Higher Computing – Unit 3
Download
Report
Transcript Higher Computing – Unit 3
Higher Computing – Unit 3
Topics 5-8, 2, 9
Networking
St Andrew's High School, Higher Computing
1
Topic 5 : Implications of WWW - Pre-Requisite Knowledge
Before studying this topic you should
know what kind of services are
provided by the Internet. You should
know that an Internet Service
Provider (ISP) is needed before you
can connect a computer or a network
to the Internet. You should be aware
of the existence of E-commerce, and
its implications for home and
business users. You should be able to
describe the main features of the
Regulation of Investigatory Powers
Act.
St Andrew's High School, Higher Computing
2
Topic 5 : Implications of WWW – Learning Objectives
After studying this topic you should be
able to:
• Describe the implications of the World
Wide Web (WWW) for E-commerce
• Understand the social ethical and legal
implications of the WWW
• Describe the current legislation which
affects users of the WWW
St Andrew's High School, Higher Computing
3
Topic 5 : Implications of WWW – Revision
Q1: What is E-commerce?
a) The ability to use the Internet for communication
b) The ability to use the Internet for economic transactions
c) Downloading music from the Internet
d) Using Electronic Funds Transfer (EFT)
Q2: Which of these is not covered by The Regulation of
Investigatory powers Act?
a) Employer monitoring their employees emails
b) Government monitoring a telephone line
c) Buying goods over the Internet
d) Using encryption to hide details of a crime
Q3: Why is an Internet Service Provider (ISP) needed before you
can connect a computer to the Internet?
a) Every computer connected to the Internet needs a unique IP
address and ISPs provide these.
b) You need a telephone connection which ISPs can supply.
c) ISPs control the Internet.
d) Connecting a computer to the Internet is very complicated and
only ISPs can do this.
St Andrew's High School, Higher Computing
4
Topic 5 – Implications of WWW - Introduction
The World Wide Web has implications for:
•the way people communicate with each other,
•how societies are organised,
•how information is shared,
•and how we are governed.
Many of the changes which the WWW has been
responsible for have not yet been realised by
everyone, and many governments are only just
waking up to its benefits and dangers.
This topic explores some of the commercial,
social, ethical and legal issues which the
existence of the WWW raises.
St Andrew's High School, Higher Computing
5
Topic 5 – Implications of WWW – E-Commerce
E-commerce - buying and selling products or
services over the Internet Electronic Funds
Transfer (EFT) - we now take it for granted
that we can use ATMs and pay for goods in
shops and on-line, all over the world, using a
credit or debit card.
This is only possible because of the networked
banking systems. On-line purchasing has led to
fears about security of credit card details and
the difficulty of receiving compensation if
goods or services do not arrive or are not what
they are advertised to be.
St Andrew's High School, Higher Computing
6
Topic 5 – Implications of WWW – E-Commerce
There are 3 different types of e-commerce:
1. Business to consumer e-commerce is the
sale of goods or services to the general
public via the internet.
2. Consumer-to-consumer e-commerce allows
consumers to purchase goods from one
another. An example of this is an online
auction, such as Ebay.
3. Business-to-business e-commerce is when
businesses provide goods and services to
other businesses. Services may consist of
online advertising, job recruiting, credit,
sales, market research, technical support,
web hosting, and different types of training.
St Andrew's High School, Higher Computing
7
Topic 5 – Implications of WWW – Purchasing Software from WWW
Software is often distributed via the Internet, with
payment being made using a credit card. Software can
be locked, or set to expire after a period of time unless
it is registered. Payment of a fee results in the code to
unlock the software being sent by email.
Pay as you go software will be possible when sufficient
bandwidth is available! Because everyone would be using
the same version of the software, software companies
would be able to save on technical support and
distribution costs. They would also be able to offer
services such as data backup, offering many of the
advantages of a Local Area Network. Software
distributed over the Internet can often be cheaper
because developers can save on distribution costs and
reach a very wide market.
Shareware works on the principle that if a lot of people
are prepared to pay a small amount for software it may
mean more profit for the vendor than a few people
prepared to pay a large amount.
St Andrew's High School, Higher Computing
8
Topic 5 – Implications of WWW – Purchasing Software from WWW
Mass Markets - Even if a product is very specialised or
may only appeal to relatively few individuals the internet
allows vendors to target their product to a particular
audience, world wide.
Purchasing Services over the Internet
Eg Access to an Internet connection, a certain amount
of bandwidth and sometimes networked storage
facilities for file transfer and web hosting. Allows
training and on-line courses over the web eg Scholar
using an ID and password.
Content providers can sell access to information on the
Internet eg up to date stock market prices, detailed
satellite data, photographic images, on-line training,
news feeds and other services. Entertainment services
such as access to networked games and music downloads
are services, which are likely to become subscriptionbased services.
Advertising fees allow content to be provided "free" to
users in the same way that advertising is able to fund
commercial television services.
