BACHELOR OF INFORMATION SYSTEMS(HONS)INFORMATION SYSTEMS ENGINEERING

Group Assignment

Lecturer : Mr. Simon Seow

Group Member
Chow Kean Loon
Hooi Cheng Fwai
Khor Kooi Guan
Nicholas Lim Ken Jee
Ng Mei Ling
Young Wei Loong

QUESTION

2. Use the Web to learn more about the history of the internet. Summarize your findings.

Internet is the largest network that connects many independent networks spanning over 170 countries in the World. It links computers of many different types, sizes and operating systems. Internet also very useful to every one to find information, exchange information and also for them to communicate through internet. In this internet history, it is complex and involve many aspect, which is the technology, organization and community. The internet not only for the technical field but also increase in using the online tools to accomplish electronic commerce, information acquisition and community operation.

S: 220 www.example.com ESMTP Postfix
C: HELO mydomain.com
S: 250 Hello mydomain.com
C: MAIL FROM:
S: 250 Ok
C: RCPT TO:
S: 250 Ok
C: DATA
S: 354 End data with .
C: Subject: test message
C: From: sender@mydomain.com
C: To: friend@example.com
C:
C: Hello.
C: This is a test.
C: Goodbye.
C: .
S: 250 Ok: queued as 12345
C: QUIT
S: 221 Bye

Although optional and not shown above, nearly all clients ask the server which SMTP extensions the server supports by using the EHLO greeting. These clients use HELO only if the server does not respond to EHLO.

HTTP (HyperText Transfer Protocol)

HyperText Transfer Protocol (HTTP) is the primary method used to convey information on the World Wide Web. The original purpose was to provide a way to publish and receive HTML pages. Development of HTTP was coordinated by the World Wide Web Consortium and working groups of the Internet Engineering Task Force, culminating in the publication of a series of RFCs, most notably RFC 2616, which defines HTTP/1.1, the version of HTTP in common use today.

HTTP is a request/response protocol between clients and servers. An HTTP client, such as a web browser, typically initiates a request by establishing a TCP connection to a particular port on a remote host (port 80 by default). An HTTP server listening on that port waits for the client to send a request string, such as "GET / HTTP/1.1" (which would request the default page of that web server), followed by an email-like MIME message which has a number of informational header strings that describe aspects of the request, followed by an optional body of arbitrary data. Some headers are optional, while others (such as Host) are required by the HTTP/1.1 protocol. Upon receiving the request, the server sends back a response string, such as "200 OK", and a message of its own, the body of which is perhaps the requested file, an error message, or some other information.

Resources used in the HTTP are identified using Uniform Resource Identifiers (URIs) in the http or https schemes.

In HTTP/0.9 and HTTP/1.0, a client sends a request to the server and then the server sends a response back to the client. After this, the connection is closed. HTTP/1.1, however, supports persistent connections. This enables the client to send a request and get a response, and then send additional requests and get additional responses. The TCP connection is not released for the multiple additional requests, so the relative overhead due to TCP is much less per request. The use of persistent connection is often called keep alive. It is also possible to send more than one (usually between two and five) request before getting responses from previous requests. This is called pipelining.

There is a HTTP/1.0 extension for connection persistence, but its utility is limited due to HTTP/1.0's lack of unambiguous message delimition rules. This extension uses a header called Keep-Alive, while the HTTP/1.1 connection persistence uses the Connection header. Therefore a HTTP/1.1 may choose to support either just HTTP/1.1 connection persistence, or both HTTP/1.0 and HTTP/1.1 connection persistence. Some HTTP/1.1 clients and servers do not implement connection persistence or have it disabled in their configuration.Both HTTP servers and clients are allowed to close TCP/IP connections at any time (i.e. depending on their settings, their load, etc.). This feature makes HTTP ideal for the World Wide Web, where pages regularly link to many other pages on the same server or to external servers. Closing an HTTP/1.1 connection can be a much longer operation (from 200 milliseconds up to several seconds) than closing an HTTP/1.0 connection, because the first usually needs a linger close while the second can be immediately closed as soon as the entire first request has been read and the full response has been sent.

HTTP can occasionally pose problems for Web developers (Web Applications), because HTTP is stateless (i.e. it does not keep session information) so this "feature" forces the use of alternative methods for maintaining users' "state". Many of these methods involve the use of cookies. HTTP is a URI scheme equivalent to the http scheme. It signals the browser to use HTTP with added encryption layer of SSL/TLS to protect the traffic. SSL is especially suited for HTTP since it can provide some protection even if only one side to the communication is authenticated. In the case in HTTP transactions over the Internet, typically only the server side is authenticated.

