|
Data Communications 2 Module 3 |
In this module there are three topics. We study the key technical issues for managing global networks based on Internet technology.
At the end of this topic you should have:
Formal standards are written documents developed according to a set of well known procedures by a standards setting organisation. Industry standards are set by common usage. If enough copies of a product are sold and used, new purchasers might buy clone products built to copy (in function) the industry standard product.
Open and proprietary are descriptions of industry standards. If an organisation uses the law to enforce its copyright and other forms of intellectual property rights (for example trade secrets and patents), then the industry standard is said to be proprietary. If an organisation makes its product specification public property, then the standard is said to be open.
The term open has taken on other meanings over time. Unix is said to be open, certain SQL database packages are said to be open, etc. The term here is applicable because these products satisfy the definition of open above.
Hence, standards are either:
Visit each of the home
pages below, try to identify what the organisation does as a primary mission,
who sits on the standards committees for this body, what areas of standards
does this body cover.
IETFThe Internet Engineering Task Force (IETF) is a large open international community of network designers, operators, vendors, and researchers concerned with the evolution of the Internet architecture and the smooth operation of the Internet. It is open to any interested individual.
The actual technical work of the IETF is done in its working groups, which are organised by topic into several areas (e.g., routing, transport, security, etc.).
Many see the IETF as the Internet standards body.
ISOThe International Organisation for Standardisation (ISO) is a worldwide federation of national standards bodies from some 100 countries, one from each country.
ISO is a non-governmental organisation established in 1947. The mission of ISO is to promote the development of standardization and related activities in the world with a view to facilitating the international exchange of goods and services, and to developing cooperation in the spheres of intellectual, scientific, technological and economic activity.
ISO's work results in international agreements which are published as International Standards.
ITUThe International Telecommunications Union (ITU) is an international organisation within which governments and the private sector coordinate global telecom networks and services. ITU activities include the coordination, development, regulation and standardisation of telecommunications and organisation of regional and world telecom events.
W3CThe World Wide Web Consortium (W3C) was founded in 1994 to develop common standards for the evolution of the World Wide Web. It is an international industry consortium.
IEEEThe Institute of Electrical and Electronics Engineers (IEEE) claims to be the world's largest technical professional society. It was founded in 1884 by a handful of practitioners of the new electrical engineering discipline in the U.S.A, today's Institute is comprised of more than 320,000 members who conduct and participate in its activities in 147 countries.
The technical objectives of the IEEE focus on advancing the theory and practice of electrical, electronics and computer engineering and computer science. To realise these objectives, the IEEE sponsors technical conferences, symposia and local meetings worldwide: publishes nearly 25% of the world's technical papers in electrical, electronics and computer engineering; provides educational programs. The IEEE runs an active and influential standards setting system.
For each of these groups
of Internet standards, locate a copy of the suggested standard and read
it just until you understand what that standard is about.
Look through the following pages. What is and RFC? Why does it have that name?
What is RFC822?
What is the latest version
of HTML? When were the various versions first released? What will be the
next version of HTML? What special features will it have over the previous
version?
The HTML standards are set by the W3C. Browser writers create software capable of displaying standard HTML with extenuations, for example here are the features of two browsers Microsoft Internet Explorer Version 3 and Netscape Navigator version 3 each standards compliant with enhancements. The standards body tries to keep up with the developments. The Data Communication 2 Reader has a review of browsers comparing features and extensions to the standards, see reader article number 10, Ayre, Rick and Mace, Thomas (1996) Online Internet access : just browsing, in PC Magazine, Volume 15, Number 5, March 12, 1996, pp. 100-146.
A writer of HTML can check to see their HTML is standard, Microsoft or Netscape compliant by using an HTML validation service such as that linked here.
Where is DCOM formally
specified? What is the relationship between DCOM and Network OLE? What
is OLE?
Microsoft is making it's Distributed Component Object Model (DCOM) available in the public domain, it may become a standard. I present it here as a candidate industry standard still, a proprietary specification on its way to an standard. Not everyone thinks it will get there. Here is a contrary view. Our text book also contains information on DCOM.
The web sites referred to above must be visited,
also read:-
Ayre, Rick and Mace, Thomas (1996) Online Internet access : just browsing, in PC Magazine, Volume 15, Number 5, March 12, 1996, pp. 100-146.
Orfali, Robert, Harkey, Dan and Edwards, Jeri (1996) The essential client/server survival guide (2nd. ed.), John Wiley & Sons Inc. pp. 675. Read about the web standards in chapters 28, 29 and 30.
Multi choice
|
Short answerWrite brief answers to the following questions,
The organisations:- |
Essay 6
Here are some style guidelines.
