrical, Electronic and Computer engineering 2006 University of Newcastle-upon-Tyne A. S. TanenBaum, "Computer Networks," Pearson Education, 2003, pp [1]

111 Packet Broadcasting Related Works by Metcalfe and Abransom 1) 1970: N. Abramson, The ALOHA System – Another alternative for computer communications., in Proc. AFIPS Press, vol 37, ) 1973: R. M. Metcalfe, Packet communication, MIT, Cambridge, MA, Rep. MAC TR-114, July ) 1977: N. Abramson, The Throughput of Packet Broadcasting Channels, IEEE Trans. Commun., vol. COM-25, no. 10, Jan ) 1985: N. Abramson, Development of the ALOAHANET, IEEE Trans. Info. Theory., March 1985

112 IEEE Transactions on Information Theory, March 1985 Development of the ALOHANET Development of the ALOHANET

113 ALOHA Project Started In September 1968 Started In September 1968 Goal Goal To build computer network in University of Hawaii. To build computer network in University of Hawaii. To investigate the use of radio communications as an alternative to the telephone system for computer communication. To investigate the use of radio communications as an alternative to the telephone system for computer communication. To determine those situations where radio communications are preferable to conventional wire communications To determine those situations where radio communications are preferable to conventional wire communications

114 Problem Limited Resource: Channel Limited Resource: Channel Intermittent operation typical of interactive computer terminal dont need point-to-point channels. (FDMA or TDMA) Intermittent operation typical of interactive computer terminal dont need point-to-point channels. (FDMA or TDMA) Spread Spectrum is not appropriate to share the channel. Spread Spectrum is not appropriate to share the channel.

115 Approach Packet Broadcasting Channels Packet Broadcasting Channels Each user transmits its packets over the common broadcast channel. Each user transmits its packets over the common broadcast channel. Key innovation of ALOHANET. Key innovation of ALOHANET. There are basically two types of ALOHA systems --Synchronized or slotted and --Unsynchronized or unslotted

116 System Design 1968, they decided main approach (Packet Broadcasting) for design simplicity. 1968, they decided main approach (Packet Broadcasting) for design simplicity. Frequency Band: two 100KHz bandwidth channels at MHz and MHz. Frequency Band: two 100KHz bandwidth channels at MHz and MHz. TCU (Terminal Control Unit): TCU (Terminal Control Unit): Formatting of the ALOHA packets. Formatting of the ALOHA packets. Retransmission protocol. Retransmission protocol. A Terminal attached TCU by means of RS232. A Terminal attached TCU by means of RS232. Half duplex mode. (too expensive memory) Half duplex mode. (too expensive memory)

117 History 1971: start operation in University of Hawaii. 1971: start operation in University of Hawaii : build additional TCUs : build additional TCUs. 1972: connect to ARPANET using satellite channel. (56kbps) 1972: connect to ARPANET using satellite channel. (56kbps) 1973: Metcalfes doctorial dissertation about packet broadcasting. 1973: Metcalfes doctorial dissertation about packet broadcasting. 1973: PACNET, international satellite networks. (9600 bits/s) 1973: PACNET, international satellite networks. (9600 bits/s) 1973 ~ : Many researches about packet broadcasting ~ : Many researches about packet broadcasting. 1976: slotted ALOHA. 1976: slotted ALOHA. 1984: unslotted ALOHA in the UHF band by Motorola. 1984: unslotted ALOHA in the UHF band by Motorola.

118 Strategic Theoretical Realities An appreciation of the basic capacity of the channels and the matching of that capacity to the information rate of the signals. An appreciation of the basic capacity of the channels and the matching of that capacity to the information rate of the signals. In data network, distinguish between the average data rate and the burst data rate In data network, distinguish between the average data rate and the burst data rate Network design: to handle different kinds of signals from different source. Network design: to handle different kinds of signals from different source. Deals with the problem of scaling for large system. Deals with the problem of scaling for large system. Packet broadcasting channel is more scalable than point-to-point channel or switching. Packet broadcasting channel is more scalable than point-to-point channel or switching. Theoretical analysis give good guide to design network, but the converse also is true. Theoretical analysis give good guide to design network, but the converse also is true. The operation of a real network can be a valuable guide to the selection of theoretical problems. The operation of a real network can be a valuable guide to the selection of theoretical problems.

119 Packet Switching and Packet Broadcasting Packet switching can provide a powerful means of sharing communication resources. Packet switching can provide a powerful means of sharing communication resources. But it employ point-to-point channels and large switches for routing. But it employ point-to-point channels and large switches for routing. By use of packet broadcasting By use of packet broadcasting Elimination of routing and switches. Elimination of routing and switches. System simplicity System simplicity Some channels are basically broadcast channel. (satellite,..) Some channels are basically broadcast channel. (satellite,..) Needs unified presentation of packet broadcasting theory. Needs unified presentation of packet broadcasting theory.

120 Packet Broadcasting Channel Each user transmits packets over the common broadcast channel completely unsynchronized. Each user transmits packets over the common broadcast channel completely unsynchronized. Loss due to the overlap. Loss due to the overlap. How many users can share a channel? How many users can share a channel?

121 Recovery of Lost Packets Positive Acknowledgements. Positive Acknowledgements. Transponder Packet Broadcasting. Transponder Packet Broadcasting. Carrier Sense Packet Broadcasting. Carrier Sense Packet Broadcasting. Packet Recovery Codes Packet Recovery Codes

122 ALOHA Systems and Protocols We assume that the start time of packets/s that are transmitted is a Poisson point process We assume that the start time of packets/s that are transmitted is a Poisson point process An average rate of λ packets An average rate of λ packets Let T p denote the time duration of a packet Let T p denote the time duration of a packet The normalised channel traffic G is defined The normalised channel traffic G is defined G=λT p G=λT p It also called the offered channel traffic

123 ALOHA Capacity Errors reduce the ALOHA Capacity Errors reduce the ALOHA Capacity Random noise errors Random noise errors Errors caused by packet overlap. Errors caused by packet overlap. Statistical Analysis: S: Channel Throughput G: Channel Traffic Throughput is maximum 1/2e when channel traffic equals 0.5.

124 ALOHA Capacity Meaning of the result Meaning of the result ALOHA: 9600 bits/s ALOHA: 9600 bits/s Terminal: 5bits/s Terminal: 5bits/s 9600 X 1/2e = about 1600 bits/s 9600 X 1/2e = about 1600 bits/s The channel can handle the traffic of over 300 active terminals and each terminal will operate at a peak data rate 9600 bits/s The channel can handle the traffic of over 300 active terminals and each terminal will operate at a peak data rate 9600 bits/s

125 Slotted ALOHA Channel Capacity Each user can start his packet only at certain fixed instants. Each user can start his packet only at certain fixed instants. Statistical Analysis It increase the throughput

126 Mixed Data Rates Unslotted ALOHA: Variable Packet Lengths Unslotted ALOHA: Variable Packet Lengths = Long Packet Length/ Short Packet Length = Long Packet Length/ Short Packet Length G1 = Short Packet Traffic G1 = Short Packet Traffic G2 = Long Packet Traffic G2 = Long Packet Traffic Total channel throughput can undergo a significant decrease.

127 Slotted ALOHA: Variable Packet Rates Assume ALOHA used by n users with different channel traffic. Assume ALOHA used by n users with different channel traffic.

