Introduction
A network is a group of things that are connected together. In a computer network, the things that are connected are computers, of course. A computer network can be as small as two computers but there is no maximum size, and many networks have hundreds or thousands of computers.
There are three main reasons for connecting computers in a network:
1. Share information. This can be messages such as e-mail, or it can be files that are stored on one computer and used by someone at a different computer.
2. Share resources. A printer that can be accessed from different computer systems is a shared resource. So is an Internet connection used by more than one computer.
3. Centralized control. In most offices, the management determines what the computers may be used for and what kind of resources and support they need. This is much easier to deal with if the computers are connected.
Types of Networks
Just as there is no limit to the number of systems in a network, there is also no limit to the geographical size of a network. As a practical matter though, there are some structural differences between a network of computers all in the same room, and a network connecting computers in Los Angeles to ones in Sydney Australia.
The most common network includes computers that are close together, usually in the same building or office. This is called a Local Area Network, abbreviated LAN.
The computers in a LAN are usually connected with cable made up of pairs of wires, but faster (and more expensive) cables are made from glass fibers, called fiber optic cable. A network may even use radio waves, in which case it is a wireless LAN.
When the computers being connected are far apart, typically in different cities, it is called a WAN or Wide Area Network. The connection is usually done with special high-speed lines leased from the phone company, but it is also possible to connect over an ordinary phone line using a device called a modem. It’s slow, but possible. Accessing a network through a phone line and modem is called a dial-up connection.
The biggest of all networks is the Internet. The backbone of the Internet consists of powerful computers all over the world with high-speed connections between them. Individual computers such as yours then connect to this backbone through an Internet Service Provider or ISP.
Ethernet
Most LANs in existence today use a technology called Ethernet. In an Ethernet network, every piece of information put on the network is seen by every other computer on the network, and each computer must determine if that information is meant for itself.
To make this work, before the information goes out on the network it is first broken up into small pieces called packets, and each packet has added to it the address of the computer that should receive it. The part of the packet containing the address is called the header.
Header
Packet diagramThen, each computer looks at the address on each packet that comes by on the network cable, and copies the ones that have the right address. The computer that sent the packet is called the source, and the one that is supposed to receive it is called the destination.
Network ConnectionsWhen a packet comes out of the computer that originated it, that packet must have a complete electrical path to every other computer. The simplest way to do this is to have a cable that goes from one computer to the next until it has connected to each one. This is called a bus network.
Bus NetworkA bus network is the simplest to explain and draw, but it’s not often the simplest one to use, especially if computers are distributed around various offices in a building, and then get added, taken away, moved around and so forth.
A much more practical way to connect more than a couple of systems is to connect each one to a device called a hub. Each system has a cable that goes from it to the hub, and inside the hub an electrical connection is made between all of the cables. Each place where a cable plugs into the hub is called a port.
5-port hub ports
To create larger networks, hubs can use one or more of their connections to connect to other hubs. This is called a star network, but as far as the electrical signals are concerned, they go from one computer to every other computer, no different than the bus network.
3-hub star network
When networks get really big, with 100s of systems or more, it’s no longer such a good idea to have each computer look at every packet, because almost none of the packets will be for that computer. The large network can be broken up into smaller groups called subnets, and these are connected with a device called a data switch, or just a switch.
Within each subnet, all of the computers still see every packet, and so does the switch. Normally the switch won’t pass those packets on to the other subnets, but if the packet has an address for a destination in another subnet, the switch will pass the packet to the port for that subnet. All of the systems in that subnet will then see the packet, including the system it is actually addressed to. In order to know where to send a packet, the switch must have a table of addresses for each subnet.
Switch with 4 subnetsThe simplest form of a switch is called a bridge, and it connects just two subnets. A bridge only needs two ports then, one for each of the subnets.
Sometimes a network will be so big and complex that one switch isn’t enough to connect all of the subnets. In that case the subnet receiving a packet might be connected to a different switch than the subnet where the packet started. This is a more complicated problem, because the switch would need to know not only the packet’s destination, but also where to send it next to make sure it got there.
For this, a smarter device is needed, called a router. The router needs to know not only the subnet addresses, but also the best path, or route, to get from one to another.