St Andrew's High School, Higher Computing
9
Topic 5 – Implications of WWW – Advantages of E-commerce
The advantages of E-commerce to the customer are:
• Goods and services can be purchased at any time of
day or night
• Goods and services can be purchased from anywhere
in the world
• E-commerce uses Electronic Funds Transfer (EFT) so
no cash needs to be used
• Consumers are able to research a product and its
competitors more thoroughly
• before purchase and compare prices from different
retailers
• Goods purchased arrive by post or courier so reducing
the need to travel
St Andrew's High School, Higher Computing
10
Topic 5 – Implications of WWW – Advantages of E-commerce
The advantages of E-commerce to the merchant are:
• Dealing directly with the customer means no profit
taken by retailers or "middlemen"
• Your customer base is no longer restricted to those
who can travel to your nearest outlet
• You do not need to pay for expensive high street
retail outlets
• EFT means no security problems handling cash
• You can automate the packing and delivery of your
product
• Your on-line profile does not depend on the physical
size of your organisation
• Stock control, order tracking and funds transfer can
be automated and linked directly to e-transactions
St Andrew's High School, Higher Computing
11
Topic 5 – Implications of WWW – Disadvantages of E-commerce
The disadvantages to the consumer are:
• If you purchase goods or services from a company in
another country then you may have difficulty
recovering funds if goods do not arrive or are not
what was advertised.
• You rely on the security procedures of the firm you
are dealing with to keep your credit card details
secure.
• You may pay more for delivery or packing than it
would cost you otherwise
• Local businesses may suffer if you purchase on-line
from larger firms
• If you purchase goods from supplier in another
country, you may be liable to pay import tax
St Andrew's High School, Higher Computing
12
Topic 5 – Implications of WWW – Disadvantages of E-commerce
The disadvantages to the merchant are:
• Since customers may be anywhere in the world you
need to have good security in place to avoid credit
card fraud
• You need to employ someone to keep your web-site
and catalogue up to date
• You need to make sure your web site is secure and
that your servers are protected from hacker attack
St Andrew's High School, Higher Computing
13
Topic 5 – Implications of WWW – Disadvantages of E-commerce - Fraud
Security on the Internet is of particular concern eg
purchasing goods or services, being involved in any
financial transactions in banking or the stock market.
Concerns that credit card details being transmitted
over the Internet could be intercepted or stolen from
company servers are widespread. Anyone using an online bank account needs to be reassured that the
system they are using to access their financial details is
as secure as possible.
Most e-commerce sites use the HTTPS (HTTP over a
Secure Socket Layer) protocol to ensure that credit
card data cannot be intercepted when it is being
transmitted over the Internet. The HTTPS protocol
uses encryption to protect this information. Most
browsers will display a padlock icon or similar when using
this protocol, so that users are aware that data is being
encrypted.
Chip n Pin was designed to limit credit card fraud. Do
you think it is working?
St Andrew's High School, Higher Computing
14
Topic 5 – Implications of WWW – Disadvantages of E-commerce - Fraud
"Phishing" is a recent scam which involves extracting
credit card details, passwords and even pin numbers
from people by sending them emails which pretend to
come from their bank or credit card company. These
emails direct them to a fake web-site where they are
asked to enter their details.
Many credit card companies are using Artificial
Intelligence systems to spot unusual card activity such
as very large purchases or sudden increases in
transactions to try and spot the use of stolen card
details. This is necessary because a customer might only
become aware that their card details are being used
fraudulently when they receive their statement at the
end of the month.
St Andrew's High School, Higher Computing
15
Topic 5 – Implications of WWW – Social Implications
The Information-Rich and the Information-Poor
Many people feel that the Internet has accentuated the
difference between the rich and the poor. People in
western countries are described as "Information rich"
whereas most people in the Third World are
"Information poor", since connecting to the Internet
requires expensive equipment and access to a
networking infrastructure which does not exist in many
poor countries. Many rich countries also have sections
of their populations which are Information Poor. This
may be for a variety of reasons such as poverty,
geographical isolation or poor education. Many
governments are concerned that the Information Poor
will be unable to access government support and
information services, will be unable to participate in the
knowledge industry job market, and will increasingly
become more dependent on welfare and be less
employable as a result.
St Andrew's High School, Higher Computing
16
Topic 5 – Implications of WWW – Social Implications
Social Isolation
There is a fear that the increased use of electronic
communication will mean that many people will become
physically more isolated from each other. The Internet
encourages the creation of global communities, but may
result in neighbours not seeing each other for weeks on
end. E-commerce means that people use high street
shops less and meet together less as a result. Telecommuting means that people work from home instead
of in an office with their colleagues. Pals correspond by
facebook rather than meeting up for a chat.
St Andrew's High School, Higher Computing
17
Topic 5 – Implications of WWW – Social Implications
Employment and Taxation
Tele-working has revolutionised the way in which firms
utilise their employees. Tele-working can mean working
from home instead of travelling to an office every day,
using communications technology to keep in touch with
your employer. Work is sent/received electronically.
Tele-working can also mean working in a different
country from your employer or even not ever meeting
your co-workers or collaborators because they are all
living in different parts of the world.