Where is DCOM formally specified? What is the relationship between DCOM and Network OLE? What is OLE? |
Research Project 1
The HTML standardWhat is the latest version of HTML? When were the various versions first released? What will be the next version of HTML? What special features will it have over the previous version? |
[ Previous Module | Previous Topic | Data Communications 2 Home | Next Topic | Next Module ]
At the end of this topic you should have:
In this module you will search for, and find material on the emerging desktop management standards, use basic network monitoring software (available in Windows 95, Unix and Microsoft TCP/IP for Windows for Workgroups 3.11). You will down load, install and operate a public domain package for network management and use web based network monitoring tools.
Network management
The Desktop Management
Task Force (DMTF) has specified a standard, the Desktop Management
Interface (DMI). This is the new and upcoming standard for future Internet
component management. Read
about the features in the DMTF home page,
and the DMI standard in your text
book (Orfali et. al. p. 609 - 624).
Here is a quote from the DMTF white paper on DMI:-
The DMI at Work: Making Manageability A RealityThe DMI has garnered strong support from numerous vendors and corporate users who support the DMTF’s continuing effort of proliferating the DMI standard in all computing environments. The DMI promises an open standard, which will guarantee vendors a common strategy for designing supportability and manageability into their products. For users, the DMI promises ease-of-use and inherent intelligence in their computing environments. Deploying the DMI will have very concrete benefits, initially at the enterprise level but just as surely across all computing environments, including the home and small office, home "edutainment" use, and mobile. Following are several clear examples of DMI-based solutions in action. For example, a user may want to connect to a workstation via modem but has no way of knowing the modem’s communication parameters. A modem using the DMI would report all of its current communication parameters to the MIF database. Rather than walking to the modem, the user can access this information from the desktop by querying the MIF database stored on the network. The user quickly discovers the modem is running at 9600 baud with 8 data, no parity, and 1 stop bit, which allows a connection to begin. Or, a systems administrator wants to install a new software program on a user’s PC. Again, the administrator can query the DMI’s MIF database and quickly determine if the user’s desktop has the minimum system resources and configuration to load the program. Support becomes easier, even long distance. Imagine a user who is having trouble configuring a network adapter. A call to the manufacturer’s support line is greatly simplified when the user can access the MIF database for the network adapter in question. Using this selective data along with the PC systems configuration data in the MIF database, the manufacturer quickly determines the cause of the problem and provides a solution — without the time-consuming guesswork frequently needed now. |
This is the current standard for network management. It involves ICMP protocol packets. Use the commands below on your system (most TCP/IP systems have these commands or programs that do the same thing) to see what can be done to monitor network components and their operation with SNMP.
The text, Orfali et. al. 579 - 605 has a good description of SNMP, read
it.
ICMP is an Internet protocol that helps manage IP networks. The following are some simple commands based on ICMP.
The ping command send an IP packet to a host, if the packet arrives, the host returns an IP packet which on returning to the sender, allows the sender to determine the transit time. These are called ICMP packets. There are many other types of ICMP packets.
Try ping to your own PC
(the route command will allow you to find your PCs IP address)
Try ping to your gateway,
try ping to broncho.ct.monash.edu.au.
The Unix command traceroute (Microsoft tracert) allows you to send tree ICMP packets to each gateway computer between your PC and another host. This command alows you to see where and why you can't contact a host, and see the "structure" of the Internet.
Try traceroute (or tracert)
to broncho.ct.monash.edu.au and to a USA site like say www.hp.com.
If you have a Unix account, locate and use the nslookup command, this allows you to learn about the machine names and IP address numbers.
The following web address demonstrates the use of the www to monitor data throughput in parts of the web. The software used is public domain and can be installed and operated with your Unix web server, see the Multi Router Traffic Grapher page for details.
View the Monash
traffic data, see how it changes over time.
You may wish to install a demonstration network monitoring and mapping package for IBM PC clones running TCP/IP. The software is called Netguard and is located here.
See the project task below
to install and operate Netguard.
Orfali, Robert, Harkey, Dan and Edwards, Jeri (1996) The essential client/server survival guide (2nd. ed.), John Wiley & Sons Inc. pp. 675. Read about the web standards in chapters 33.
Multi choice
|
Short answerWrite brief answers to the following questions,
Hint: Consider fire walls and router configurations.
The green (solid) graph shows data entering the firm's network, the blue (simple line) shows data leaving the firm's network.
Hint: This is information derived from a prior version of the monitoring page from Monash. |
Essay 7
Here are some style guidelines.
Based on your reading about SNMP and use of the ICMP based commands ping and traceroute, you will have developed some understanding of the security provisions in various aspects of Internet network management. Consider the problem of industrial espionage, a competitor may be able to use your network architecture or your traffic patterns to learn about the structure of your firm. Is this a serious problem? Surly there is very little information about say the location of your offices freely available to one and all in the Internet. Do you agree with this view? Give some examples of office location information found by you. |
Research Project 2Some SNMP softwareYou may wish to install a demonstration network monitoring and mapping package for IBM PC clones running TCP/IP. The software is called Netguard and is located here. This project though recommended, is only that, recommended. If you do install the package, I should like to hear from you your experiences. Try to discover the nodes in the following bit of the Internet by following these steps.
