These “Private” address ranges are the following:

• From 10.0.0.0 to 10.255.255.255
• From 172.16.0.0 to 172.31.255.255
• From 192.168.0.0 to 192.168.255.255

Now, the most common practice today for Network engineers is to assign private IP addresses to devices in their private Local networks, and use Network Address Translation (NAT) if a device needs to access the Internet. The purpose of NAT is to translate the source private IP address of the network device into a public IP address in order to communicate with another host on the Internet. Since NAT allows many-to-one IP translation, you can have many private IP addresses translated to a single public address, thus saving address space.

The term includes the various technologies

• telecommunications networks
• computer networks (local (LANs), Metropolitan (MANs), wide area (WANs) and Websites)
• integrated services digital networks close (N-ISDN) and large B-ISDN) zone, and all wireless communication technologies.

For the classification of networks can be used several characteristics:

The architecture and techniques used for transporting data, which are:

• Switching circuit package, frame, cell
• Broadcast networks.

The geographical coverage offered

• Data flow machines and multiprocessor systems
• Local Computer Networks [Local Area Networks]
• Metropolitan Area Networks
• Regional Area Networks
• Wide Area Networks
• Interconnection of long haul networks or Global Area Networks

The bandwidth offered (bandwidth)

The type of applications supported

The regulatory framework for the operation

The used hardware and software, etc.

Both the technology and the different standards, leading to a single communication system, which will consolidate all communications patterns, which will provide broad geographic coverage, and seamless and easy access to all sources of information. It is clear that a basic condition for achieving these objectives is the existence of a modern telecommunications infrastructure polydynamics. The infrastructure should provide the widest possible geographical coverage, to provide a basic standard set of advanced services with high added value and have the prospect of switching to high-speed networks (2 Mbps to 622.5 Mbps.)

Technoeconomical key factors of development of each communication technology, but also functional integration of individual infrastructure is a mature and widely accepted standard, which refer to protocols (ie, a set of rules and conditions which determine the communication) a specific architecture (Reference Model ).  The most famous architecture is that of seven levels, which is described as Reference Model Open Systems Interface (OSIRM-Open Systems Interconnect Reference Model).
 Despite the fact that the OSI model has contributed greatly to the broad dissemination of the concepts of protocols in layers and that is an extremely useful tool for presentation and comparative study of various technologies, the same protocols OSI does not have the broad dissemination of other similar architectures (DoD example of architecture with plenty of protocols TCP / IP).

The technical description followed the model OSI, is that architecture in layers / levels (layered architecture). Each open system divided logically arranged in a set of subsystems and communications functions are shared in a sharply ordered all epipedon. Basic functions that are common at all levels are:

Encapsulation (Encapsulation)

Segmentation (Segmentation)

Installation Association (Connection Establishment)

Flow Control (Flow Control)

Error Control (Error Control)

Polyplexia (Multiplexing)

Transfer Means

• Twisted Pair
• Baseband Coaxial Cable
• Broadband Coaxial Cable
• Fiber Optics

Students, networking professionals, corporate employees, and anyone else interested in the basic technology of computer networks should find this a valuable study guide.

1. VPN stands for

a) Virtual Public Network
b) Virtual Protocol Network
c) Virtual Perimeter Network
d) Virtual Private Network

Answer: d) Virtual Private Network
VPN stands for “Virtual Private Network” or “Virtual Private Networking.” A VPN is a private network in the sense that it carries controlled information, protected by various security mechanisms, between known parties. VPNs are only “virtually” private, however, because this data actually travels over shared public networks instead of fully dedicated private connections.
 

2. What is the main benefit of VPNs compared to dedicated networks utilizing frame relay, leased lines, and traditional dial-up?

a) improved security
b) reduced cost
c) better network performance
d) less downtime on average

Answer: b) Reduced Cost
The main benefit of a VPN is the potential for significant cost savings compared to traditional leased lines or dial up networking. These savings come with a certain amount of risk, however, particularly when using the public Internet as the delivery mechanism for VPN data. The performance of a VPN will be more unpredictable and generally slower than dedicated lines due to public Net traffic. Likewise, many more points of failure can affect a Net-based VPN than in a closed private system. Utilizing any public network for communications naturally raises new security concerns not present when using more controlled environments like point-to-point leased lines.