Route path diagramOne place where routers are used in a big way is the Internet. If you send a message on the Internet, it might go through many routers before it reaches its destination. And when you surf to a website, all of the graphics and text showing up on your screen had to go through routers to find their way from the web site to your computer.
By the way, every LAN that connects to the Internet becomes a subnet of the Internet, even if it has its own internal subnets.
Clients and Servers
In addition to the various ways networked systems can be physically connected, there are two basic ways that network activities can be arranged. In one, all of the computers have equal status. This is called peer-to-peer, because a peer means someone (or something) that is the equal of another. Peer-to-peer is used mostly in very small networks of less than a dozen systems.
The more common arrangement is called client-server. One system, called the server, is responsible for a particular activity or resource. The other systems are called clients, and they go through the server when they want to use the function or resource that the server is responsible for.
Some of the things servers are commonly used for include network administration, e-mail, printers, file storage, and Internet access. Often several of these functions will be combined into one machine. There is no rule that says a network server and a print server can’t be the same system.
print server
There is also no rule that says a server must serve the entire network. It is usually convenient to have a separate network server for each subnet. There are other divisions that can occur even within a subnet. Computers that need to share the same resources can be organized into workgroups. With the Windows NT operating system, the LAN can be divided into sections called domains, and each domain needs its own server called a domain controller.
Protocols
A protocol is an agreed-upon standard for how something will be done. When your mother taught you to chew with your mouth closed and keep your elbows off the table, that was a protocol for proper dining. Computer protocols are the rules for connecting with other computers and exchanging information with them.
Ethernet is a protocol. Earlier we called it a technology, but it is also a set of rules for how that technology is used. If each piece of hardware and software complies with the rules, then information can be correctly transferred from one from one system to another in a LAN.
There are many protocols used in networking. There are some protocols that are used together with other protocols, where each one takes care of different aspects of networking. Sometimes two protocols do the same thing in different ways, and it is necessary to choose one or the other. The important thing is that both systems trying to communicate with each other have matching protocols that they can use.
TCP/IP
One very important set of protocols is called TCP/IP. It is important because it is what the creators of the Internet decided would be used for that particular network, which means that any computer that wants to connect to the Internet must also use TCP/IP. TCP/IP stands for Transmission Control Protocol / Internet Protocol.
TCP/IP is actually in two parts. The TCP portion covers the agreements between systems about how they will carry on their ‘conversation’, and the IP portion deals with addressing the packets and routing them.
The TCP part all happens in the background and we don’t really need to concern ourselves with it under normal circumstances. However, in a network that uses TCP/IP, every system must have a unique IP address, and that is something that requires human intervention in one way or another.
IP Addresses
An IP address is made up of four sets of numbers separated by periods. An example is:
192.168.42.122
Each of these sets of numbers is called an octet, because they started out as 8-digit binary numbers. By changing them into 3-digit decimal numbers, the whole address is shorter and easier to remember. The highest value for any octet is 255, because the highest number you can make with eight binary digits is equal to 255 in decimal.
In most networks, the first three octets are the same for all systems, and the last octet is different for every machine. If there are more than 255 computers in a network, it is usually divided into smaller subnets.
Static or Dynamic?
There are two ways to associate a unique IP address to a specific computer. One way is for the administrator to assign a number, which stays the same unless somebody decides to change it some day. That number is then a static IP address.
The other way is to assign a group of addresses to a server, and let the server hand them out as needed to any system that wants to communicate on the network. This produces a dynamic IP address. It is sometimes important to know which method is in use on a network, because with dynamic addressing, the IP address of a machine may be different each time you try to communicate with it.
Computer Names
The example address 192.168.42.122 is only one digit longer than a phone number with area code, but that’s plenty long enough to give most of us a hard time. It’s much easier for people to remember a name instead of a number, and for this reason computers in a network are also given a unique name. It may be something mundane like Sales14, but at least it’s a name and not a number.
This is not only easier to remember, but it solves the problem of a dynamic address that changes all the time, because the computer name doesn’t normally change. It does create another problem though, because the computers use only the addresses and not the names to keep track of each other. Fortunately there is a part of the TCP/IP protocol called address resolution, and it matches up the names and addresses so things keep rolling smoothly along.
Security
The problem with connecting computers to the Internet is that they are then sharing a network with many other computers from all over the world, and the users of some of those other computers are not such nice folks. Protecting the network and the information on it is one of the most important parts of a network administrator’s job.