128 ALOHA Meaning of the result Meaning of the result In a lightly loaded slotted ALOHA channel, a single user can transmit data at rates above the limit 1/e. : Excess Capacity. In a lightly loaded slotted ALOHA channel, a single user can transmit data at rates above the limit 1/e. : Excess Capacity. Important for the network consisting of many interactive terminal users and small number of users who send large but infrequent files. Important for the network consisting of many interactive terminal users and small number of users who send large but infrequent files.

129 Question 1 In a pure ALOHA system, the channel bit rate is 2400bits/s. Suppose that each terminal transmits a 100-bit message every minute on average. In a pure ALOHA system, the channel bit rate is 2400bits/s. Suppose that each terminal transmits a 100-bit message every minute on average. i) Determine the maximum number of terminals that can use the channel i) Determine the maximum number of terminals that can use the channel ii) Repeat (i) if slotted ALOHA is used ii) Repeat (i) if slotted ALOHA is used

130 Question 2 An alternative derivation for the An alternative derivation for the throughput in a pure ALOHA system throughput in a pure ALOHA system may be obtained from the relation G=S+A, where A is the average G=S+A, where A is the average (normalised) rate of retransmission. Show that A=G(1-e -2G ) and then solve for S. A=G(1-e -2G ) and then solve for S.

131 Question 3 Consider a pure ALOHA system that is operating with a throughput S=0.1 Consider a pure ALOHA system that is operating with a throughput S=0.1 and packets are generated with a and packets are generated with a Poisson arrival rate λ. Determine: Poisson arrival rate λ. Determine: i) The value of G ii) The average number of attempted transmissions to send a packet.

132 Question 4 Consider a CSMA/CD system in which the Consider a CSMA/CD system in which the transmission rate on the bus is 10 Mτbits/s. The bus is 2 Km and the propagation delay is 5 μs/Km. Packets are 1000 bits long. Packets are 1000 bits long. Determine: Determine: i) The end-to-end delay d. ii) The packet duration T p iii) The ratio d /T p iv) The maximum utilization of the bus and the maximum bit rate.

133 MSc Telecommunications Questions by Professor R. A. Carrasco 1. Describe the evolution of the Internet and protocols for a communication network. 2. Explain the concept of a hub, bridge, router and modem for local area networks. 3. Explain the concept and protocols of Ethernet (IEEE 802.3), Token Bus (IEEE 820.4) and Token Ring (IEEE 802.5) 4. Describe how you can determine the utilisation for IEEE and prove 5. Give advantages and disadvantages of a wireless LAN 6. Describe the criteria for LAN design 7. Explain the architecture for IEEE 802.x, TCP/IP and ISO/OSI 8. Describe the OSI and TCP/IP model 9. Explain each feature of the IP datagram 10. Explain the Internet classes and give an example of how to design an IP address for a network

134 11. Explain the concept of ARP, RARP, DHCP and DNS 12. Explain IPv4 and IPv6 and how they differ 13. Explain TCP, TCP Client Ports, TCP Server Ports, Error Control, Flow Control and Congestion Control 14. Describe UDP 15. Explain the concept of TCP sockets and what their relation is with the different socket classes 16. Repeat for UDP 17. Give advantages and disadvantages of Voice over IP (VoIP) 18. Explain VoIP protocols and how they are related to each other 19. Give an overview of the IEEE 802 and IEEE working group 20. Give an example of an IEEE WLAN architecture and explain stations and access points 21. Explain how to determine the channel utilisation expression to evaluate the performance of IEEE b

135 22. Describe the concept of a fragment burst 23. Make comparisons between WiMax, WLAN and Bluetooth 24. For security in communication networks, describe private and public key cryptography for Internet browsers. 25. Why is the ALOHA project important in a broadcasting system? 26. Explain how to determine the ALOHA capacity and channel throughput

136 Wireless LANs Advantages Advantages Increased mobility of users Increased mobility of users Increased flexibility and fluidity, including ad-hoc networks Increased flexibility and fluidity, including ad-hoc networks Instant networking Instant networking Availability of LAN technology Availability of LAN technology A. S. TanenBaum, "Computer Networks," Pearson Education, 2003, pp [1]

137 Wireless LANs Disadvantages Disadvantages Higher Cost Higher Cost Lower Performance Lower Performance Lower Reliability (Variable Channel Characteristics) Lower Reliability (Variable Channel Characteristics) Multiple Standards Multiple Standards Poor Inherent Security Poor Inherent Security

138 LAN Design

139

140

141

142

143

144

145 IEEE Wireless LAN Draft Standard Professor R. A. Carrasco A. S. TanenBaum, "Computer Networks," Pearson Education, 2003, pp [1]

146 Introduction IEEE Draft 5.0 is a draft standard for Wireless Local Area Network (WLAN) communication. IEEE Draft 5.0 is a draft standard for Wireless Local Area Network (WLAN) communication. This tutorial is intended to describe the relationship between and other LANs, and to describe some of the details of its operation. This tutorial is intended to describe the relationship between and other LANs, and to describe some of the details of its operation. It is assumed that the audience is familiar with serial data communications, the use of LANs and has some knowledge of radios. It is assumed that the audience is familiar with serial data communications, the use of LANs and has some knowledge of radios.

147 Data Frame Address 1 Frame Control Duration Address 2 Address 3 Seq Address 4 Data Check- sum Bytes Version TypeSubtype To DS From DS MF Re- try PwrMore W O Bits Frame Control

148 Contents Glossary of Wireless Terms Glossary of Wireless Terms Overview Overview Media Access Control (MAC) Media Access Control (MAC) Frequency Hopping and Direct Sequence Spread Spectrum Techniques Frequency Hopping and Direct Sequence Spread Spectrum Techniques Physical Layer (PHY) Physical Layer (PHY) Security Security Performance Performance Inter Access Point Protocol Inter Access Point Protocol Implementation Support Implementation Support Raytheon Implementation Raytheon Implementation

149 Glossary of Wireless Terms Station (STA): A computer or device with a wireless network interface. Station (STA): A computer or device with a wireless network interface. Access Point (AP): Device used to bridge the wireless-wired boundary, or to increase distance as a wireless packet repeater. Access Point (AP): Device used to bridge the wireless-wired boundary, or to increase distance as a wireless packet repeater. Ad Hoc Network: A temporary one made up of stations in mutual range. Ad Hoc Network: A temporary one made up of stations in mutual range. Infrastructure Network: One with one or more Access Points. Infrastructure Network: One with one or more Access Points. Channel: A radio frequency band, or Infrared, used for shared communication. Channel: A radio frequency band, or Infrared, used for shared communication. Basic Service Set (BSS): A set of stations communicating wirelessly on the same channel in the same area, Ad Hoc or Infrastructure. Basic Service Set (BSS): A set of stations communicating wirelessly on the same channel in the same area, Ad Hoc or Infrastructure. Extended Service Set (ESS): A set BSSs and wired LANs with Access Points that appear as a single logical BSS. Extended Service Set (ESS): A set BSSs and wired LANs with Access Points that appear as a single logical BSS.

150 Glossary of Wireless Terms, cont. BSSID & ESSID: Data fields identifying a stations BSS & ESS. BSSID & ESSID: Data fields identifying a stations BSS & ESS. Clear Channel Assessment (CCA): A station function used to determine when it is OK to transmit. Clear Channel Assessment (CCA): A station function used to determine when it is OK to transmit. Association: A function that maps a station to an Access Point. Association: A function that maps a station to an Access Point. MAC Service Data Unit (MSDU): Data Frame passed between user & MAC. MAC Service Data Unit (MSDU): Data Frame passed between user & MAC. MAC Protocol Data Unit (MPDU): Data Frame passed between MAC & PHY. MAC Protocol Data Unit (MPDU): Data Frame passed between MAC & PHY. PLCP Packet (PLCP_PDU): Data Packet passed from PHY to PHY over the Wireless Medium. PLCP Packet (PLCP_PDU): Data Packet passed from PHY to PHY over the Wireless Medium.