FTP (File Transfer Protocol)

FTP or file transfer protocol is a protocol used for exchanging files over the Internet. FTP works in the same way as HTTP for transferring Web pages from a server to a user's browser, and SMTP for transferring electronic mail across the Internet in that FTP uses the Internet's TCP/IP protocols to enable data transfer. FTP is most commonly used to download a file from a server using the Internet or to upload a file to a server (e.g., uploading a Web page file to a server). While data is being transferred across the data stream, the control stream does not do anything. This can cause problems with large data transfers through a firewall, which will time out sessions after long periods of idleness. While the file may well be successfully transferred, the control session can be disconnected by the firewall, causing an error. FTP requires the user to login before data transfer can occur. However, anonymous access is also popular.

FTP is commonly run on two ports, 20 and 21. FTP can run over TCP as well as UDP, although TCP is much more common.

The FTP Server listens on Port 21 for incoming connection from FTP clients. A connection on this port forms the control stream, on which commands are passed to the FTP server.

For the actual file transfer to take place, a different connection is required. Depending on the transfer mode, the client (passive mode) or the server (active mode) can listen for the incoming data connection. Before file transfer begins, the client and server also negotiate the Port of the Data connection. In case of active connections, (where the server connects to the client to transfer data) the server binds on Port 20 before connecting to the client. For passive connections, there is no such restriction.

While data is being transferred via the data stream, the control stream sits idle. This can cause problems with large data transfers through firewalls which time out sessions after lengthy periods of idleness. While the file may well be successfully transferred, the control session can be disconnected by the firewall, causing an error to be generated.

The objectives of FTP, as outlined by its RFC, are to promote sharing of files (computer programs and/or data), to encourage indirect or implicit use of remote computers, to shield a user from variations in file storage systems among different hosts, to transfer data reliably and efficiently.

Disadvantages are passwords and file contents are sent in clear text in which can be intercepted by eavesdroppers, multiple TCP/IP connections are used in which one for the control connection and one for each download and upload, it is hard to filter active mode FTP traffic on the client side by using a firewall since the client must open an arbitrary port in order to receive the connection and this problem is largely resolved by using passive mode FTP, it is possible to abuse the protocol's built-in proxy features to tell a server to send data to an arbitrary port of a third computer, FTP is an extremely high latency protocol due to the number of commands needed to initiate a transfer, FTP is designed mainly for use by FTP client programs although is usable directly by a user at a terminal. Many sites that run FTP servers enable so-called "anonymous ftp". Under this arrangement, users do not need an account on the server. By default, the account name for the anonymous access is 'anonymous'. This account does not need a password. Users are commonly asked to send their email addresses as their passwords for authentication, usually there is trivial or no verification, depending on the FTP server and its configuration.

Hub

An Ethernet hub or concentrator is a device for connecting multiple twisted pair or fiber optic Ethernet devices together, making them act as a single segment. It works at the physical layer of the OSI model, repeating the signal that comes into one port out each of the other ports. If a signal comes into two ports at the same time a collision occurs, so every attached device shares the same collision domain. Hubs support only half duplex Ethernet, providing bandwidth which is shared among all the connected devices.

Most hubs detect typical problems such as excessive collisions on individual ports, and partition the port, disconnecting it from the shared medium. Thus hub-based Ethernet is generally more robust than coaxial cable based Ethernet where a misbehaving device can disable the entire segment. Even if not partitioned automatically, a hub makes troubleshooting easier because status lights can indicate the possible problem source or, as a last resort, devices can be disconnected from a hub one at a time much more easily than a coaxial cable.

Although switches are much more common, hubs are still useful in special circumstances:-A protocol analyzer connected to a switch does not always receive all the desired packets since the switch separates the ports into different segments. Connecting it to a hub allows it to see all the traffic going through the hub.

Some computer clusters require each member computer to receive all of the traffic going to the cluster. A hub will do this naturally; using a switch requires implementing special tricks.

When a switch is accessible for end users to make connections (for example, in a conference room), an inexperienced or careless user (or saboteur) can bring down the network by connecting two ports together, causing a loop. This can be prevented by using a hub, where a loop will break other users on the hub but not the rest of the network.

Switch

A switch is a device for making or breaking an electric circuit, or for selecting between multiple circuits. In the simplest case, a switch has two pieces of metal called contacts that touch to make a circuit, and separate to break the circuit. The contact material is chosen for its resistance to corrosion, because most metals form insulating oxides that would prevent the switch from working. Sometimes the contacts are plated with noble metals. They may be designed to wipe against each other to clean off any contamination. Nonmetallic conductors, such as conductive plastic, are sometimes used. The moving part that applies the operating force to the contacts is called the actuator, and may be a toggle or dolly, a rocker, a push-button or any type of mechanical linkage

A pair of contacts is said to be 'closed' when there is no space between them, allowing electricity to flow from one to the other. When the contacts are separated by a space, they are said to be 'open', and no electricity can flow. Switches can be classified according to the arrangement of their contacts. Some contacts are normally open until closed by operation of the switch, while others are normally closed and opened by the switch action. A switch with both types of contact is called a changeover switch. The terms pole and throw are used to describe switch contacts. A pole is a set of contacts that belong to a single circuit. A throw is one of two or more positions that the switch can adopt. These terms give rise to abbreviations for the types of switch which are used in the electronics industry. In mains wiring names generally involving the word way are used; however, these terms differ between British and American English and the terms two way and three way are used in both with different meanings. Switches with larger numbers of poles or throws can be described by replacing the "S" or "D" with a number or in some cases the letter T (for triple). In the rest of this article the terms SPST SPDT and intermediate will be used to avoid the ambiguity in the use of the word "way".