Advantages for the employee:
Save on travel time and transport costs;
As long as you produce the required results, it does not
matter where or when you work.
If you are self employed, you can deliver your work to
your customers electronically.
St Andrew's High School, Higher Computing
18
Topic 5 – Implications of WWW – Social Implications
Disadvantages for the employee:
You can get a feeling of isolation, missing out on office
gossip or possible promotion prospects;
You may actually work harder and put more hours in
than you would if you were working in an office, feeling
you have to prove you work hard;
You will need space in your home to work, and you may
have to insure your employer’s computer equipment.
Advantages for the employer:
You can save money on office space , employees use
their homes;
Tele-workers often work harder than if they were
working in an office;
You can save money on wages as you can employ people in
parts of the world where wages are low. For instance,
many Western software companies are now looking to
the Far East to employ programmers and data
processing workers.
St Andrew's High School, Higher Computing
19
Topic 5 – Implications of WWW – Social Implications
Disadvantages for the employer:
Train your tele-workers and pay for communications
costs and computer equipment;
There may be security issues you will need to consider if
you want your employees to be able to log into your
company network from home;
You may have less control of the quality of service your
work-force provide if your workers are in a foreign
country.
St Andrew's High School, Higher Computing
20
Topic 5 – Implications of WWW – Social Implications
Video conferencing allows a number of people to
communicate with each other using sound, video and to
share data such as text and graphics even though they
are thousands of miles apart. Video conferencing
requires a high bandwidth connection and is expensive,
but can be dramatically cheaper than flying several
people from one continent to another.
St Andrew's High School, Higher Computing
21
Topic 5 – Implications of WWW – Ethical Implications
Personal Privacy
The monitoring of individuals’ Internet and email use is a
contentious issue. Many governments would like to have
access to this sort of information. Many individuals
would not like them to have this kind of access. With
modern communications networks it is theoretically
possible to trace the movements of any individual
around the world - they use cash machines, pay with
credit cards, use the Internet, use mobile phones,
appear on surveillance cameras, and may use electronic
road tolling systems. All of these systems could be
combined to track an individual’s movements. Even
organisations who manage LANs are becoming concerned
about the security and employment issues surrounding
email, and some are monitoring all email activity on their
networks to make sure that their employees are not
divulging company secrets or using the network
facilities for their own personal use.
St Andrew's High School, Higher Computing
22
Topic 5 – Implications of WWW – Ethical Implications
Cookies
Cookies are small data files which web servers send to
your machine along with web pages. HTTP is a
"stateless" protocol, which means that the web server
has no way of knowing which machine or user a request
for a web page has come from. This can be a problem if
you are using e-commerce, as the server needs to be
able to track a transaction between different web
pages. One solution is to store a session number in a
cookie which is sent to your machine - when you go to
the checkout the server requests the cookie so that it
knows which transaction belongs to you. Cookies are also
used to store details of personalisation which people
have applied to web pages. Unfortunately cookies can
also be used to track your activity on web pages, which
adverts you have responded to etc, and to customise online advertising accordingly. Many people regard this as
an invasion of their privacy. They can hold passwords so
should be regularly deleted.
St Andrew's High School, Higher Computing
23
Topic 5 – Implications of WWW – Ethical Implications
Encryption
Encrypting data is a method of coding it, in order to make it
difficult or even impossible for someone to read it unless
they have authorisation from you. Some governments make
encrypting data illegal, others regard it as an individual right.
As with all security systems, there is a trade-off between
security and convenience. The more secure you make a
communication system, the more inconvenient it is to use.
At the moment email on most networks is un-encrypted and
insecure, as messages are sent as plain ASCII text.
Netiquette
There are several conventions and a whole new vocabulary
which has developed with regard to how you should behave on
Internet newsgroups, using email, etc. Simple rules such as
not sending "Spam" (unsolicited commercial email), not
shouting (writing in capital letters) and respecting people’s
privacy may seem obvious, but it is easy to make mistakes
without realising it. The best policy when subscribing to a
newsgroup or joining a list server is to "listen" quietly for a
while (called "Lurking") to see how others behave before you
submit any contributions yourself.
St Andrew's High School, Higher Computing
24
Topic 5 – Implications of WWW – Ethical Implications
Misrepresentation
The ability to post messages on newsgroups or
discussion lists anonymously means that offensive
statements can be made without the person making
them being held to account.
Chatrooms – popular, world wide, real-time
communication. It’s an area on internet where users
type messages, messages are available to all connected
to server. Communication slow as you need to type
messages, but real-time application makes it popular.
One problem with chatrooms is that there is no way of
verifying that the person you are communicating with is
who they say they are. They may have lied about their
age, their sex, or why they are interested in chatting
with you. Paedophiles use chatrooms!
St Andrew's High School, Higher Computing
25
Topic 5 – Implications of WWW – Ethical Implications
Censorship and Pornography
What is legal in one country may not be legal in another.