3. VPNs save money by
a) reducing the need for long distance telephone calls
b) reducing the need for modem pools and remote access servers
c) reducing the need for leased lines
d) all of the above

Answer: d) All of the above
VPNs may save money in several different ways. Companies that lease private lines typically pay a very high monthly fee, and a VPN can replace these lines with much less expensive, shorter connections to a local ISP. VPNs can also support remote access connectivity for travelers. Instead of configuring remote access servers and paying for the long-distance charges to reach them, an organization can rely on an ISP to support local access on both ends of the VPN connection.

4. What is the relationship between a VPN and an extranet?

a) VPNs are unrelated to extranets
b) some extranets are VPNs and all VPNs are extranets
c) some extranets are VPNs and some VPNs are extranets
d) VPNs and extranets are two terms for the same type of network

Answer: b) some extranets are VPNs and all VPNs are extranets
Many VPNs support the same main feature of an extranet — controlled access by third parties to protected network resources. Some VPNs, however, exist only to provide remote access to employees within the organization; these are technically wide-area intranets. A few VPNs also implement local-area intranets that limit or meter access to one internal LAN from other internal LANs.

5. In VPNs, the term “tunneling” refers to
a) a marketing strategy that involves selling VPN products for very low prices in return for expensive service contracts
b) an optional feature that increases network performance if it is turned on
c) the encapsulation of packets inside packets of a different protocol to create and maintain the virtual circuit
d) the method a system administrator uses to detect hackers on the network

Answer: c) the encapsulation of packets inside packets of a different protocol to create and maintain the virtual circuit

VPN tunneling transforms packets from a VPN tunneling protocol format to a different format before being transmitted over the public network. This technique, called encapsulation, is used in several network technologies besides VPN. Once encapsulated, VPN protocol packets are responsible for creating and maintaining the private connection — including set-up and tear-down details. Tunneling is the essential feature behind any VPN implementation.

6. Which of the following are VPN tunneling protocols?
a) IPSEC
b) PPTP
c) L2TP
d) All of the above

Answer: d) All of the above
PPTP, IPsec, and L2TP are three of today’s most popular VPN tunneling protocols. Each one of these is capable of supporting a secure VPN connection.

7. PPTP stands for
a) Place to Place Tunneling Protocol
b) Point to Point Tunneling Protocol
c) Pretty Pointless Traffic Producer
d) Private Protocol Transfer Process

Answer: b) All of the above

PPTP stands for Point to Point Tunneling Protocol. PPTP is a protocol specification developed by several companies. However, people generally associate PPTP with Microsoft because nearly all flavors of Windows include built-in support for this protocol.

8. What is the basic difference between a VPN and a firewall?
a) firewalls can be configured by an administrator but VPNs cannot be configured
b) there is no fundamental difference exists between firewalls and VPNs
c) firewalls are designed to block network traffic and VPNs are designed to deliver traffic
d) firewalls are a less secure form of VPN

Answer: c) firewalls are designed to block network traffic and VPNs are designed to deliver traffic

VPNs establish a guarded connection and transmit data across that link, whereas firewalls sit at strategic locations on the network and watch for certain types of traffic to block. An appropriately configured VPN can communicate through firewalls.

9. What network port does PPTP use to establish communication?

a) 25/udp
b) 25/tcp
c) 1723/udp
d) 1723/tcp

Answer: d)1723/tcp

PPTP uses TCP port 1723 to establish a connection. When opening holes in a firewall to support PPTP, one must be careful to not specify UDP port 1723 instead of TCP.
Also, PPTP uses IP port 47, designed for “General Routing Encapsulation” or GRE packets. A common mistake in configuring firewalls for use with PPTP is to open port 1723 (allowing connections to be established) but fail to open port 47 (denying actual data from passing through the tunnel). Some operating systems include “PPTP ping” utiliies (pptpsrv and pptpclnt in Windows 2000) that verify both PPTP ports are opened.