In a multi-throw switch, there are two possible transient behaviors as you move from one postion to another. In some switch designs, the new contact is made before the old contact is broken. This is known as make-before-break, and ensures that the moving contact never sees an open circuit. The alternative is break-before-make, where the old contact is broken before the new one is made. This ensures that the two contacts are never shorted to each other. Both types of design are in common use, for different applications

A biased switch is one containing a spring that returns the actuator to a certain position. The "on-off" notation can be modified by placing parentheses around all positions other than the resting position. For example, an (on)-off-(on) switch can be switched on by moving the actuator in either direction away from the centre, but returns to the central off position when the actuator is released.The momentary push-button switch is a type of biased switch. The most common type is a push-to-make switch, which makes contact when the button is pressed and breaks when the button is released. A push-to-break switch, on the other hand, breaks contact when the button is pressed and makes contact when it is released. An example of a push-to-break switch is a button used to release a door held open by an electromagnet. Changeover push button switches do exist but are even less common.

Firewall

Today, firewalls are again using application level filters called proxies - or application level proxies because machines with modern CPU speeds are capable of doing deep inspection in reasonable time. These proxies can read the data part of each packet in order to make intelligent decisions about the connection. For example, http can be used to tunnel IRC or peer to peer file sharing protocols. Traditional stateful firewalls cannot detect this while an application level firewall can detect and selectively block http connections according to content.

Modern computers typically exchange data by breaking it up to network frames. These frames are called "packets" in TCP/IP, the most commonly used network protocol. Firewalls inspect each packet and decide whether it should be allowed to pass the firewall and continue travelling towards its destination, or discarded. Common ways of filtering packets are according to the source/destination address or according to the source/destination port.

But in most cases this information is not enough. The administrator of the firewall might want to allow packets to pass the firewall according to the context of the connection, and not just the individual packet characteristics. Therefore, a packet belonging to an existing connection, aimed at port 22 (the Secure Shell port) should be allowed to pass the firewall, but a packet that does not belong to any existing connection must be dropped.

With the traditional stateless firewalls, this was a problem, since the firewall had no way of knowing which packets belonged to existing connections and which didn't. Stateful firewalls solve this problem by monitoring network connections and matching any packets they inspect to existing or new connections. Therefore, they offer more fine grained control over network traffic.

Packet-filter Firewall- firewall can be used as a packet filter. It can forward or block packets based on the information in the network layer and transport layer headers: source and destination IP addresses, source and destination port addresses, and type of protocol (TCP or UDP). A packet-filter firewall is a router that uses a filtering table to decide which packets must be discarded (not forwarded).

Proxy Firewall- The packet-filter firewall is based on the information available in the network layer and transport layer headers (IP and TCP/UDP). However, sometimes we need to filter a message based on the information available in the message itself (at the application layer). As an example, assume that an organization wants to implement the following policies regarding its Web Pages: Only those Internet users who have previously established business relations with the company can have access; access to other users must be blocked. In this case, a packet-filter firewall is not feasible because it cannot distinguish between different packets arriving at TCP port 80 (HTTP). Testing must be done at the application level (using URLs). One solution is to install a proxy computer, which stands between the customer computer and the corporation computer.

BOOTP

In computing, BOOTP, short for Bootstrap Protocol, is a UDP network protocol used by a network client to obtain its IP address automatically. This is usually done in the bootstrap process of computers or operating systems running on them. The BOOTP servers assign the IP address from a pool of addresses to each client. The protocol was originally defined in RFC 951.

BOOTP enables 'diskless workstation' computers to obtain an IP address prior to loading any advanced operating system. Historically, it has been used for Unix-like diskless workstations which also obtained the location of their boot image using this protocol and also by corporations to roll out a pre-configured client installation to newly purchased PCs.

Originally requiring the use of a boot floppy disk to establish the initial network connection, the protocol became embedded in the BIOS of some network cards themselves and in many modern motherboards thus allowing direct network booting.

Recently those with an interest in diskless stand-alone media center PCs have shown new interest in this method of booting a Windows operating system. DHCP is a more advanced protocol based on BOOTP, but is far more complex to implement. Most DHCP servers also offer BOOTP support.