151 Overview, IEEE 802, and Working Group IEEE Project 802 charter: IEEE Project 802 charter: Local & Metropolitan Area Networks Local & Metropolitan Area Networks 1Mb/s to 100Mb/s and higher 1Mb/s to 100Mb/s and higher 2 lower layers of 7 Layer OSI Reference Model 2 lower layers of 7 Layer OSI Reference Model IEEE Working Group scope: IEEE Working Group scope: Wireless connectivity for fixed, portable and moving stations within a limited area Wireless connectivity for fixed, portable and moving stations within a limited area Appear to higher layers (LLC) the same as existing 802 standards Appear to higher layers (LLC) the same as existing 802 standards Transparent support of mobility (mobility across router ports is being address by a higher layer committee) Transparent support of mobility (mobility across router ports is being address by a higher layer committee)

152 Overview, IEEE Committee Committee formed in 1990 Committee formed in 1990 Wide attendance Wide attendance Multiple Physical Layers Multiple Physical Layers Frequency Hopping Spread Spectrum Frequency Hopping Spread Spectrum Direct Sequence Spread Spectrum Direct Sequence Spread Spectrum Infrared Infrared 2.4GHz Industrial, Scientific & Medical shared unlicensed band 2.4GHz Industrial, Scientific & Medical shared unlicensed band 2.4 to GHz with FCC transmitted power limits 2.4 to GHz with FCC transmitted power limits 2Mb/s & 1Mb/s data transfer 2Mb/s & 1Mb/s data transfer 50 to 200 feet radius wireless coverage 50 to 200 feet radius wireless coverage Draft 5.0 Letter Ballot passed and forwarded to Sponsor Ballot Draft 5.0 Letter Ballot passed and forwarded to Sponsor Ballot Published Standard anticipated 1997 Published Standard anticipated 1997 Next November 11-14, Vancouver, BC Next November 11-14, Vancouver, BC Chairman - Victor Hayes, Chairman - Victor Hayes,

153 Overview, Architecture STA AP ESS BSS Existing Wired LAN Infrastructure Network Ad Hoc Network

154 Overview, Wired vs. Wireless LANs (Ethernet) uses CSMA/CD, Carrier Sense Multiple Access with 100% Collision Detect for reliable data transfer (Ethernet) uses CSMA/CD, Carrier Sense Multiple Access with 100% Collision Detect for reliable data transfer has CSMA/CA (Collision Avoidance) has CSMA/CA (Collision Avoidance) Large differences in signal strengths Large differences in signal strengths Collisions can only be inferred afterward Collisions can only be inferred afterward Transmitters fail to get a response Transmitters fail to get a response Receivers see corrupted data through a CRC error Receivers see corrupted data through a CRC error

155 Media Access Control Carrier Sense: Listen before talking Carrier Sense: Listen before talking Handshaking to infer collisions Handshaking to infer collisions DATA-ACK packets DATA-ACK packets Collision Avoidance Collision Avoidance RTS-CTS-DATA-ACK to request the medium RTS-CTS-DATA-ACK to request the medium Duration information in each packet Duration information in each packet Random Backoff after collision is determined Random Backoff after collision is determined Net Allocation Vector (NAV) to reserve bandwidth Net Allocation Vector (NAV) to reserve bandwidth Hidden Nodes use CTS duration information Hidden Nodes use CTS duration information

156 Media Access Control, cont. Fragmentation Fragmentation Bit Error Rate (BER) goes up with distance and decreases the probability of successfully transmitting long frames Bit Error Rate (BER) goes up with distance and decreases the probability of successfully transmitting long frames MSDUs given to MAC can be broken up into smaller MPDUs given to PHY, each with a sequence number for reassembly MSDUs given to MAC can be broken up into smaller MPDUs given to PHY, each with a sequence number for reassembly Can increase range by allowing operation at higher BER Can increase range by allowing operation at higher BER Lessens the impact of collisions Lessens the impact of collisions Trade overhead for overhead of RTS-CTSTrade overhead for overhead of RTS-CTS Less impact from Hidden NodesLess impact from Hidden Nodes

157 Media Access Control, cont Beacons used convey network parameters such as hop sequence Beacons used convey network parameters such as hop sequence Probe Requests and Responses used to join a network Probe Requests and Responses used to join a network Power Savings Mode Power Savings Mode Frames stored at Access Point or Stations for sleeping Stations Frames stored at Access Point or Stations for sleeping Stations Traffic Indication Map (TIM) in Frames alerts awaking Stations Traffic Indication Map (TIM) in Frames alerts awaking Stations

158 Protocol Stack Logical Link Control Infrared FHSS DSSS a OFDM b HR-DSSS g OFDM MAC Sub- layer Upper Layers Data Link Layer Physical Layer

159 Performance of IEEE802.11b MAC Header 30 Bytes CRC 4 Bytes MPDU DIFSBackoff PLCP Preamble PLCP Header MPDU SIFS PLCP Preamble Header Ack 14 Bytes Data

160 Performance of IEEE802.11b Successful transmission of a signal frame Successful transmission of a signal frame PLCP = physical layer convergence protocol preamble PLCP = physical layer convergence protocol preamble Header transmission time (varies according to the bit rate used by the host SIFS = 10 sec (Short Inter Frame Space) is the MAC acknowledgement transmission time (10 sec if the selected rate is 11Mb/sec, as the ACK length is 112 bits

161 Performance of IEEE802.11b DIFS = DIFS = = is the frame transmission time, when it transmits at 1Mb/s, the long PLCP header is used and = If it uses 2, 5.5 or 11 Mb/s, then =(Short PLCP header)

162 Performance of IEEE802.11b For bit rates greater than 1Mb/s and the frame size of 1500 Bytes of data (MPDU of total 1534 Bytes), proportion p of the useful throughput measured above the MAC layer will be: For bit rates greater than 1Mb/s and the frame size of 1500 Bytes of data (MPDU of total 1534 Bytes), proportion p of the useful throughput measured above the MAC layer will be: So, a signal host sending long frames over a 11Mb/s radio channel will have a maximum useful throughput of 7.74Mb/s So, a signal host sending long frames over a 11Mb/s radio channel will have a maximum useful throughput of 7.74Mb/s

163 Performance of IEEE802.11b If we neglect propagation time, the overall transmission time is composed of the transmission time and a constant overhead If we neglect propagation time, the overall transmission time is composed of the transmission time and a constant overhead Where the constant overhead

164 Performance of IEEE802.11b The overall frame transmission time experienced by a single host when competing with N – 1 other hosts has to be increased by time interval t cont that accounts for the time spent in contention procedures The overall frame transmission time experienced by a single host when competing with N – 1 other hosts has to be increased by time interval t cont that accounts for the time spent in contention procedures

165 Performance of IEEE802.11b So the overall transmission time Whereis the propagation of collision experienced for each packet successfully acknowledged at the MAC

166 Performance of IEEE802.11b Consider how the situation in which N hosts of different bit rate compete for the radio channel. N-1 hosts use the high transmission rate R = 11Mb/s and one host transmits at a degraded rate R = 5.5, 2, or 1Mb/s Consider how the situation in which N hosts of different bit rate compete for the radio channel. N-1 hosts use the high transmission rate R = 11Mb/s and one host transmits at a degraded rate R = 5.5, 2, or 1Mb/s Whereis the data frame length in bits