Not all governments encourage the free debate of
political subjects and many governments try to block
access to opinions or political debate which is critical of
them. Many people believe that children should be
protected from violent, pornographic or extreme
political material, though of course what is considered
to be extreme in one society is not always considered to
be extreme in every society. From the point of view of
those wishing to impose censorship, the world-wide
nature of the Internet makes it very difficult if not
impossible to control. An international standard of
"rating" web pages for violent or sexual content has
been developed by the Internet Content Rating
Association (ICRA) which makes controlling access
easier.
St Andrew's High School, Higher Computing
26
Topic 5 – Implications of WWW – Internet Regulation
Taxation
Buying and selling on the Internet makes it very
difficult indeed to impose taxes, import duties or other
fees, particularly if the item purchased such as
software, music, or access to information can be
transmitted electronically and does not have to be
physically delivered to the purchaser. If you work in one
country but are employed in another, where should you
pay tax? Who should pay for your National Insurance?
Which country’s employment laws should apply?
The Copyright, Designs and Patents Act 1988 - Online distribution of software is cheap and easy, but the
distribution of illegal copies of software is just as easy.
Software piracy is a major problem in many parts of the
world. Many people argue that software piracy increases
the cost of software because software distributors
need to charge more to recover the cost of research
and development if only a percentage of those using the
software are actually paying for it.
St Andrew's High School, Higher Computing
27
Topic 5 – Implications of WWW – Internet Regulation
In addition to conventional software licensing, there are
a number of alternative software distribution models in
existence, including shareware, ad ware and even
freeware. On-line distribution reduces costs and
increases the market-share.
There is also concern over copyright concerning images
and other data available on the Internet. The fact that
this data is on a web page and anyone can access it does
not make it freely available for anyone to take for
themselves and publish it under their own name.
Peer to Peer file sharing software enables users to
share music or other files which may be subject to
copyright legislation. In the US, the Recording Industry
Association of America (RIAA) is conducting a legal
campaign to stop users from sharing music files in this
way.
St Andrew's High School, Higher Computing
28
Topic 5 – Implications of WWW – Internet Regulation
The Computer Misuse Act 1990 - covers using computers to
damage or steal data. The Computer Misuse Act covers
crimes such as hacking, ie breaking into computer systems or
networks to destroy or steal data and propagating viruses
which destroy or damage information or computer systems.
Before this act was passed, people breaking into computer
systems were often only able to be prosecuted for mundane
offences such as "stealing electricity".
The Data Protection Act (1998) describes the duties and
responsibilities of those holding data on individuals (Data
Users). It also describes the rights of these individuals
(Data Subjects). In general, it is the duty of those holding
data on individuals to register with the Data Protection
Registrar, to keep the information secure, make sure it is
accurate, and to divulge it only to those persons who are
authorised to view it. It is the right of an individual who has
data stored concerning them to view that information and to
have it changed if it is inaccurate. There are a number of
organisations which may be given exemption from this act namely the Police, Customs, National Security and Health
Authorities.
St Andrew's High School, Higher Computing
29
Topic 5 – Implications of WWW – Internet Regulation
The Regulation of Investigatory Powers Act (RIP Act)
The Regulation of Investigatory Powers Act (2000)
gives government and employers wide rights to monitor
employees e-mails and telephone calls to ensure that
they relate to work. It has been condemned as an
invasion of privacy but the government argues it is
necessary to crack down on internet crime and
paedophilia.
There are two main areas of controversy in the RIP act.
They concern collection of data and the use of
encryption.
St Andrew's High School, Higher Computing
30
Topic 5 – Implications of WWW – Internet Regulation
First Concern:
Security services, eg MI5, will be able to monitor
people’s internet habits by recording the websites and
chatrooms they visit and the addresses of emails they
send and receive. Currently all telephone numbers are
logged and some telephone companies are required to
enable security services to intercept calls (this is legal).
Internet activity is different however as web addresses
show exactly what people have been looking at and
enable the security services to build up detailed profiles
of where people go online and who they communicate
with.
The act also allows employers to intercept emails and
internet use by their staff, on grounds such as
monitoring for computer viruses, checking inappropriate
use of company email, or counteracting industrial
espionage.
Many people think that this law is disproportionate to
the problem it is trying to tackle, and that it allows an
invasion of the right to privacy of communication.
St Andrew's High School, Higher Computing
31
Topic 5 – Implications of WWW – Internet Regulation
Under RIP, some UK internet service providers (ISPs)
will be asked "to maintain a reasonable intercept
capability". This would mean that they would be required
to install a device enabling the security services to
monitor the flow of data. Critics say that these devices
will be hugely expensive and will have difficulty keeping
pace with fast-changing internet technology as well as
the ever-growing volume of internet traffic.
The Home Office claims that the power of interception
is rarely used and would need approval from Home
Secretary. Only used if national security was
threatened or serious crime was suspected.
St Andrew's High School, Higher Computing
32
Topic 5 – Implications of WWW – Internet Regulation
Second Concern:
The legislation’s reverse burden of proof - if
intercepted communications are encrypted, the act will
force people to surrender the decryption keys on pain
of jail sentences of up to two years. The government
says decryption keys will only be required in special
circumstances and promises that the security services
will destroy the decryption keys as soon as they are
finished with.