DHCP

Dynamic Host Configuration Protocol (DHCP) is a client-server networking protocol. A DHCP server provides configuration parameters specific to the DHCP client host requesting, generally, information required by the client host to participate on an IP network. DHCP also provides a mechanism for allocation of IP addresses to client hosts. DHCP appeared as a standard protocol in October 1993. RFC 2131 provides the latest (March 1997) DHCP definition. The latest standard on a protocol describing DHCPv6, DHCP in a IPv6 environment, was published in July 2003 as RFC 3315

The DHCP protocol provides three methods of IP-address allocation:

Manual Allocation, where the DHCP server performs the allocation based on a table with MAC address - IP address pairs manually filled by the server administrator. Only requesting clients with a MAC address listed in this table get the IP address according to the table. Automatic Allocation, where the DHCP server permanently assigns to a requesting client a free IP-address from a range given by the administrator. Dynamic Allocation, the only method which provides dynamic re-use of IP addresses. A network administrator assigns a range of IP addresses to DHCP, and each client computer on the LAN has its TCP/IP software configured to request an IP address from the DHCP server when that client computer's network interface card starts up. The request-and-grant process uses a lease concept with a controllable time period. This eases the network installation procedure on the client computer side considerably. Some DHCP server implementations can update the DNS name associated with the client hosts to reflect the new IP address. They make use of the DNS update protocol established with RFC 2136

DHCP is used by most cable internet in the U.S. to allocate IP addresses. DSL providers in the US rarely use DHCP, using PPPoE instead. In addition, several routers provide DHCP support for networks of up to 255 computers, for assigning private IP addresses.

Microsoft introduced DHCP on their NT server with Windows NT version 3.5 in late 1994. Despite being called "a new feature from Microsoft", DHCP did not originate from Microsoft. The Internet Software Consortium published DHCP software distributions for Unix variants with version 1.0.0 of the ISC DHCP Server released on December 6, 1997 and a more RFC-compliant version 2.0 on June 22, 1999. One can download this software from http://www.isc.org/sw/dhcp/Novell has included a DHCP server in their NetWare operating system since version 5, released in 1998. It integrates with Novell's directory service - Novell eDirectory. Other major implementations include:

Cisco with a DHCP server made available in Cisco IOS 12.0 in February 1999 Sun, who added DHCP support in the July 2001 release of Solaris 8. Cisco Systems offers DHCP servers in routers and switches with their IOS software. Moreover, they offer Cisco Network Registrar (CNR) - a highly scalable and flexible DNS, DHCP and TFTP server.

SNMP

The Simple Network Management Protocol (SNMP) forms part of the internet protocol suite as defined by the Internet Engineering Task Force. The protocol can support monitoring of network-attached devices for any conditions that warrant administrative attention. The SNMP protocol is extensible by design. This is achieved through the notion of a management information base or MIB, which specifies the management data of a specific subsystem of an SNMP-enabled device, using a hierarchical namespace containing object identifiers, implemented via ASN.1. The MIB hierarchy can be depicted as a tree with a nameless root, the levels of which are assigned by different organizations. This model permits management across all layers of the OSI reference model, extending into applications such as databases, email, and the J2EE reference model, as MIBs can be defined for all such area-specific information and operations.

Architecturally, the SNMP framework has three fundamental components: Master Agents, Subagents and Management Stations.

A master agent is a piece of software running on an SNMP-capable network component (say, a router). that responds to SNMP requests made by a management station. Thus it acts as a server in client-server architecture terminology or as a daemon in operating system terminology. A master agent relies on subagents to provide information about or management of specific functionality. Master agent can also be referred as Managed objects. A subagent is a piece of software running on an SNMP-capable network component that implements the information and management functionality defined by a specific MIB / of a specific subsystem like, for example, the ethernet link layer. Some capabilities of the subagent are gathering of information from the managed objects, configuring parameters of the managed object, responding to manager's request and generates alarm, or rather called traps to managers. The manager or management station is the final component in the architecture of SNMP. It functions as the equivalent of a client in a client-server architecture. It issues requests for management operations on behalf of an administrator or application, and receives traps from agents as well.

The SNMP protocol operates at the application layer (layer 7) of the OSI model. It specified (in version 1) five core protocol data units (PDUs):

Normally, a network management system is able to manage device with SNMP agent installed. However in the absence of the SNMP agent, it can be managed with the help of a proxy agent. The SNMP agent associated with the proxy policy is called a proxy agent, or commercially a proxy server. The proxy agent monitor non-SNMP Community with non-SNMP agents and then converts the objects and data to SNMP compatible objects and data tobe fed to an SNMP manager.

5.Design a network topology which includes the following equipment: Router, hub, switch, PC, DNS server, firewall, Email Server, Proxy Server.