Encryption
One way to protect information is to scramble it so that it appears to be gibberish unless someone has the right ‘key’ to unscramble it. Scrambling it is called encryption, and unscrambling it is called decryption. There are many ways to encrypt information, and of course just as many keys to decrypt it.
Encrypting and decrypting information slows things down a bit, so a decision must be made about when to use it. For packets going around the LAN, it depends on how likely it is that someone will gain unauthorized access to the LAN, called hacking. It also depends on how much damage would be done if that happened. If the threat is severe, encryption can be done not only on the transmitted packets but also to information stored on the disk drive.
For information going over the Internet, encryption is much more important unless it’s all right for the whole world to see the information. If you send your credit card number to a vendor, you must trust that vendor to encrypt and safeguard the information.
Virus Software
A computer virus is a little program that makes copies of itself to send to other computers. It’s very similar in some ways to contagious germs spreading a disease from one person to the next. And like diseases, some of these computer viruses have some really nasty side effects, like wiping out important files in the operating system or filling up the hard drive with garbage data.
As we will discuss a little later, there are ways to keep these virus programs from getting to your computer, but they are not foolproof. A lot of viruses come in attached to e-mail, and then they will mail copies of themselves to everyone in your e-mail address folder. You can’t completely block them without blocking e-mail, and most of us like to get e-mail from our friends and coworkers.
The most important prevention for viruses is to have a good anti-virus program installed on your computer. Norton, McCaffey and Panda are probably the most popular. The next most important thing is to keep the anti-virus software up-to-date, because the delinquents who write virus software are always coming up with new tricks, and the anti-virus companies are just as quickly coming up with new versions to stop them.
Access Control
If you have ever had a computer that was connected to a local area network, you almost certainly had to type in a user name and password to get network access. It’s two forms of ID, just like when you cash a check at department store.
The network administrator used that identification information to determine what you could and couldn’t do on the network. And there may have been additional passwords to access the company’ customer database, employee payroll records, or files stored on someone else’s computer.
Here are a few tips about passwords:
1. First, if you share files on your computer, use password protection for them even if they are available to everyone in the network. That way they can’t be tampered with if a hacker breaks in.
2. In choosing a password, never use your name, your birthday or other obvious personal information. The best is a random combination of letters and numbers.
3. Commit the password to memory, and if you must write it down, hide it. A password written on a post-it note stuck to your monitor is probably worse than no password at all.
4. Don’t give your password to someone you don’t know personally just because they claim to be tech support, the phone company, the police or your long-lost Aunt Matilda. Refer them to the network administrator, or better yet, get their phone number and have the network administrator call them back.
Firewalls
In a building, a firewall is a wall to keep fire from spreading from one area to another. In a computer network, a firewall is a boundary that can block unwanted data packets. The firewall may be program running on the server or router, or it may be a separate piece of hardware or even a complete computer system just for that purpose. In any case, its purpose is to look at all of the packets coming through, and decide which ones can pass and which ones get blocked.
Ports – Several pages ago, we defined a port as the place in a hub that a cable plugs into. There is another completely different kind of thing called a port, and that is a location in a computer’s memory that is used by a device or application to send and receive data. Each application will have one (or more) of these locations for its own use.
For instance, there is a common e-mail program that has port # 110, which means that the program exchanges information with the rest of the system at memory location 110. The popular game called Doom uses port # 666.
When a packet is sent over a network, it will contain not only the destination address, but also the port number of the application that will use it at that destination. One of the ways a firewall controls the packets is by looking at the port number, and only passing packets with ports that are appropriate for the destination. If nobody should be playing Doom on the network’s computers, then it would make sense to block port 666.
Another way a firewall can control traffic is to look at the source of the packet. It can have a ‘prohibited’ list that keeps out packets from certain IP addresses, or it can have an ‘allowed’ list and block everyone who isn’t on it. Ports can be done the same way, with a ‘prohibited’ or ‘allowed’ list of ports.
Conclusion
There is much more to know about security, and about networks in general, if one is to be involved in managing them. The purpose of this paper is to present just enough information to enable you talk with network administrators and to understand their concerns when presenting network products to them. For additional training in this subject, we recommend the Micro2000 A+ and Network+ courses.