Human rights campaigners argue that the act reverses
the burden of proof in UK law as the person sending or
receiving the communication must prove their innocence
rather than the authorities proving their guilt. Stiff
prison sentences are a threat if a decryption key is
lost/forgotten.
St Andrew's High School, Higher Computing
33
Topic 5 – Implications of WWW – Internet Regulation
From the How to Pass Book
Regulation of Investigatory Powers Act 2000
The Government has the powers to:
• Intercept communications
• Acquire communications data (eg billing data)
• Set up intrusive surveillance (on private
property/vehicles)
• Set up covert surveillance in the course of specific
operations
• User covert human intelligence sources (agents,
informants, undercover officers)
• Access encrypted data
St Andrew's High School, Higher Computing
34
Topic 5 – Implications of WWW – Internet Regulation
But, the government must do all of the above while
respecting the Human Rights Legislation.
• Government can demand a tele-comms company to
intercept an individual’s communications
• Interception warrants’ can be used where national
security is at risk, or preventing/detecting serious
crime/safeguarding economic welfare of the UK. Eg
intercepting communications between a UK
businessman and a foreign company
• Home Secretary can intercept all data flowing
to/from a PC by contacting the ISP, or surveillance of
an person/building
• Government can insist an ISP fit surveillance
equipment to their systems, or leave a ‘back-door’ to
systems open (ISP is then vulnerable to hackers)
• Government can demand a decryption key
• Government can access internet traffic data eg
emails, ftp, web site accesses, chatrooms, newsrooms
and e-groups
St Andrew's High School, Higher Computing
35
Topic 5 – Implications of WWW – Internet Regulation
Why are these powers needed
• To maintain national security
• To prevent/detect crime
• In the interests of the UK’s economic well-being
• In the interests of public safety
• Protection of public health
• Tax assessment and collection
• Preventing death/injury/damage to a person’s health
in the event of an emergency
• The Home Secretary has wide ranging powers and
give the Government increased power to monitor
network traffic
St Andrew's High School, Higher Computing
36
Topic 5 – Implications of WWW – Internet Regulation
Summary
E-commerce is the buying or selling of goods or services on-line
Advantages - customer - convenience and increased choice
Advantages - retailer - economies of scale, ↑ markets and
Automation
Disadvantages for both - ↑ fraud, ↑ need advanced technology
Social problems - ↑ gulf between Information Rich/Poor and ↑
social isolation
Tele-working - improve peoples lives by reducing the need to travel
and allowing them to work in their own home in their own time.
Video conferencing - reduces the need for travel, but currently
needs special equipment and a high bandwidth connection
Ethical implications of the WWW include the problem of personal
privacy, the ability of others to track your use of the internet and
the increased use of encryption to disguise illegal activities
The use of chatrooms by young people and their exploitation by
paedophiles is also an ethical concern.
Computers and the Internet are regulated by a number of acts of
parliament in the UK. These include the Copyright Act, the Data
Protection Act, the Misuse Of Computers Act and the Regulation of
Investigatory Powers Act
St Andrew's High School, Higher Computing
37
Topic 6 – Network Security - Pre-Requisite Knowledge
Before studying this topic you should
know about the basic software security
measures on a network such as the
requirement for ID and password. You
should know about physical measures
which can be employed such as restricting
access to certain workstations. You
should know what encryption is and what
are the advantages of using it. You should
know why Internet filtering is needed in
schools and other organisations.
St Andrew's High School, Higher Computing
38
Topic 6 – Network Security - Pre-Requisite Knowledge
After studying this topic you should be able to:
• Describe types of threat to network security
and how they can be counteracted
• Describe a number of hardware and software
solutions to protecting networks
• Explain the benefits of encryption
• Explain the benefits of monitoring and logging
activity on a network
• Describe different approaches to Internet
filtering
• Describe the functions of a network firewall
St Andrew's High School, Higher Computing
39
Topic 6 – Network Security - Pre-Requisite Knowledge
Q1: Why should network users have an ID and password to log on?
a) Because you need to charge people for using a network
b) Because it is against the law to use network resources without
one
c) Because the network software needs to know who you are in
order to give you access to networked resources
d) Because all software needs an ID and password before you can
use it
Q2: What does it mean when we say a file has been encrypted?
a) Compressing the file so that it takes up less space on the hard
disk
b) Encoding the file so that it can only be decoded if you have the
correct password
c) Making the file unreadable by any other operating system.
Q3: Why is Internet access filtered in schools?
a) Because pupils could find answers to exam questions on it
b) Because the Internet can only be used at certain times
c) Because it costs money to use the Internet
d) Because there may be material unsuitable for young people on
the Internet
St Andrew's High School, Higher Computing
40
Topic 6 – Introduction to Network Security
Security on a network is a compromise
between security and convenience. The
security regime should reflect the
importance of the data. Too strict a
security policy (eg forces users to change
their passwords daily or to use mixtures
of
alphanumeric
and
numerical
characters) and the danger is that they
write their passwords down. Allowing
users to set their own passwords has the
danger they will be easy to guess/don’t
change them regularly.