6. Explain why proxy server setting in Internet Explorer is needed in UTAR network environment.

A proxy server is a server that acts as an intermediary between a workstation user and the Internet so that the enterprise can ensure security, administrative control, and caching service. A proxy server is associated with or part of a gateway server that separates the enterprise network from the outside network and a firewall server that protects the enterprise network from outside intrusion.

A proxy server receives a request for an Internet service from a user. If it passes filtering requirements, assuming it is also a cache server, looks in its local cache of previously downloaded Web pages. If it finds the page, it returns it to the user without needing to forward the request to the Internet. If the page is not in the cache, the proxy server, acting as a client on behalf of the user, uses one of its own IP addresses to request the page from the server out on the Internet. When the page is returned, the proxy server relates it to the original request and forwards it on to the user.

To the user, the proxy server is invisible. All Internet requests and returned responses appear to be directly with the addressed Internet server. The proxy is not quite invisible and IP address has to be specified as a configuration option to the browser or other protocol program.

WHY PROXY SERVER NEEDED IN UTAR ENVIRONMENT

Common proxy application is a caching web proxy. It provides a nearby cache of web pages and files available on remote web servers, allowing local network users to access more efficiently, quickly and reliably.

Proxy server’s cache can serve to all users. If the website frequently requested by users, it will improve user response time.

Proxy server can also do logging. This is very important for UTAR website because it allow student to login in the website.

Proxy server enforce acceptable network use policies or to provide security, anti-malware or caching services.

Proxy server is an additional layer of defense and protects web servers further up the chain.

Proxy server can optimize and compress the content to speed up the load time.

Proxy server can be use to filter request.

Works seamlessly with an Intranet.

7. Use the Internet to find out more about iptables, which is the software for combining of tools and Linux kernel support for packet rewriting and fire-walling, and why it is being adopted. Summarize your findings.

Iptables is the name of the user space tool by which administrators create rules for the packet filtering and NAT modules. While technically iptables is merely the tool which controls the packet filtering and NAT components within the kernel, the name iptables is often used to refer to the entire infrastructure, including netfilter, connection tracking and NAT, as well as the tool itself. iptables is a standard part of all modern Linux distributions.

Iptables is a user space application program that allows a system administrator to configure the netfilter tables, chains, and rules (described above) and allows applications and clients to connect through the network and stop unwanted applications and clients from communicating and corrupting the operating system. Because iptables requires elevated privileges to operate, it must be executed by user root, otherwise it fails to function. On most Linux systems, iptables is installed as /sbin/iptables. The detailed syntax of the iptables command is documented in its man page, which can be displayed by typing the command "man iptables".

The IPTable application operates at a higher level by filtering TCP and UDP protocols before the data is passed onto the user applications that can be corrupted. In this section we will look at IP filtering, TCP filtering, and UDP filtering as well as how IPTables can be configured to perform filtering.

Iptables has a fairly detailed manual page (man iptables), and if you need more detail on particulars. Those of you familiar with ipchains may simply want to look at `Differences Between iptables and ipchains''; they are very similar.

There are several different things you can do with iptables. You start with three built-in chains INPUT, OUTPUT and FORWARD which you can't delete. Let's look at the operations to manage whole chains:

Create a new chain (-N).

Delete an empty chain (-X).

Change the policy for a built-in chain. (-P).

List the rules in a chain (-L).

Flush the rules out of a chain (-F).

Zero the packet and byte counters on all rules in a chain (-Z).

There are several ways to manipulate rules inside a chain:

Append a new rule to a chain (-A).

Insert a new rule at some position in a chain (-I).

Replace a rule at some position in a chain (-R).

Delete a rule at some position in a chain, or the first that matches (-D).

What is Netfilter.org?

Netfilter.org is home to the software of the packet filtering framework inside the Linux 2.4.x and 2.6.x kernel series. Software commonly associated with netfilter.org is iptables. Software inside this framework enables packet filtering, network address [and port] translation (NA[P]T) and other packet mangling. It is the re-designed and heavily improved successor of the previous Linux 2.2.x ipchains and Linux 2.0.x ipfwadm systems. Netfilter has two groups of components, the kernel and user-mode pieces. The user-mode group consists of the iptables and related utilities, libraries, manual pages and scripts. The kernel components are patches to existing kernel sources and a number of extra modules. Applying patches to a system as large and complex as the Linux kernel can be a daunting task to the uninitiated, and the road is littered with traps and potential blind turns.

Netfilter is a set of hooks inside the Linux kernel that allows kernel modules to register callback functions with the network stack. A registered callback function is then called back for every packet that traverses the respective hook within the network stack. Iptables is a generic table structure for the definition of rulesets. Each rule within an IP table consists of a number of classifiers (iptables matches) and one connected action (iptables target).

Netfilter, ip_tables, connection tracking (ip_conntrack, nf_conntrack) and the NAT subsystem together build the major parts of the framework.