10. Which approach to VPNs is the best one?
a) router-based
b) software only
c) VPN-specific gateway device
d) firewall-based

Answer: c) VPN Specific gateway device

 Each of these four alternatives is a viable approach to implementing a VPN, and vendors supply products in each of these areas. Some people may prefer the convenience of a “VPN in a box” as provided by special-purpose gateway devices. Those with routers and firewalls already present in their network may prefer to extend these for VPNs. Finally, those wanting to avoid hardware purchases can select a software-only VPN solution that meets their needs.

You might be wondering what I am talking about, but take a closer look at the Red letters above…Yes you are right, these are the first letters of the 7 Layers of the OSI Model, the fundamental building block of TCP/IP Networks.

The 7 Layers of the OSI Model are shown below.

• Layer1:Physical Layer
• Layer2:Data Link Layer
• Layer3: Network Layer
• Layer4: Transport Layer
• Layer5: Session Layer
• Layer6: Presentation Layer
• Layer7: Application Layer

The OSI reference model specifies standards for describing “Open Systems Interconnection”. The term ‘open’ was chosen to emphasise the fact that by using these international standards, a system may be defined which is open to all other systems obeying the same standards throughout the world.

It consists of 7 Layers with each Layer being functionally independent of the others. Control is passed from one layer to the next, starting at the top and proceeding to the bottom layer, over the channel to the other station and back up the layers. The receiving layer at the destination host receives exactly the same object as sent by the matching layer at the source host. This is shown in the diagram below:

The layers are in two groups. The upper four layers are used whenever a message passes from or to a user. The lower three layers are used when any message passes through the host computer. Messages intended for this computer pass to the upper layers. Messages destined for some other host are not passed up to the upper layers but are forwarded to another host.

The sending process passes data to the application layer. The application layer attaches an application header and then passes the frame to the presentation layer.

The presentation layer can transform data in various ways, if necessary, such as by translating it and adding a header. It gives the result to the session layer. The presentation layer is not aware of which portion (if any) of the data received from the application layer is the application header and which portion is actually user data, because that information is irrelevant to the presentation layer’s role.

The process of adding headers is repeated from layer to layer until the frame reaches the data link layer. There, in addition to a data-link header, a data-link trailer is added. The data-link trailer contains a checksum and padding if needed. This aids in frame synchronization. The frame is passed down to the physical layer, where it is transmitted to the receiving host. On the receiving host, the various headers and the data trailer are stripped off one by one as the frame ascends the layers and finally reaches the receiving process.

In this article I describe the most popular methods and technologies available to use in order to enable your company users to access internal data from outside your company.

1. Dial-up access

This method was very popular in the past, but nowadays is not used so much since there are other faster and more secure technologies. Basically, a dial-in modem is installed on the serial port of your Remote Access Server (RAS), which serves as the entry point in your network. A remote user dials-in the company’s modem number, using for example the Microsoft Dial-up Networking (DUN), and is authenticated by the RAS server before entering the internal network. This method is vulnerable to ‘war dialers’ which are tools used to scan telephone networks and get access to dial-up modems for hacking into your network.
  

2. IPSEC VPN with Remote Access VPN Client

This is probably the most secure and popular method used when individual users want to connect with their laptops or desktop computers from outside your corporate network. A VPN client has to be installed on the user’s computer, and there has to be an Internet connection available for the remote user. The VPN client creates a secure and encrypted IPSEC tunnel between the laptop of the user and the corporate office. This tunnel is terminated on a VPN IPSEC capable device located in the company office. Even if this VPN tunnel goes through the Internet, the IPSEC protocol encrypts all the data flowing inside the tunnel, thus providing strong security.