St Andrew's High School, Higher Computing
41
Topic 6 – Introduction to Network Security
As well as internal security on a network,
security measures are needed to protect the
network from outside. Security from outside
hacker attack is best achieved by making sure
that there is only one connection between the
network and the outside world, and then
applying security measures to that connection.
Security from virus infection is best dealt with
by installing virus protection software at the
point where the network connects to the
outside world, but also on individual machines in
case users bring in infected disks or USB
sticks. For this reason many organisations have
strict policies on their users – no installing
software or installing modems, some don’t allow
connection of USB devices either.
St Andrew's High School, Higher Computing
42
Topic 6 – Threats to Network Security
The purpose of security on a network can be
categorised into three areas:• Protecting data on the network
• Protecting the network software and
resources
• Protecting the users of the network
Protecting these three areas can be done by:
• Imposing network security on users and on
network hardware
• Additionally installing virus protection and a
firewall
• Filtering Internet content
On any network, all three of these security
precautions are normally in place.
St Andrew's High School, Higher Computing
43
Topic 6 – Protecting Data on the Network
Students/pupils – guessing passwords
Hackers – malicious – virus/trojan installs
Employees – accessing confidential files
Disgruntled ex-employees – sabotaging
network system by gaining admin access
Accountants – embezzling money
Fraudsters – stolen credit cards used to
make purchases
Hackers/Spies – Tapping into wireless
networks using radio listening equipment
St Andrew's High School, Higher Computing
44
Topic 6 – Software Solutions
Network Authentication - Log-in using
network ID and password, the network
operating system checks the combination
of ID and password against an encrypted
database and if they match, the user is
given access to the files and resources
which they have the permissions to use,
otherwise they are denied.
St Andrew's High School, Higher Computing
45
Topic 6 – Software Solutions
Network operating systems can enforce
password security using rules:• The password must be more than a set
number of characters eg 8.
• Password must contain at least one number or
character such as ? : } / ;
• The password must not be one already used
before eg in the last year.
• The password must not be a word which
appears in the dictionary (Password cracking
programs can match passwords quickly);
• The password must be changed every set
number of days. Eg 30.
St Andrew's High School, Higher Computing
46
Topic 6 – Software Solutions
A networking OS can restrict a user to a particular PC,
by time of day, or by location, or both.
Every file and directory on the network will have
permissions set by the network operating system. These
permissions are checked when a user attempts to access
a file or resource. Normally a user would have
•full read-write access to their own files on the
network;
•read only access to shared files;
•no access to network operating system files.
The networking OS checks the users ID against the
Access Control List (ACL) for that file/folder. Users
are assigned to groups and permissions are given to
groups. Eg the pupil group is more restricted that the
staff group in school.
St Andrew's High School, Higher Computing
47
Topic 6 – Encryption
Network traffic created by a logon ID
and password is normally encrypted in
case it is intercepted by an unauthorised
machine on the network. Encryption can
be used to protect data from prying eyes
within a network as well as from outside.
Encryption simply lengthens the time it
takes the data to be deciphered! It is
not full-proof!
128-bit encryption is
common. Increasing processing power of
computers reduces time taken to crack
the code. So encryption bit length needs
to keep getting bigger.
St Andrew's High School, Higher Computing
48
Topic 6 – Hardware Solutions
Lock network servers in secure rooms. Physical access
to the server can often allow a skilled hacker to get
hold of the encrypted password file (which can then be
compared with dictionary words encrypted using the
same algorithm in order to extract passwords). Backup
tapes and emergency repair disks are also a security
risk unless they are protected by lock and key.
Magnetic swipe cards, smart key entry or 4-digit keycode entry can be used to physically secure rooms.
Biometric security systems such as fingerprint, face or
iris pattern recognition systems can also be used. They
can be used along with User ID and password to
increase security.
Hardware resources on the network such as printers can
also be restricted to certain users by time, workstation
location or security level.
St Andrew's High School, Higher Computing
49
Topic 6 – Hardware Solutions
Using switches instead of hubs for the network cabling
infrastructure increases security because switches
direct network packets to the specific machine they are
destined for rather than to every machine on their
segment. Since a Network Interface Card (NIC)
receives every packet on its segment and can be can be
set to display their contents on the machine they are
fitted in, a hacker could use a laptop equipped with a
"packet sniffer" plugged into the network to extract ID
and password information from network traffic.
Wireless networks are particularly prone to this sort of
attack as there is no physical connection needed, and
many wireless networks can be accessed from outside
the building they are installed in. Wireless networks
need to be configured so that the packets transmitted
over them are encrypted.
St Andrew's High School, Higher Computing
50
Topic 6 – Human Engineering
Since the ID and password on a network is effectively
the key to much of its security, it is this area which
inevitably attracts most of the efforts of those trying
to break in. Use of:fake logon screens which then save ID and password
details
keystroke loggers which can be inserted in between a
keyboard and a computer case. These devices log every
key press, and this data can be trawled through at
leisure once the hacker removes the device.