Main Features

Stateless packet filtering (IPv4 and IPv6)

Stateful packet filtering (IPv4 and IPv6)

All kinds of network address and port translation, e.g. NAT/NAPT (IPv4 only)

Flexible and extensible infrastructure

Multiple layers of API's for 3rd party extensions

Large number of plugins/modules kept in 'patch-o-matic' repository

What can I do with netfilter/iptables?

build internet firewalls based on stateless and stateful packet filtering

use NAT and masquerading for sharing internet access if you don't have enough public IP addresses

use NAT to implement transparent proxies

aid the tc and iproute2 systems used to build sophisticated QoS and policy routers

do further packet manipulation (mangling) like altering the TOS/DSCP/ECN bits of the IP header

Linux's iptables allows powerful firewalls to be implemented at a minute fraction of the cost of many commercial offerings. Basic iptables firewalls are packet filters, which means they inspect the network communications flowing through them a packet at a time and make choices about how those packets are handled. Simple configurations can be sused to drop certain packets and accept others. The choice about which policy to apply to a particular packet commonly is made on the basis of the IP address and port number to which it has been sent and the direction in which it is traveling. iptables also can use state information to make more-informed choices based on the state of the connection to which the packet relates. This is known as connection tracking. A simple and highly effective firewall configuration blocks inbound TCP/IP connection packets and UDP exchanges initiated from the public Internet while allowing outbound ones over translated addresses. This gives users free access to the outside world while protecting them from unwelcome intrusions. Such configurations are a bit simplistic and may need additional filters to be truly useful, but the basic concept is straightforward. Iptables has a lot more to offer than these simple packet-filtering criteria. Some of the extras are fairly well known and even may make their way into some off-the-shelf Linux distributions, but some lesser-known features are worthy of investigation. These are the hidden treasures I intend to point you toward in this article. It would take a book to describe all the possible features and options associated with them, so all I do here is flag their existence and put you on the path of exploration.

8. Identify the kinds of services of ISPs in Malaysia. You may compare the services and pricing provided by any 2 ISPs in this country.

ISP stands for Internet Services Provider which means a business or organization that sells accessing services that related to the Internet. There are many types of services can be provided by ISP and some of the popular options include dial-up, DSL (typically ADSL), Broadband wireless access, Cable modem, and ISDN (typically BRI).

There are 8 major companies are mainly focus on the ISPs business and there are Malaysia Online, Silicon Central, Nasionet, Jaring, Putra.Net, TIMENet Central, Maxis Net and TMnet. The common services that provide by ISPs companies are GPRS (General Packet Radio Services), 3G (3rd Generation), Broadband, Dial-Up Access, Wi-MAX (Worldwide Interoperability for Microwave Access) & Wi-fi (Wireless Fidelity).

GPRS (General Packet Radio Services)

This is a 2.5 generations of mobile telephony technology which using unused TDMA channels in the GSM network. GPRS is packet-switched which means that multiple users share the same transmission channel, only transmitting when they have data to send. Usually, GPRS data are billed per kilobytes of information transceived while circuit-switched data connections are billed per second.

3G (3rd Generation)

3G also known as 3rd generation technology, the most significant features are the higher capacity and broadband capabilities to support greater numbers of voice and data customers, and higher data rates at lower incremental cost than 2G.

Broadband

Broadband is a signaling method which handles a relatively wide range of frequencies which may be divided into channels. The concept of the broadband is more information can be carried with the wider bandwidth. The most popular of the broadband service in Malaysia is the Streamyx which offered by TM Net Sdn Bhd.

Dial- Up Access

Dial-Up Access a method of using telephone line to connect the modem and dials into an ISP node to establish a modem-to-modem link, then routed to the internet. The transfer rate of the Dial-Up Access commonly is 56kb/s, compare to the broadband with transfer rate 1Mb/s, it consider very slow and almost replace by broadband. Most of the companies had to reduce the price of Dial-Up Access to challenge the market.

Wi-MAX(Worldwide Interoperability for Microwave Access)

Wi-MAX is using wireless method to access to the network and it formed in June 2001 to promote conformance and interoperability of the IEEE 802.16 standard. The Wi-MAX transfer rate is about 70Mb/s and cover range is about 110 kilometers, because of it cover range so wide so it also known as WirelessMAN ( Wireless Metropolitan Area Networks) But the transfer rate will decrease for certain area which is far away from the wireless base station. The transfer rate also depends on the indoor environment and outdoor environment.

Wi-Fi (Wireless Fidelity)

Wi-Fi is a technology which based on any type of 802.11 network, whether 802.11b, 802.11a and dual-band. It contains one or more Access Points and one or more clients. The transfer rate of the Wi-Fi technology is at least 1Mb/s.