3. IPSEC VPN with LAN-to-LAN Communication

This method uses again the IPSEC protocol, but it is utilized for connecting a whole remote office LAN with the central corporate office, rather than individual users. The remote office has to be equipped with an IPSEC capable device and connection to the Internet. The IPSEC device (router, firewall etc) creates a VPN tunnel with the IPSEC device in the central office, thus creating a secure tunnel to connect the two data LANs. Even if the two LAN networks have private IP addresses (e.g 192.168.1.0 or 10.1.1.0 etc), they can still communicate through the Internet since the VPN tunnel encapsulates all data within public addresses which are routable in the Internet.

4. SSL VPN

SSL (Secure Sockets Layer) is the security protocol that is used extensively in web browsers. It employs the public and private key encryption system from RSA, and it provides secure and flexible communications through the internet. SSL VPN gains a lot of popularity since it already exists inside web browsers, and does not require an extra VPN client to be installed on the user’s computer. The central corporate office has to be equipped with an SSL VPN termination device, and the remote clients just need to use their web browser for connecting to their corporate office.   

So what is this TCP/IP thing? What good does it do for you and has this been the latest thing or will it even get better? This article is trying to touch some of the aspects of the TCP/IP layer, higher level protocols based on it and give a brief outlook on what is next.

1. TCP what?
TCP/IP is an abbreviation for Transmission Control Protocol/Internet Protocol. It only has one task: it makes sure that all of your data is sent across the internet and is being delivered to the right computer.

TCP/IP is a bundle of communication rules. Without it, data could not be transported in a reliable manner and hardware independent from one computer to another. As such, it is the basis of the internet as we know it today.

However, it is important to understand that TCP/IP are just the parents in a family of networking protocols. There are other families of networking protocols and there are (if we keep the image of the family in mind) children and relatives belonging to the TCP/IP family.

2. Layers
So, are you one of the fellows who first went online with Dial Up Networking on a Microsoft system? Have you ever clicked with your right mouse button on DUN to see further info and see how many packages you have transmitted over your dialup connection? Those packages were prepared and send out by mom and dad of the TCP/IP family. Surely, you probably never cared about this, unless you had problems with your dialup connection. But we are going to have a closer look at the microcosm of this newly discovered family.

Unfortunately, the TCP/IP family is somewhat limited and they sort of don’t get the bigger picture. This is a good thing though. They don’t pack up the 5MB MP3 song you are trading over Kazaa et al. at once. They slice your data into several hierarchical structured little packages. It doesn’t matter whether you send an email, use a filesharing tool, browser the web, use an instant messeger or even look at the pics you’re not supposed to look at – every chunk of data is sliced into pieces and transmitted over this standardized protocol.

Without this standard, every developer would need to create his own (proprietary) method to transmit data. However, developers (just like mathematicians) don’t like to do a lot of extra work and they like to reuse functionality. They usually don’t care how the data gets from your computer and the modem over a phone line or network cable through a whole line or network of computers to its final destination.

However, we do and that’s the reason of this article.

Think of the TCP/IP family as a set of different layers. The top layer is the actual application protocol which communicates with the application of your choice (your filesharing tool, mail software, browser, instant messenger, etc).

The top layer communicates with the TCP layer, which prepares and forwards the data to the IP layer. The IP layer is directly responsible for communicating with the networking card and its drivers. This low level layer is often referred to as the data-link layer. But when your local tech guru talks to you about your data link layer he usually just means your ethernet card, modem, or wlan card. The card is responsible for feeding the data into the network cable and retrieving incoming packages from it. Once it has retried a data package, it forwards it to the next higher layer (IP).

Depending on the amount of data you can send and retrieve (also known as upstream or downstream ratio) we might be talking about hundreds of thousands of packages for a normal session.

Imagine the chaos and confusion if the data could not be put back together properly!

Network drivers

That’s exactly what would happen without the network driver. The network driver adds data to each data package in a so called header. The header contains information such as the length of the data package.

The IP layer

The IP layer is responsible for making sure that all data is routed properly. It’s a point to point protocol and doesn’t have to worry about the network cards or other hardware related issues involved. Basically all it needs to know is the IP address of the final destination.