St Andrew's High School, Higher Computing
51
Topic 6 – Protecting the Network Software and Resources
The network itself needs to be protected as well as the
data which it contains. These attacks can come in the
form of software such as viruses and worms or human in
the form of hackers.
St Andrew's High School, Higher Computing
52
Topic 6 – Anti Virus Software
Viruses and worms are software, they can damage data
on a network or network software. They can also make
the network unusable by their attempts to propagate
(spread) themselves to other machines or other
networks. They are usually small sections of code which
hide themselves inside legitimate applications. When the
user runs the application the extra code may delete
files, infect other applications or attempt to propagate
itself to other machines. Viruses may lie dormant until a
particular date or set of circumstances. They may
attempt to disguise themselves from anti-virus
software and may change themselves as they propagate.
St Andrew's High School, Higher Computing
53
Topic 6 – Anti Virus Software
A worm is similar to a virus although its prime concern is
to propagate itself as efficiently as possible, often
consuming machine resources in the process.
Worms have been designed to install trojan software on
user’s machines, allowing the hacker access to the
machine without the owner’s knowledge either to
extract information eg bank account data for fraud, or
to use the machine as a host to send spam email which
would otherwise be blocked by spam filters.
St Andrew's High School, Higher Computing
54
Topic 6 – Anti Virus Software
Protecting a network against viruses, trojans and worms
is usually achieved by installing anti-virus software on to
the network file servers and stations. The software
installed on the servers is responsible for checking
every file which is run/created on the server. Although
this affects network systems performance that is
preferable to a virus attack. Suspect files are either
repaired/quarantined.
The anti-virus server is also responsible for downloading
the latest virus signatures from the anti-virus software
vendor and for updating itself and all the stations with
this information, normally at least weekly.
St Andrew's High School, Higher Computing
55
Topic 6 – Proxy Servers
As well as enabling private IP addresses to be used on a
Local Area Network, a proxy server is also a convenient
way of helping to secure a network because the private
internal IP addresses are hidden from the outside
world, using a system known as Network Address
Translation (NAT). This protects these internal
machines from external attack because without knowing
the IP address of a machine, a hacker cannot access it
in order to control it. This is what we do in school, our
IP address are all in the range 10.5.11.0 or 10.5.10.0, but
these addresses do not exist on the Internet side of
our network.
St Andrew's High School, Higher Computing
56
Topic 6 – Firewalls and Routers
A firewall is a piece of software installed on the
machine which controls access to the outside world. It
will normally block network traffic by examining each
packet as it passes through. A firewall may be installed
on a dedicated machine, or may be part of a proxy
server. Each packet can be identified by its source
address, its destination address and the port number it
is using. A firewall can block traffic on all incoming and
outgoing ports except the ones which the network
manager knows are for legitimate use of protocols such
as HTTP, FTP, SMTP and POP3.
St Andrew's High School, Higher Computing
57
Topic 6 – Firewalls and Routers
A router can perform many of the blocking functions of
a firewall, but are often more difficult to configure.
Routers can be set up to block traffic from particular
IP addresses, although they are primarily designed to
route packets between networks.
The best combination is to have both a router and a
firewall in place. This means that any individual trying to
break in will have two separate hurdles to jump instead
of just one.
St Andrew's High School, Higher Computing
58
Topic 6 – Protecting Resources against External Attack
There are a number of reasons why a hacker might wish
to gain access to a network:
• to make illegal use of the network resources, eg hard
disk space and bandwidth - storing and distributing
pirated software/pornography or using the mail
server to distribute spam or to propagate a virus,
• to deface the company web site or compromise the
web server so that it can be used as a secure
platform for an attack on another system.
A hacker will also want to hide their tracks as far as
possible by removing any trace of their activities.
St Andrew's High School, Higher Computing
59
Topic 6 – Monitoring and Logging Network Activity
It is always wise to monitor and keep logs of network
activity. Monitoring software can be set to inform the
network manager of unusual activity which might signify
a problem. Logs of network activity such as logins, file
activity, network traffic etc can help a network
manager to track down the source of an intrusion or the
route by which network security was breached.
St Andrew's High School, Higher Computing
60
Topic 6 – Internet Content Filtering
This can restrict the web sites which network users can
access. Companies/schools filter internet content to
prevent
employees/pupils
from
using
company
bandwidth/employee time to surf the web for their own
entertainment, or to protect their students from
accessing unsuitable material. Home internet filtering
may allow parents to protect their children from
unsuitable Internet material. Too strict filtering can
restrict legitimate research.
St Andrew's High School, Higher Computing
61
Topic 6 - Filtering Software
Filtering software takes the approach of letting the
user access anything on the web other than those sites
which have been identified as being unsuitable.
•By type of internet service – allowing access to web
sites but blocking access to FTP sites/chat rooms
•By using lists of URLs – web page addresses that are
banned are stored in a DB. When a user requests a web
page that is in the DB of banned sites access is denied.