167 Performance of IEEE802.11b The MAC layer ACK frame is also sent at the rate that depends on the host speed, thus we denote by The MAC layer ACK frame is also sent at the rate that depends on the host speed, thus we denote by andthe associated overhead time Letbe the overall transmission time for a fast host transmitting at rate R

168 Performance of IEEE802.11b Similarly, let Ts be the corresponding time for a slow host transmitting at rate T: Similarly, let Ts be the corresponding time for a slow host transmitting at rate T: We can express the channel utilization of the slow host as where

169 Performance of IEEE802.11b Study: Study: The UDP traffic & The UDP traffic & TCP traffic. TCP traffic. Flows in IEEE WLANs Flows in IEEE WLANs

170 Frequency Hopping and Direct Sequence Spread Spectrum Techniques Spread Spectrum used to avoid interference from licensed and other non-licensed users, and from noise, e.g., microwave ovens Spread Spectrum used to avoid interference from licensed and other non-licensed users, and from noise, e.g., microwave ovens Frequency Hopping (FHSS) Frequency Hopping (FHSS) Using one of 78 hop sequences, hop to a new 1MHz channel (out of the total of 79 channels) at least every 400milliseconds Using one of 78 hop sequences, hop to a new 1MHz channel (out of the total of 79 channels) at least every 400milliseconds Requires hop acquisition and synchronization Requires hop acquisition and synchronization Hops away from interference Hops away from interference Direct Sequence (DSSS) Direct Sequence (DSSS) Using one of 11 overlapping channels, multiply the data by an 11- bit number to spread the 1M-symbol/sec data over 11MHz Using one of 11 overlapping channels, multiply the data by an 11- bit number to spread the 1M-symbol/sec data over 11MHz Requires RF linearity over 11MHz Requires RF linearity over 11MHz Spreading yields processing gain at receiver Spreading yields processing gain at receiver Less immune to interference Less immune to interference

171 Physical Layer Preamble Sync, 16-bit Start Frame Delimiter, PLCP Header including 16-bit Header CRC, MPDU, 32-bit CRC Preamble Sync, 16-bit Start Frame Delimiter, PLCP Header including 16-bit Header CRC, MPDU, 32-bit CRC FHSS FHSS 2 & 4GFSK 2 & 4GFSK Data Whitening for Bias Suppression Data Whitening for Bias Suppression 32/33 bit stuffing and block inversion 32/33 bit stuffing and block inversion 7-bit LFSR scrambler 7-bit LFSR scrambler 80-bit Preamble Sync pattern 80-bit Preamble Sync pattern 32-bit Header 32-bit Header DSSS DSSS DBPSK & DQPSK DBPSK & DQPSK Data Scrambling using 8-bit LFSR Data Scrambling using 8-bit LFSR 128-bit Preamble Sync pattern 128-bit Preamble Sync pattern 48-bit Header 48-bit Header

172 Physical Layer, cont. Antenna Diversity Antenna Diversity Multipath fading a signal can inhibit reception Multipath fading a signal can inhibit reception Multiple antennas can significantly minimize Multiple antennas can significantly minimize Spacial Separation of Orthoganality Spacial Separation of Orthoganality Choose Antenna during Preamble Sync pattern Choose Antenna during Preamble Sync pattern Presence of Preamble Sync pattern Presence of Preamble Sync pattern Presence of energy Presence of energy RSSI - Received Signal Strength IndicationRSSI - Received Signal Strength Indication Combination of both Combination of both Clear Channel Assessment Clear Channel Assessment Require reliable indication that channel is in use to defer transmission Require reliable indication that channel is in use to defer transmission Use same mechanisms as for Antenna Diversity Use same mechanisms as for Antenna Diversity Use NAV information Use NAV information

173 A Fragment Burst Frag1 ACK RTS Frag2Frag3 CTS ACK NAV A B C D Time Fragment Burst

174 Security Authentication: A function that determines whether a Station is allowed to participate in network communication Authentication: A function that determines whether a Station is allowed to participate in network communication Open System (null authentication) & Shared Key Open System (null authentication) & Shared Key WEP - Wired Equivalent Privacy WEP - Wired Equivalent Privacy Encryption of dataEncryption of data ESSID offers casual separation of traffic ESSID offers casual separation of traffic

175 Performance, Theoretical Maximum Throughput Throughput numbers in Mbits/sec: Throughput numbers in Mbits/sec: Assumes 100ms beacon interval, RTS, CTS used, no collision Assumes 100ms beacon interval, RTS, CTS used, no collision Slide courtesy of Matt Fischer, AMD Slide courtesy of Matt Fischer, AMD

176 Background for broadband wireless technologies UWB – Ultra Wide Band UWB – Ultra Wide Band High speed wireless personal area network High speed wireless personal area network Wi-Fi – Wireless fidelity Wi-Fi – Wireless fidelity Wireless technology for indoor environment (WLANS) Wireless technology for indoor environment (WLANS) broader range that WPANs broader range that WPANs WiMAX – Worldwide Interoperability for Microwave Access WiMAX – Worldwide Interoperability for Microwave Access Wireless Metropolitan Area Networks (WMANs) Wireless Metropolitan Area Networks (WMANs) For outdoor coverage in LOS and NLOS environment For outdoor coverage in LOS and NLOS environment Fixed and Mobile standards Fixed and Mobile standards 3G – Third generation 3G – Third generation Wireless Wide Area Networks (WMANs) are the broadest range wireless networks Wireless Wide Area Networks (WMANs) are the broadest range wireless networks High speed data transmission and greater voice capacity for mobile users High speed data transmission and greater voice capacity for mobile users Bluetooth - Bluetooth - A. S. TanenBaum, "Computer Networks," Pearson Education, 2003, pp [1]

177 What is WiMax? WiMAX is an IEEE802.16/ETSI HiperMAN based certificate for equipments fulfilling the interoperability requirements set by WiMAX Forum. WiMAX is an IEEE802.16/ETSI HiperMAN based certificate for equipments fulfilling the interoperability requirements set by WiMAX Forum. WiMAX Forum comprises of industry leaders who are committed to the open interoperability of all products used for broadband wireless access. WiMAX Forum comprises of industry leaders who are committed to the open interoperability of all products used for broadband wireless access. The technique or technology behind the standards is often referred as WiMAX The technique or technology behind the standards is often referred as WiMAX A. S. TanenBaum, "Computer Networks," Pearson Education, 2003, pp [1]

178 What is WiMax? Broadband is thus a Broadband Wireless Access (BWA) technique Broadband is thus a Broadband Wireless Access (BWA) technique WiMax offers fast broadband connections over long distances WiMax offers fast broadband connections over long distances The interpretability of different vendors product is the most important factor when comparing to the other techniques. The interpretability of different vendors product is the most important factor when comparing to the other techniques.