IP addresses and DNS

So what is an IP address? An IP address is a something like 66.98.189.217 – it is the numeric address of a host in a network. Instead of going to ‘www.ezoshosting.com’ you could as well go to 66.98.189.217 and you’d see the same site. Give it a try, type it in your browser’s address bar and if the ezoshosting IP address has not changed, since I type out this article on my keyboard, you will see the same thing as when accessing ‘www.ezoshosting.com’

That’s neat, right? Let’s have a quick look at how this trick works: If you enter ‘www.ezoshosting.com’ in your browser, TCP/IP tries to resolve that address. At first, it will look at your local hosts file. The local hosts file is a plain text file that allows you to overwrite public domain names with your own assigned IP address. This is only effective if someone on your computer types in the name of the domain. While this is relatively simple and effective, this is also possibly quite evil and dangerous. There is an increasing trend by worm and virus authors to overwrite addresses of well known companies with maliscuous IP addresses, so, it’s a good practice to regularly check your hosts file (in Windows XP you can locate it in /Windows\System32\Drivers\Etc) and see if no one added a local entry for websites you regularly login to and enter high sensitive data.

If TCP does not find an entry in your hosts file, it will query your name server (which is usually the nameserver of your ISP). Your ISPs nameserver usually caches the values of an assigned IP address for 24 to 72 hours. So, if you go to ‘www.ezoshosting.com’ and ‘www.ezoshosting.com’ moves one hour later to a new IP address, you will still see the old IP address for as long as your ISP has the old address cached. If your local ISPs name servers don’t know the address of a domain name, they will query the next higher nameservers (and this goes on and on until they reach the level of the so called root-servers). If in doubt, the root servers can happily point to a set of nameservers that really is supposed to know which IP address you have to go to in order to retrieve data from a domain. The root servers gather this data from the
registrars.

Package headers

Let’s have a close look at the header again. We already know that it has the length added by the network driver. But what other goodies does the family add to the package as it sends it out across the net? The IP layer adds the IP address of the final destination host and the IP address of the sending host. As with every species, there are slackers among the group of data packages. For one reason or another they just never arrive at the destination. That’s the reason why the destination needs the address of the sender so that it can answer and say “hey you, yes you, send me the package XYZ again” if a package XYZ was lost along the way.

Now let’s get back to the family business. After the IP layer received a block of data, it passes it on to the next higher level: the TCP layer.

TCP layer

While the IP layer does the basic work, the job of the TCP layer could be compared to the job of a supervisor. The data blocks I referred to earlier in the article are also known as segments. The TCP layer’s job is to make sure that segments arrive in the right order and without modification at the proper destination. So what do they need to do to achieve that? Right, they’re adding data to the header. The TCP layer adds a checksum and a number which contains the order the data packages need to be put back in later on. Imagine what would happen if packages wouldn’t be sorted. Did you ever listen to a song backwards? You would probably experience something similar if packages would not be numbered.

UDP layer

However, there are situations where TCP headers adds too much overhead to a connection, for example, if you are listening to a live music or video stream. In those situations it doesn’t really matter that you receive all packages all the time and in the right order. In those situations, you’re better off by using a more lightweight protocol such as the User Datagram Protocol (UDP).

UDP controls the data transfer at a very minimal level only. It does not guarantee that all segments arrive at the destination or that all of them arrive in the proper order.

TCP and medieval cities

Once TCP has verified that a data segment is correct, it removes the header and passes the data on to the actual application.

The actual applications are sitting behind a port and waiting on the input as delivered by TCP. Each application has at least one unique port. The route from the port to the actual application is called the application protocol. The concepts of ports and firewalls (which we can’t cover here) might be easy to visualize if you think of a medieval city. Back in the medieval ages, they had walls around the cities and gates to let people in and out. In some cities they had special gates for merchants, soldiers, etc. The walls are the firewall of our computer, the gates are the ports, and the different purposes of each gate can be compared to the different jobs an application needs to do.