Comparison of sevices and pricing between two ISPs Services




This diagram shows the comparisons of the services between two ISPs. Both of them separate to two categories, one is the personal or consumer and the other is the business use. For the TMnet, it provides 3 types of internet services to both categories which are the Dial-Up Access (TMNET 1525), Broadband (TMNET STREAMYX) and Wi-Fi (TMNET HOTSPOT) while the Jaring only provides 2 internet services to both categories which are the Broadband and the Dial-Up Access.

Pricing Consumer or personal category



The price lists above shows the comparison of the prices between two ISPs for consumer or personal category. For Streamyx Basic 1.0M, it separate to two types which are without modem package and with modem package. For without modem package, the monthly charge is RM 88 while for with modem package the monthly charge is RM 99. For Jaring ISP, it also has two type which are the basic package and standard package. For the basic package, the monthly charge will be RM 79 and for the standard package is RM 99. The modem is free of charge for the customer who use either one of the package. The installation fee which amount RM 80 (optional) and registration fee with amount RM 75 need to pay by the customer once they decided to use either one of the package.

Business category




For business category, the TMnet Streamyx Enterprice ADSL 1.0M monthly charge is RM 418 while the Jaring Enterprise 1 Mbps package is RM 139 for dynamic IP and RM 199 for static IP. Installation fee with amount RM 80 (optional) and the registration fee with amount RM 75 need to pay by new customer.

Dial-Up Access






For the Dial-Up Access Package, the monthly subscription fee for Jaring Personal Dial-Up is RM 5 and the Business Dial-Up is RM 20 while the TMnet is RM 24 for the Personal Dial-Up and RM 50 for the Organization Dial-Up.

The excess usage charge for Jaring Personal Dial-Up is 2.5sen/min for PSTN line and 4.0sen/min for ISDN line and for the Business Dial-Up; the charge is 2.5sen/min for PSTN line and 4.0sen/min for the ISDN line. For the TMnet, the usage charge for access fee is 3.0sen/min and 2.0sen/min for the call charges.

9. Use the Web to learn more about the Wireless LAN. Find out why Wireless LAN is being marketed aggressively by carries and adopted enthusiastically by enterprises.

A wireless local area network (LAN) is a flexible data communications system implemented as an extension to, or as an alternative for, a wired LAN. Using radio frequency(RF) technology, wireless LANs transmit and receive data over the air, minimizing the need for wired connections. Thus, wireless LANs combine data connectivity with user mobility. Wireless LANs have gained strong popularity in a number of vertical markets, including the health-care, retail, manufacturing, warehousing, and academia. These industries have profited from the productivity gains of using hand-held terminals and notebook computers to transmit real-time information to centralized hosts for processing. Today wireless LANs are becoming more widely recognized as a general-purpose connectivity alternative for a broad range of business customers. Business Research Group, a market research group, predicts a six fold expansion of the Wireless LAN by the year 2000, reaching more than 2 billion revenues. The fact that Wireless LAN is being marketed aggressively and adopted enthusiastically is due to a couple of factors:-

CAMP: Convenience, Affordability, Mobility, Productivity

Deployment advantages: Installation flexibility, speed and scalability

Regions without or with limited wired infrastructure can easily establish wireless communication

Wireless networks have a better chance of surviving disasters

802.11 wireless LANs, WiMAX and 3G+ cellular networks promise high bandwidths, global mobility, quality of service and seamless integration with one another.

Skills to address new high-priority markets

Focus around core competencies

Enhanced credibility with customers

Contributes to certification

Migration to a higher margin, value-add business model

Wireless LANs offer the following productivity, convenience, and cost advantages over traditional wired networks:

Mobility:Wireless LAN systems can provide LAN users with access to real-time information anywhere in their organization.This mobility supports productivity and service opportunities not possible with wired networks.

Installation Speed and Simplicity:Installing a wireless LAN system can be fast and easy and can eliminate the need to pull cable through walls and ceilings.

Installation Flexibility:Wireless technology allows the network to go where wire cannot go.

Reduced Cost-of-Ownership:While the initial investment required for wireless LAN hardware can be higher than the cost of wired LAN hardware,overall installation expenses and life-cycle costs can be significantly lower.Long-term cost benefits are greatest in dynamic environments requiring frequent moves and changes.

Scalability:Wireless LAN systems can be configured in a variety of topologies to meet the needs of specific applications and installations.Configurations are easily changed and range from peer-to-peer networks suitable for a small number of users to full infrastructure networks of thousands of users that enable roaming over a broad area.

HOW DOES THE WIRELESS NETWORK WORK?

The network operates by linking the computers to the wiring in the office using radio frequency energy, just as the `cordless' portable telephone in your home sends voice information to the telephone wiring in your home. Like the telephone system, it is a hybrid system using both wired and wireless communication. The antenna is small just a few inches, barely noticeable outside of the computer, and the power used is very low, comparable to your cordless telephone.