179 The IEEE Standards The IEEE standards family The IEEE standards family - broadband wireless wideband internet connection - wider coverage than any wired or wireless connection before Wireless system have the capacity to address broad geographic areas without the expensive wired infrastructure Wireless system have the capacity to address broad geographic areas without the expensive wired infrastructure For example, a study made in University of Oulu state that WiMax is clearly more cost effective solution for providing broadband internet connection in Kainuu than xDSL For example, a study made in University of Oulu state that WiMax is clearly more cost effective solution for providing broadband internet connection in Kainuu than xDSL

180 The IEEE Standards The IEEE standards family The IEEE standards family - broadband wireless wideband internet connection - wider coverage than any wired or wireless connection before Wireless system have the capacity to address broad geographic areas without the expensive wired infrastructure Wireless system have the capacity to address broad geographic areas without the expensive wired infrastructure For example, a study made in University of Oulu state that WiMax is clearly more cost effective solution for providing broadband internet connection in Kainuu than xDSL For example, a study made in University of Oulu state that WiMax is clearly more cost effective solution for providing broadband internet connection in Kainuu than xDSL

181 The IEEE Standards , published in April , published in April A set od air interfaces on a common MAC protocol - Addresses frequencies 10 to 66 GHz - Single carrier (SC) and only LOS a, published in January a, published in January A completed amendment that extends the physical layer to the 2 to 11 GHz both licensed and lincensed-exempt frequencies - SC, 256 point FFT OFDM and 2048 point FFT OFDMA - LOS and NLOS , published in July , published in July Revises and replaces , a and REVd. - This announcements marks a significant milestone in the development of future WiMax technology - P /Corl published on

182 IEEE : Broadband Wireless MAN Standard (WiMAX) An wireless service provides a communications path between a subscriber site and a core network such as the public telephone network and the Internet. This wireless broadband access standard provides the missing link for the "last mile" connection in metropolitan area networks where DSL, Cable and other broadband access methods are not available or too expensive. An wireless service provides a communications path between a subscriber site and a core network such as the public telephone network and the Internet. This wireless broadband access standard provides the missing link for the "last mile" connection in metropolitan area networks where DSL, Cable and other broadband access methods are not available or too expensive.

183 Comparison Overview of IEEE a Parameters a (WiMax) (WLAN) (Bluetooth) Frequency Band 2-11GHz2.4GHzVaries Range~31miles~100meters~10meters Data transfer rate 70 Mbps 11 Mbps – 55 Mbps 20Kbps – 55 Mbps Number of Users ThousandsDozensDozens IEEE and WiMAX are designed as a complimentary technology to Wi-Fi and Bluetooth. The following table provides a quick comparison of a with to b

184 Protocol Structure -IEEE : Standard (WiMAX) IEEE Protocol Architecture has 4 layers: Convergence, MAC, Transmission and physical, which can be map to two OSI lowest layers: physical and data link IEEE Protocol Architecture has 4 layers: Convergence, MAC, Transmission and physical, which can be map to two OSI lowest layers: physical and data link

185 Internet Security Prof. R. A. Carrasco School of Electrical, Electronic and Computer Engineering University of Newcastle-upon-Tyne

186 Overview Internet security is the practice of protecting and preserving private resources and information on the Internet. Internet security is the practice of protecting and preserving private resources and information on the Internet. Computer and network security are challenging topics among executives and managers of computer corporations. Computer and network security are challenging topics among executives and managers of computer corporations. Together, network security and a well-implemented security policy can provide a highly secure business solution. Together, network security and a well-implemented security policy can provide a highly secure business solution.

187 Introduction Elements of Networking Security: Elements of Networking Security: Orange Book Security Levels & Firewalls Orange Book Security Levels & Firewalls Passwords Passwords Encryption, Authentication & Integrity Encryption, Authentication & Integrity Developing a Site Security Policy Developing a Site Security Policy Violation Response Violation Response Other Security Resources Other Security Resources Conclusions Conclusions

188 Elements of Networking Security: Orange Book Security Levels & Firewalls Understand the need & outline a security policy relevant to any company. Understand the need & outline a security policy relevant to any company. Each business has a different threshold of well-being, different: Each business has a different threshold of well-being, different: assets/culture/technology infrastructure assets/culture/technology infrastructure requirements for storing/sending/communicating information requirements for storing/sending/communicating information Many strong tools available to secure a computer network: Many strong tools available to secure a computer network: Software applications, hardware products Software applications, hardware products These alone do not comprise a security policy, but are essential elements These alone do not comprise a security policy, but are essential elements

189 Elements of Networking Security: Orange Book Security Levels & Firewalls Protection tools evolved over last 2 decades Protection tools evolved over last 2 decades Protect network at many levels Protect network at many levels A well-guarded enterprise deploys many different security measures A well-guarded enterprise deploys many different security measures Elements of security Elements of security Physical Security: controlling access to most sensitive components e.g network administration, access to server room Physical Security: controlling access to most sensitive components e.g network administration, access to server room Operating System Security (OSS) Operating System Security (OSS) Used in UNIX and Microsoft Windows NTUsed in UNIX and Microsoft Windows NT C2 level: discretionary acces control file, control-file, directory read and write permission, and auditing and authentication controls.C2 level: discretionary acces control file, control-file, directory read and write permission, and auditing and authentication controls.

190 Orange Book Security Levels There are 7 levels of computer OSS in the Trusted Computer Standards Evaluation Criteria or Orange Book. There are 7 levels of computer OSS in the Trusted Computer Standards Evaluation Criteria or Orange Book. Levels are used to evaluate protection for hardware, software, and stored information. Levels are used to evaluate protection for hardware, software, and stored information. System is additive - higher ratings include the functionality of the levels below. System is additive - higher ratings include the functionality of the levels below. definition centres around access control, authentication, auditing, and levels of trust definition centres around access control, authentication, auditing, and levels of trust

191 Orange Book Security Levels D1: no security D1: no security C1: lowest level of security C1: lowest level of security File and directory read & write controls and authentication, root is insecure & auditing (system logging) is not available File and directory read & write controls and authentication, root is insecure & auditing (system logging) is not available C2 features an auditing function C2 features an auditing function records all security-related events & provides stronger protection on key system files, password file. records all security-related events & provides stronger protection on key system files, password file. B-rated: multilevel security, such as secret, top secret, and mandatory access control B-rated: multilevel security, such as secret, top secret, and mandatory access control B2:every object & file is labelled, labels change dynamically depending on what is being used. B2:every object & file is labelled, labels change dynamically depending on what is being used. B3: includes system hardware, terminals connect using trusted paths & specialised system hardware B3: includes system hardware, terminals connect using trusted paths & specialised system hardware A1: highest level of security A1: highest level of security Mathematically design verified Mathematically design verified large amounts of processing power & disk space. large amounts of processing power & disk space.

192 Firewalls In theory firewalls allow authorised communications between internal & external networks In theory firewalls allow authorised communications between internal & external networks Properly implemented, are very effective at keeping out unauthorised users & stopping unwanted activities on an internal network. Properly implemented, are very effective at keeping out unauthorised users & stopping unwanted activities on an internal network. Protect and facilitate network at a number of levels Protect and facilitate network at a number of levels allow , file transfer protocol (FTP) & remote login as desired, whilst limiting access to the internal network. allow , file transfer protocol (FTP) & remote login as desired, whilst limiting access to the internal network. Provide authorisation mechanism Provide authorisation mechanism assures only specified users or applications can gain access assures only specified users or applications can gain access address translation: masks name & address of a machine address translation: masks name & address of a machine e.g. messages for anyone in technical support department have their address translated to e.g. messages for anyone in technical support department have their address translated to encryption and virtual private network (VPN) capabilities. encryption and virtual private network (VPN) capabilities. Deployed in a network to segregate different servers & networks Deployed in a network to segregate different servers & networks controlling access within the network controlling access within the network e.g. separating the accounting and payroll server from the rest of the network to allow certain individuals to access the information. e.g. separating the accounting and payroll server from the rest of the network to allow certain individuals to access the information. Performance degradation: as a system is busy checking/rerouting data packets, latency is increased. Performance degradation: as a system is busy checking/rerouting data packets, latency is increased.