A computer, just like the medieval city, can have different ports open at the same time – which guarantees that you can chat with friends while you are using a filesharing software.

There are several popular protocols: the Hypertext Transfer Protocol (HTTP), SMTP (Simple Mail Transfer Protocol), and FTP (File Transfer Protocol) are probably the most popular ones. The HTTP protocol standardizes how data needs to be formed so that your browser (no matter which one you use) is able to recognize the data it receives.

If you’re curious to see what the real text data your browser receives looks like and you know how to open a telnet session, we should have a closer look:

As I mentioned above, the different applications are sitting behind different unique ports. For a webserver behind a HTTP connection this is usually port 80, for a mailserver behind a SMTP connection this is usually port 25, for a FTP server behind a FTP connection this is usually port 21.

A sample HTTP connection

To connect to the webserver residing at ‘www.ezoshosting.com’ through telnet, simply enter this command:

telnet www.ezoshosting.com 80

The screen output will be something like this:

Trying 66.98.189.217...
Connected to www.ezoshosting.com.
Escape character is '^]'.

Now type the escape character and an actual webpage will be shown in its sourcecode to your telnet session.

A sample SMTP connection

To connect to the mailserver residing at mail.ezoshosting.com through telnet, simply enter this command:

telnet mail.ezoshosting.com 25

The screen output will be something like this:

Trying 66.98.189.217...
Connected to mail.ezoshosting.com.
Escape character is '^]'.
220-houston.ezoshosting.com ESMTP Exim 4.24 #1 Fri, 30 Jan 2004 09:09:24 -0600
220-We do not authorize the use of this system to transport unsolicited,
220 and/or bulk e-mail.

It will just sit there and do nothing. If you feel like it, you can communicate some more with the server:

HELO tester.atsomedomain.com
250-houston.ezoshosting.com Hello tester.atsomedomain.com[ipaddresshere]
250-SIZE 52428800
250-PIPELINING
250-AUTH PLAIN LOGIN
250-STARTTLS
250 HELP

As you see, it recognized you and greeted you back.
If you want to talk more with the chatty server, just type:

HELP
The output will be:
214-Commands supported:
214 AUTH STARTTLS HELO EHLO MAIL RCPT DATA NOOP QUIT RSET HELP

A sample FTP connection

To connect to the ftp server residing at ftp.ezoshosting.com through telnet, simply enter this command:

telnet www.ezoshosting.com 21

The screen output will be something like this:

Trying 66.98.189.217...
Connected to ftp.ezoshosting.com.
Escape character is '^]'.
220 ProFTPD 1.2.9 Server (ftp.ezoshosting.com) [66.98.189.217]

To see a list of available commands / words:

HELP

214-The following commands are recognized (* =>'s unimplemented).
 USER    PASS    ACCT*   CWD     XCWD    CDUP    XCUP    SMNT*
 QUIT    REIN*   PORT    PASV    EPRT    EPSV    TYPE    STRU
 MODE    RETR    STOR    STOU    APPE    ALLO*   REST    RNFR
 RNTO    ABOR    DELE    MDTM    RMD     XRMD    MKD     XMKD
 PWD     XPWD    SIZE    LIST    NLST    SITE    SYST    STAT
 HELP    NOOP    FEAT    OPTS    ADAT*   AUTH*   CCC*    CONF*
 ENC*    MIC*    PBSZ*   PROT*
214 Direct comments to root@www.ezoshosting.com.

The next generation

Unfortunately, the current and still relatively easy way of handling IP addresses is doomed to die, as the number of IP addresses is limited to only about 4 billion addresses. This may sound like a lot, but it really isn’t. Have a look at how many pages are spidered by Google. As I write this article, google spidered 3,307,998,701 pages and that’s still only a small percentage of all estimated webpages. Experts believe that in 2005 we will run out of Ipv4 addresses. This is not a new development though and people are prepared.

In the early 90s work on IPv6 has started. IPv6 will greatly enhance the number of available IP addresses and many people believe it will lead to each electronic device having it’s own IP address and we still won’t run out of IP addresses.