Types of Wireless LAN

The Project 802.11 committee distinguished between two types of wireless LAN : "ad-hoc" and "infrastructred" networks.




Figure 2 : (a) Infrastructred Wireless LAN; (b) Ad-hoc Wireless LAN. [3]

Ad-hoc Networks

Figure 2b shows an ad-hoc network. This network can be set up by a number mobile users meeting in a small room. It does not need any support from a wired/wireless backbone. There are two ways to implement this network.

Broadcasting/Flooding Suppose that a mobile user A wants to send data to another user B in the same area. When the packets containing the data are ready, user A broadcasts the packets. On receiving the packets, the receiver checks the identification on the packet. If that receiver was not the correct destination, then it rebroadcasts the packets. This process is repeated until user B gets the data.

Temporary Infrastructure In this method, the mobile users set up a temporary infrastructure. But this method is complicated and it introduces overheads. It is useful only when there is a small number of mobile users.

Infrastructure Networks

Figure 2a shows an infrastructure-based network. This type of network allows users to move in a building while they are connected to computer resources. The IEEE Project 802.11 specified the components in a wireless LAN architecture. In an infrastructure network, a cell is also known as a Basic Service Area (BSA). It contains a number of wireless stations. The size of a BSA depends on the power of the transmitter and receiver units, it also depends on the environment. A number of BSAs are connected to each other and to a distribution system by Access Points (APs). A group of stations belonging to an AP is called a Basic Service Set (BSS). Figure 3 shows the basic architecture for wireless LANs.



10. Discuss the importance of Network Security and/ or legitimacy in Computer Network.

The proliferation of technology has created a mobile society consisting of millions of telecommuters, field workers, travelling sales personnel and home-office workers. Users can connect to their office networks from hotels, airports and other remote locations besides home.

Today, the word 'network' has larger connotations. Network now encompasses the whole process of information creation, flow, storage and processing. In other words, it is the lifeline of the process of value creation, on which a company thrives. But, the very features of connectivity and accessibility that make networks so indispensable to contemporary society, are today creating unforeseen consequences - making it important for organisations to adopt security measures. Some have their applications protected with robust encryption; others are looking to lock down their networks in the face of external threats; still others want to open their networks up to partners, customers and the mobile workforce, without compromising on security.

This has lead to various enterprises to be aware of the importance of Network Security for an enterprise’s network,database and processes. It is vital for Network Security to be implemented to improve computer security readiness and raising awareness about the importance of keeping systems and cyber infrastructure secure, software up-to-date and security practices and procedures current. Besides that risks concerning Networks include Viruses, Worms and Trojans. Each of these threats causes incoherent damage to a operating system to perform irregularly. Other Network threats include Denial of Service and Unauthorized Access. DoS (Denial-of-Service) attacks are probably the nastiest, and most difficult to address. These are the nastiest, because they're very easy to launch, difficult (sometimes impossible) to track, and it isn't easy to refuse the requests of the attacker, without also refusing legitimate requests for service.

The premise of a DoS attack is simple: send more requests to the machine than it can handle. There are toolkits available in the underground community that make this a simple matter of running a program and telling it which host to blast with requests. The attacker's program simply makes a connection on some service port, perhaps forging the packet's header information that says where the packet came from, and then dropping the connection. If the host is able to answer 20 requests per second, and the attacker is sending 50 per second, obviously the host will be unable to service all of the attacker's requests, much less any legitimate requests (hits on the web site running there, for example).

``Unauthorized access'' is a very high-level term that can refer to a number of different sorts of attacks. The goal of these attacks is to access some resource that your machine should not provide the attacker. For example, a host might be a web server, and should provide anyone with requested web pages. However, that host should not provide command shell access without being sure that the person making such a request is someone who should get it, such as a local administrator.

The various Network Threats has further emphasize the importance of Network Security where organizations have taken steps that include standard, network-based tools like firewalls and intrusion detection systems as well as host-based security solutions on individual computers. In addition, intrusion prevention systems (IPS) have been proven to block attacks that bypass these traditional security tools through total packet inspection and prevention. Like anti-virus products, intrusion prevention systems are updated. However, they are more comprehensive because IPS blocks a wide range of threats like denial of service attacks, worms, viruses, trojans, buffer overflows, spyware, phishing and voip threats.

Network Security also provides advantages to further enchance it’s importance for a Computer Network whereby Network security solutions are much more easy to deploy than host-based or desktop solutions. Network solutions can protect the entire network through a centralised solution, whereas host-based security solutions, like anti-virus software, must be deployed on individual machines. Deploying host-based security is time-consuming and sometimes it is impossible to control the individual's desktop as in the case of education environments where the university does not "own" the student's computer or in the case of an Internet Service Provider who does not own its customers' machines.

To summarize, the various points highlighted above have displayed the true importance of Network Security in a Computer Network.