193 Elements of Networking Security: Passwords Password Mechanisms Password Mechanisms identify and authenticate users as they access a computer system identify and authenticate users as they access a computer system A password can be compromised: A password can be compromised: Eavesdroppers can listen for a username password & gain access over a public network Eavesdroppers can listen for a username password & gain access over a public network A potential intruder can attack the access gateway, entering an entire dictionary of words (or license plates or any other list) against a password field. A potential intruder can attack the access gateway, entering an entire dictionary of words (or license plates or any other list) against a password field. Users may loan their password to a co-worker or inadvertently leave out a list of system passwords Users may loan their password to a co-worker or inadvertently leave out a list of system passwords Password technologies & tools to make a network more secure. Password technologies & tools to make a network more secure. Useful in ad hoc remote access situations, Useful in ad hoc remote access situations, one-time password generation assumes that a password will be compromised. one-time password generation assumes that a password will be compromised. Before leaving the internal network, a list of passwords that will work only one time against a given username is generated. Before leaving the internal network, a list of passwords that will work only one time against a given username is generated. When logging into the system remotely, a password is used once and then will no longer be valid. When logging into the system remotely, a password is used once and then will no longer be valid.

194 Elements of Networking Security: Passwords Password Aging & Policy Enforcement Password Aging & Policy Enforcement users required to create new passwords every so often users required to create new passwords every so often passwords must be a minimum number of characters and a mix of letters & numbers passwords must be a minimum number of characters and a mix of letters & numbers Smart cards provide extremely secure password protection Smart cards provide extremely secure password protection Unique passwords, based on a challenge-response scheme, are created on a small credit-card device Unique passwords, based on a challenge-response scheme, are created on a small credit-card device The password is then entered as part of the log-on process and validated against a password server, which logs all access to the system The password is then entered as part of the log-on process and validated against a password server, which logs all access to the system Expensive to implement. Expensive to implement.

195 Elements of Networking Security: Passwords Single sign-on overcomes the ultimate irony in system security: Single sign-on overcomes the ultimate irony in system security: as a user gains more passwords, these become less secure, not more, and the system opens itself up for unauthorised access. as a user gains more passwords, these become less secure, not more, and the system opens itself up for unauthorised access. Many company computer networks require users to have different passwords to access different parts of the system Many company computer networks require users to have different passwords to access different parts of the system As users acquire more passwords (some have more than 50) they cannot help but write them down or create easy-to-remember passwords. As users acquire more passwords (some have more than 50) they cannot help but write them down or create easy-to-remember passwords. A single sign-on system is a centralised access control list which determines who is authorised to access different areas of the computer network & a mechanism for providing the expected password A single sign-on system is a centralised access control list which determines who is authorised to access different areas of the computer network & a mechanism for providing the expected password A user need only remember a single password to sign onto the system. A user need only remember a single password to sign onto the system.

196 Elements of Networking Security: Good password procedures Do not use your login name in any form (as is, reversed, capitalised, doubled, etc.). Do not use your login name in any form (as is, reversed, capitalised, doubled, etc.). Do not use your first, middle, or last name in any form or use your spouses or childrens names. Do not use your first, middle, or last name in any form or use your spouses or childrens names. Do not use other information easily obtained about you. This includes license plate numbers, telephone numbers, social security numbers, the make of your automobile, the name of the street you live on, etc. Do not use other information easily obtained about you. This includes license plate numbers, telephone numbers, social security numbers, the make of your automobile, the name of the street you live on, etc. Do not use a password of all digits or all the same letter. Do not use a password of all digits or all the same letter. Do not use a word contained in English or foreign language dictionaries, spelling lists, or other lists of words. Do not use a word contained in English or foreign language dictionaries, spelling lists, or other lists of words. Do not use a password shorter than six characters. Do not use a password shorter than six characters. Do use a password with mixed-case alphabetics. Do use a password with mixed-case alphabetics. Do use a password with non-alphabetic characters (digits or punctuation). Do use a password with non-alphabetic characters (digits or punctuation). Do use a password that is easy to remember, so you dont have to write it down. Do use a password that is easy to remember, so you dont have to write it down.

197 Elements of Networking Security: Encryption, Authentication & Integrity the coding of data through an algorithm or transform table into apparently unintelligible garbage the coding of data through an algorithm or transform table into apparently unintelligible garbage used on both data stored on a server or as data is communicated through a network used on both data stored on a server or as data is communicated through a network a method of ensuring privacy of data and that only intended users may view the information a method of ensuring privacy of data and that only intended users may view the information Many forms: Many forms: The digital encryption standard (DES) has been endorsed by the National Institute of Standards and Technology (NIST) since 1975 and is the most readily available encryption standard. One major drawback with DES is that it is subject to U. S. export control; programs that deploy DES technology are generally not available for export from the United States. The digital encryption standard (DES) has been endorsed by the National Institute of Standards and Technology (NIST) since 1975 and is the most readily available encryption standard. One major drawback with DES is that it is subject to U. S. export control; programs that deploy DES technology are generally not available for export from the United States.

198 Elements of Networking Security: Encryption, Authentication & Integrity Rivest, Shamir, and Adleman (RSA) encryption is a public-key encryption system, is patented technology in the United States, and thus is not available without a license. Rivest, Shamir, and Adleman (RSA) encryption is a public-key encryption system, is patented technology in the United States, and thus is not available without a license. the DES algorithm was published before the patent filing, and RSA encryption may be used in Europe and Asia without a royalty. the DES algorithm was published before the patent filing, and RSA encryption may be used in Europe and Asia without a royalty. growing in popularity growing in popularity considered quite secure from brute force attacks. considered quite secure from brute force attacks. Emerging encryption mechanism is pretty good privacy (PGP) Emerging encryption mechanism is pretty good privacy (PGP) allows users to encrypt information stored on their system as well as to send and receive encrypted allows users to encrypt information stored on their system as well as to send and receive encrypted provides tools and utilities for creating, certifying, and managing keys provides tools and utilities for creating, certifying, and managing keys PGP should not be confused with privacy enhanced mail (PEM), a protocol standard. PGP should not be confused with privacy enhanced mail (PEM), a protocol standard.

199 Elements of Networking Security: Encryption, Authentication & Integrity Encryption mechanisms rely on keys or passwords Encryption mechanisms rely on keys or passwords The longer the password, the more difficult the encryption is to break The longer the password, the more difficult the encryption is to break DES relies on a 56-bit key length, and some mechanisms have keys that are hundreds of bits long DES relies on a 56-bit key length, and some mechanisms have keys that are hundreds of bits long There are two kinds of encryption mechanisms used - private key and public key There are two kinds of encryption mechanisms used - private key and public key Private-key: the same key is used to encode and decode the data Private-key: the same key is used to encode and decode the data Public-key: one key is used to encode the data and another to decode it Public-key: one key is used to encode the data and another to decode it Named after a unique property of this type of encryption mechanism: one of the keys can be public without compromising the privacy of the message or the other key. Named after a unique property of this type of encryption mechanism: one of the keys can be public without compromising the privacy of the message or the other key. A trusted recipient, or a remote office network gateway, keeps a private key to decode data as it comes from the main office A trusted recipient, or a remote office network gateway, keeps a private key to decode data as it comes from the main office VPNs employ encryption to provide secure transmissions over public networks such as the Internet. VPNs employ encryption to provide secure transmissions over public networks such as the Internet.