Send your tutor a brief review of this software (less than 200 words). |
The aim of information security is to achieve confidentiality, integrity and availability. In this topic, we will study the special, Internet related threats to security and the counter measures. The student will gain:-
The student may wish to revise the security part of topic 3.
Internet security tries to defend against two distinct threats by achieving access security and transaction security.
Access security refers to a corporation's ability to protect its computers, memory, disk, printers and other computing equipment from unauthorised use. Firewalls are used to restrict access.
Cisco is a major provider of routers, devices used to connect networks to the Internet, so obviously Cisco's packet filter strategies are essential reading.
Transaction security or communications security refers to the ability of two entities on the Internet to conduct a transaction privately, and with authentication and digital signatures if required. Electronic commerce on the Internet and the Web fundamentally depends on transaction security. Secure HTTP and SSL are mechanisms for transaction security on the World Wide Web.
The following are essential reading for those interested in Internet security strategies.
Telnet is used to gain remote access to main frame computers, often controlled by a user name and a password, eavesdropping in public networks makes such protocols very insecure.
Secure versions of telnet like protocols aim to remove the need to pass passwords over the network or to exchange passwords in scrambled form using cryptographic methods. If cryptography is used to protect passwords, it can then be used to scramble the whole session.
Secure telnet and other TCP/IP sockets with Datafellows SSH
Email is passed around the Internet in a store and forward manner. Hence the methods for secure telnet, involving two computers in real time, online connections, can not be used to secure email.
There are RFCs for Privacy Enhanced Mail (PEM), the HTTP based Secure Socket Layer protocols and tools are used for Secure Multimedia Internet Mail (S-MIME), the most used tool for secure email is neither of these, it is Pretty Good Privacy (PGP).
With PGP, email is scrambled and a public key system is used to spread a network of trusted public keys.
Secure Socket Layers (SSL) is the most frequently used security protocol for the web. This prevents servers fraudulently claiming and identity to collect say VISA card numbers. SSL also enables scrambling of the information sent to clients, so preventing eavesdroppers from getting private or valuable information without authority.
SSL is described in our
text book Orfali et. al. p. 501 - 505.
SSL and client certificates can be used to enable clients to authenticate their rights of access.
Secure electronic transactions (secure electronic funds transfer) (SET) is not yet a stable technology. there are obvious dangers of forgery, theft, fraud due to the security holes of authenticity and confidentiality inherent in large public networks like the Internet.
Microsoft is leading a consortium to try to solve these problem, see
Microsoft
Internet Security Framework.
The technical tools used to scramble data is often public key cryptography. In the USA, Public Key Cryptography has been patented. The patents are held by RSA DSI Inc. They have a fine FAQ on public key cryptography and the RSA system, the most commonly used.
In order to use public key cryptography and the RSA algorithm for confidentiality
and authentication, there is a need to distribute public keys. This is
done by digitally signed certificates. X.509 is an ITU-T (CCITT) standard
for certificates and is used in the SSL protocol. X.509 certificates can
be used for both client and server authentication. The demonstration (DEMO)
at X.509.com is an excellent tutorial.
Set aside 30 minutes and work
through the whole demonstration with your Netscape Navigator version
2.02 or later or Microsoft Internet Explorer version 3 or later.
Here are some web security service and software sources:
Orfali, Robert, Harkey, Dan and Edwards, Jeri (1996) The essential client/server survival guide (2nd. ed.), John Wiley & Sons Inc; see Secure Socket Layer (SSL) pp. 501 - 505 and packet filters pp. 507 - 508.
Udell, John (1996) Your business needs the web, in Byte, Volume 21, Number 8, August 1996, pp. 68-80.
Multi choice
|
Short answerWrite brief answers to the following questions,
|
Essay 8
Here are some style guidelines.
Read the article on Internet Security Issues by C. Avram. What is Avram's recommendation for Internet security? Do you agree? Give your reasons for and against the use of public certificate authorities. Which would you recommend is asked? What would your considerations be based on? |
Research Project 3
If these actions are not permitted in your country, send your tutor an email saying just that. This is a typical PGP public key, it is Chris Avram's. -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3a mQCNAi2fqDgAAAEEAK7TUEgDS6wdnk+D4/w6ogYXXKCF8vtqHOtZRU6YBj5m3YLi PDHrsL2ACWmSHfH75eRgwhSQ0YlNyCtO1Hx4mZU/qH1cKstqE924RrjAHDWsde3Y xpwSbkF7D8xqzAFvAHZkU3oguY+7bZm650aJlY+QDyvHE/L9TWgETmDvYcDlAAUR tCdDaHJpcyBBdnJhbSA8Q2hyaXMuQXZyYW1AbW9uYXNoLmVkdS5hdT4= =rY49 -----END PGP PUBLIC KEY BLOCK----- |