200 Elements of Networking Security: Encryption, Authentication & Integrity Authentication is making sure users are who they say they are Authentication is making sure users are who they say they are Integrity is knowing that the data sent has not been altered along the way Integrity is knowing that the data sent has not been altered along the way Of course, a message modified in any way would be highly suspect and should be completely discounted. Of course, a message modified in any way would be highly suspect and should be completely discounted. Digital signatures used to maintain message integrity Digital signatures used to maintain message integrity performs both an authentication and message integrity function performs both an authentication and message integrity function a block of data at the end of a message that verifies to the authenticity of the file. a block of data at the end of a message that verifies to the authenticity of the file. If any change is made to the file, the signature will not verify If any change is made to the file, the signature will not verify Available in PGP and when using RSA encryption. Available in PGP and when using RSA encryption. Kerberos: an add-on system used with any existing network. Kerberos: an add-on system used with any existing network. validates a user through its authentication system and uses DES when communicating sensitive information validates a user through its authentication system and uses DES when communicating sensitive information

201 Developing a Site Security Policy Rule 1: that which is not expressly permitted is prohibited Rule 1: that which is not expressly permitted is prohibited A security policy should deny access to all network resources and then add back access on a specific basis A security policy should deny access to all network resources and then add back access on a specific basis Goal: define the organisation's expectations for proper computer & network use & to define procedures to prevent and respond to security incidents Goal: define the organisation's expectations for proper computer & network use & to define procedures to prevent and respond to security incidents Specific aspects of the organisation must be considered & agreed upon by the policy-making group Specific aspects of the organisation must be considered & agreed upon by the policy-making group A military base may have very different security concerns from those of a university A military base may have very different security concerns from those of a university Even departments within the same organisation will have different requirements Even departments within the same organisation will have different requirements

202 Developing a Site Security Policy Who will make the network site security policy??? Who will make the network site security policy??? joint effort by a representative group of decision-makers, technical personnel, and day-to-day users from different levels within the organization. joint effort by a representative group of decision-makers, technical personnel, and day-to-day users from different levels within the organization. Decision-makers: power to enforce the policy Decision-makers: power to enforce the policy Technical personnel: advise on the ramifications of the policy Technical personnel: advise on the ramifications of the policy Day-to-day users: have a say in how usable the policy is. Day-to-day users: have a say in how usable the policy is. A site security policy that is unusable, un-implementable, or unenforceable is worthless. A site security policy that is unusable, un-implementable, or unenforceable is worthless. Developing a security policy comprises Developing a security policy comprises identifying the organisational assets identifying the organisational assets identifying the threats identifying the threats assessing the risk assessing the risk implementing the tools and technologies available to meet the risks implementing the tools and technologies available to meet the risks developing a usage policy. developing a usage policy. Auditing procedure: reviews network and server usage Auditing procedure: reviews network and server usage Policy should be communicated to everyone who uses the computer network. Policy should be communicated to everyone who uses the computer network.

203 Developing a Site Security Policy: Identifying organisational assets Create a list of things to be protected, which is easily & regularly updated: Create a list of things to be protected, which is easily & regularly updated: Hardware - CPUs, boards, keyboards, terminals, workstations, personal computers, printers, disk drives, communication lines, terminal servers, routers Hardware - CPUs, boards, keyboards, terminals, workstations, personal computers, printers, disk drives, communication lines, terminal servers, routers Software - source programs, object programs, utilities, diagnostic programs, operating systems, communication programs Software - source programs, object programs, utilities, diagnostic programs, operating systems, communication programs Data - during execution, stored on-line, archived off-line, backups, audit logs, databases, in transit over communication media Data - during execution, stored on-line, archived off-line, backups, audit logs, databases, in transit over communication media Documentation - on programs, hardware, systems, and local administrative procedures Documentation - on programs, hardware, systems, and local administrative procedures

204 Developing a Site Security Policy: Assessing the risk The loss from people within the organisation is significantly greater than that from intruders. The loss from people within the organisation is significantly greater than that from intruders. Risk analysis: what must be protected, from what it must be protected, and how to protect it. Possible risks to a network include the following: Risk analysis: what must be protected, from what it must be protected, and how to protect it. Possible risks to a network include the following: unauthorised access unauthorised access unavailable service, corruption of data, or a slowdown due to a virus unavailable service, corruption of data, or a slowdown due to a virus disclosure of sensitive information, especially that which gives someone else a particular advantage, or theft of information such as credit card information disclosure of sensitive information, especially that which gives someone else a particular advantage, or theft of information such as credit card information Weight the risk against the importance of the resource Weight the risk against the importance of the resource allows site policy makers to determine how much effort should be spent protecting the resource. allows site policy makers to determine how much effort should be spent protecting the resource. Security analysis tool for auditing networks (SATAN): a tool that hackers use in order to find system weaknesses. Security analysis tool for auditing networks (SATAN): a tool that hackers use in order to find system weaknesses. Discover weaknesses before the fact, protective action implemented to fend off certain attacks. Discover weaknesses before the fact, protective action implemented to fend off certain attacks.

205 Developing a Site Security Policy: Auditing & review To determine if there is a violation of a security policy: To determine if there is a violation of a security policy: use tools that are included in computers and networks use tools that are included in computers and networks Most operating systems store numerous bits of information in log files: Most operating systems store numerous bits of information in log files: Examine log files on a regular basis Examine log files on a regular basis Compare lists of currently logged in users and histories Compare lists of currently logged in users and histories Users typically log in & out at the same time each day. An account logged in outside the normal time may be being used by an intruder. Users typically log in & out at the same time each day. An account logged in outside the normal time may be being used by an intruder. Accounting records can be used to determine usage patterns Accounting records can be used to determine usage patterns unusual accounting records unusual accounting records UNIX "syslog" utility: checked for unusual error messages from system software UNIX "syslog" utility: checked for unusual error messages from system software A large number of failed login attempts in a short period of time may indicate someone trying to guess passwords. A large number of failed login attempts in a short period of time may indicate someone trying to guess passwords. Operating system commands that list currently executing processes can be used to detect users running programs they are not authorised to use, as well as to detect unauthorized programs that have been started by an intruder. Operating system commands that list currently executing processes can be used to detect users running programs they are not authorised to use, as well as to detect unauthorized programs that have been started by an intruder.

206 Violation Response Planning responses for different violation scenarios Planning responses for different violation scenarios Define actions based on the type of violation and have solutions ready based on the anticipated kind of user violating the computer security policy. Define actions based on the type of violation and have solutions ready based on the anticipated kind of user violating the computer security policy. Answers to the following questions should be a part of a company's site security plan: Answers to the following questions should be a part of a company's site security plan: What outside agencies should be contacted, by whom? What outside agencies should be contacted, by whom? Who may talk to the press? Who may talk to the press? When to contact law enforcement and investigative agencies? When to contact law enforcement and investigative agencies? If a connection is made from a remote site, is the system manager authorised to contact that site? If a connection is made from a remote site, is the system manager authorised to contact that site? What are our responsibilities to our neighbours and other Internet sites? Whenever a site suffers an incident that may compromise computer security, the strategies for reacting may be influenced by two opposing pressures. What are our responsibilities to our neighbours and other Internet sites? Whenever a site suffers an incident that may compromise computer security, the strategies for reacting may be influenced by two opposing pressures.

207 Violation Response There are two different strategies: Protect & Proceed or Pursue & Prosecute. There are two different strategies: Protect & Proceed or Pursue & Prosecute. Protect & Proceed – used if a site is vulnerable Protect & Proceed – used if a site is vulnerable Protects & preserves site facilities Protects & preserves site facilities Provide normality to users as quickly as possible Provide normality to users as quickly as possible Attempt to interfere with intruders processes, prevent further access & begin immediate damage assessment & recovery. Attempt to interfere with intruders processes, prevent further access & begin immediate damage assessment & recovery. Shuts down facilities, closes off access to network. Shuts down facilities, closes off access to network. Unless intruders are identified, they can revisit the site via a different path. Unless intruders are identified, they can revisit the site via a different path. Pursue & Prosecute - opposite philosophy Pursue & Prosecute - opposite philosophy

208 Violation Response: Protect & proceed if assets are not well protected if assets are not well protected if continued penetration could result in great financial risk if continued penetration could result in great financial risk if there is no possibility or willingness to prosecute if there is no possibility or willingness to prosecute if user base is unknown if user base is unknown if users are unsophisticated and their work is vulnerable if users are unsophisticated and their work is vulnerable if the site is vulnerable to lawsuits from users, e.g., if their resources are undermined if the site is vulnerable to lawsuits from users, e.g., if their resources are undermined

209 Violation Response: Pursue & prosecute if assets and systems are well protected if assets and systems are well protected if good backups are available if good backups are available if the risk to the assets is outweighed by the disruption caused by the present and potential future penetrations if the risk to the assets is outweighed by the disruption caused by the present and potential future penetrations if this is a concentrated attack occurring with great frequency and intensity if this is a concentrated attack occurring with great frequency and intensity if the site has a natural attraction to intruders and consequently regularly attracts intruders if the site has a natural attraction to intruders and consequently regularly attracts intruders if the site is willing to incur the financial (or other) risk to assets by allowing the perpetrator to continue if the site is willing to incur the financial (or other) risk to assets by allowing the perpetrator to continue if intruder access can be controlled if intruder access can be controlled if the monitoring tools are sufficiently well developed to make the pursuit worthwhile if the monitoring tools are sufficiently well developed to make the pursuit worthwhile

210 Violation Response: Pursue & prosecute if the support staff is sufficiently clever and knowledgeable about the operating system, related utilities, and systems to make the pursuit worthwhile if the support staff is sufficiently clever and knowledgeable about the operating system, related utilities, and systems to make the pursuit worthwhile if management is willing to prosecute if management is willing to prosecute if the system administrators know what kind of evidence would lead to prosecution if the system administrators know what kind of evidence would lead to prosecution if there is established contact with knowledgeable law enforcement if there is established contact with knowledgeable law enforcement if there is a site representative versed in the relevant legal issues if there is a site representative versed in the relevant legal issues if the site is prepared for possible legal action from its own users if their data or systems become compromised during the pursuit if the site is prepared for possible legal action from its own users if their data or systems become compromised during the pursuit

211 Violation Response: Capturing lessons learned Once you believe that a system has been restored to a safe state: Once you believe that a system has been restored to a safe state: possibility that holes and even traps could be lurking possibility that holes and even traps could be lurking system should be monitored for items that may have been missed during the clean-up stage. system should be monitored for items that may have been missed during the clean-up stage. It would be prudent to utilise some of the tools previously mentioned It would be prudent to utilise some of the tools previously mentioned These tools do not replace continual system monitoring and good systems administration procedures These tools do not replace continual system monitoring and good systems administration procedures A security log can be most valuable during this phase of removing vulnerabilities. A security log can be most valuable during this phase of removing vulnerabilities.

212 Violation Response: Capturing lessons learned There are two considerations here, keep logs of: There are two considerations here, keep logs of: Procedures that have been used to make the system secure again. This should include command procedures (e.g., shell scripts) that can be run on a periodic basis to recheck the security. Procedures that have been used to make the system secure again. This should include command procedures (e.g., shell scripts) that can be run on a periodic basis to recheck the security. Important system events. These can be referenced when trying to determine the extent of the damage of a given incident. Important system events. These can be referenced when trying to determine the extent of the damage of a given incident. Write a report after an incident Write a report after an incident describing the incident describing the incident method of discovery method of discovery correction procedure correction procedure monitoring procedure monitoring procedure a summary of lessons learned a summary of lessons learned

213 Other Security Resources Books Books Chapman, D. Brent and Elizabeth D. Zwicky. Building Internet Firewalls. O'Reilly and Associates, Inc., Chapman, D. Brent and Elizabeth D. Zwicky. Building Internet Firewalls. O'Reilly and Associates, Inc., Garfinkel, Simson. PGPPretty Good Privacy. O'Reilly and Associates, Inc., Garfinkel, Simson. PGPPretty Good Privacy. O'Reilly and Associates, Inc., Garfinkel, Simson and Gene Spafford. Practical UNIX Security. O'Reilly and Associates, Inc., Garfinkel, Simson and Gene Spafford. Practical UNIX Security. O'Reilly and Associates, Inc., Siyan, Karanjit and Chris Hare. Internet Firewalls and Network Security. New Riders Publishing, Siyan, Karanjit and Chris Hare. Internet Firewalls and Network Security. New Riders Publishing, Vacca, John. Internet Security Secrets. IDG Books, Vacca, John. Internet Security Secrets. IDG Books, Security newsgroups & mailing lists available on the USENET news system: Security newsgroups & mailing lists available on the USENET news system: comp.security.announce comp.security.announce comp.security.misc comp.security.misc comp.security.unix comp.security.unix alt.security alt.security misc.security misc.security

214 Other Security Resources The Bugtraq list discusses security holes & software bugs The Bugtraq list discusses security holes & software bugs To subscribe, send to In the body of the message include the following line: subscribe bugtraq-list firstname lastname. To subscribe, send to In the body of the message include the following line: subscribe bugtraq-list firstname Computer Emergency Response Team (CERT) is an organisation that helps Internet users identify and rectify damage done to their system by hackers and crackers. Computer Emergency Response Team (CERT) is an organisation that helps Internet users identify and rectify damage done to their system by hackers and crackers. To subscribe to the CERT advisory mailing list, send to and put the following in the body of the message: subscribe cert firstname lastname. To subscribe to the CERT advisory mailing list, send to and put the following in the body of the message: subscribe cert firstname lastname. CERT also maintains a CERT–TOOLS list for the purpose of exchanging information on tools and techniques that increase the secure operation of Internet systems. CERT also maintains a CERT–TOOLS list for the purpose of exchanging information on tools and techniques that increase the secure operation of Internet systems. To subscribe, send to and put the following in the body of the message: subscribe cert- tools firstname lastname. To subscribe, send to and put the following in the body of the message: subscribe cert- tools firstname

215 Glossary CERT: computer emergency response team CERT: computer emergency response team CPU: central processing unit CPU: central processing unit DES: digital encryption standard DES: digital encryption standard DOD: U.S. Department of Defence DOD: U.S. Department of Defence FTP: file transfer protocol FTP: file transfer protocol NIST: National Institute of Standards and Technology NIST: National Institute of Standards and Technology OSS: operating system security OSS: operating system security PEM: privacy enhanced mail PEM: privacy enhanced mail PGP: pretty good privacy PGP: pretty good privacy RFC: request for comment RFC: request for comment SATAN: security analysis tool for auditing networks SATAN: security analysis tool for auditing networks VPN: virtual private network VPN: virtual private network


Download ppt "MSc WLAN, IP/TCP and COMM NETWORK Topics By Prof R A Carrasco School of Electrical,Electronic and Computer Engineering University of Newcastle Upon Tyne."

Similar presentations


Ads by Google