•By examining the words on web pages – access to web
pages containing a ‘forbidden word’ are denied
•By checking the content rating of a web site – eg
includes rating on objectionable language, violence, or
porn
Filtering software can often be combined with a logging
system which automatically logs attempts to access
banned material.
St Andrew's High School, Higher Computing
62
Topic 6 – Walled Garden
The "Walled Garden" approach only allows users to
access certain parts of the WWW. The software will
only allow users to access a web site if its IP address
matches one of those on the list of permitted ones. This
list may be supplied by the software vendor, or may be
complied by the organisation themselves. Normally sites
can be added or removed from the list. While this
approach is very effective at filtering content, it is very
restrictive and considerably reduces the functionality
of the WWW.
A firewall can be:
• Software running on an individual machine
• Software running on servers across a network
(distributed firewalls)
• Hardware based – ie firewall software runs on server.
These are faster, more reliable as it’s all they do!
• Provided by managed firewall service providers
St Andrew's High School, Higher Computing
63
Topic 6 – Summary
• Network security is always a compromise between
security and convenience
• The purpose of network security is to protect data on
the network, the network itself, and users of the
network
• Threats to network security can be from both inside
and outside an organisation
• Security inside a network is primarily enforced by
user ID and password
• Security from outside is primarily enforced by
ensuring that there is only one point of contact with
the outside world
• The hardware and software resources which a user
has access to are determined by the restriction
policy linked to their ID
St Andrew's High School, Higher Computing
64
Topic 6 – Summary
• Encrypting data files on a network can add a further level
of security
• Hardware solutions to security concerns include physically
locking up workstations, servers and backup tapes. User
IDs can also be linked to biometric security systems
• Using a switched network, and making sure that wireless
networks are secure reduces the chances of Ethernet
packets being intercepted by someone who has managed to
connect a rogue machine into the network.
• Wireless networks need to be configured to make them
secure.
• Network servers and stations need to be protected from
virus attack using antivirus software. The anti-virus
software should be kept up to date with virus signatures
• A firewall is software which blocks attack from outside,
and restricts the transfer of packets from inside a
network by examining the source and destination IP
address and port number of every packet which passes
through it
St Andrew's High School, Higher Computing
65
Topic 7 – Denial of Service Attacks and Disaster Recovery
Pre-requisite knowledge
You should know why backups are necessary and why
there needs to be a strategy in place to make sure that
backups are effective. You should know that a network
topology can be described in terms of nodes and
channels, and the effect of failure of a node or a
channel on different topologies.
St Andrew's High School, Higher Computing
66
Topic 7 – Denial of Service Attacks and Disaster Recovery
Learning Objectives
After studying this topic you should be able to:
• Understand what a Denial of Service attack is
• Describe different types of Denial of Service Attack
and why they occur
• Describe the effects of a Denial of Service attack
• Describe the hardware and software approaches to
disaster avoidance
St Andrew's High School, Higher Computing
67
Topic 7 – Denial of Service Attacks and Disaster Recovery - Revision
Q1: Which of the following are true of a sensible
backup strategy?
A) Make regular backups
B) Re-use backup tapes daily
C) Test the backup frequently
D) Keep all backups in a safe place
a) A, B and C
b) A and B
c) A C and D
d) A,B and D
St Andrew's High School, Higher Computing
68
Topic 7 – Denial of Service Attacks and Disaster Recovery - Revision
Q1: Which of the following are true of a sensible
backup strategy?
A) Make regular backups
B) Re-use backup tapes daily
C) Test the backup frequently
D) Keep all backups in a safe place
a) A, B and C
b) A and B
c) A C and D
d) A,B and D
Q2: What is the effect of a channel failure on a singlesegment network with a bus topology?
a) All the nodes on the segment fail
b) The node nearest to that channel fails
c) The nodes on that segment slow down
d) No effect
St Andrew's High School, Higher Computing
69
Topic 7 – Denial of Service Attacks and Disaster Recovery - Revision
Q3: What is the effect of a channel failure on a
network with a star topology?
a) All the nodes on the network fail
b) The nodes connected to that channel fail
c) The nodes on that segment slow down
d) No effect
Q4: What is the effect of a channel failure on a
network with a mesh topology?
a) All the nodes on the network fail
b) The nodes connected to that channel fail
c) The nodes on that segment slow down
d) No effect
St Andrew's High School, Higher Computing
70
Topic 7 – Denial of Service Attacks and Disaster Recovery - Revision
Avoiding disaster – 2 main types:-
a deliberate attack - such as Denial of Service (DoS) attack
or virus infection
natural forces - equipment failure, fire, flood etc.
Both sorts of disaster require similar strategies in
order to protect the network in the first place and
recover afterwards should the worst happen.
St Andrew's High School, Higher Computing
71
Topic 7 – Passive and Active Attacks
Passive Attacks are not designed to destroy or damage
network resources, but merely to intercept the data.
“Packet sniffers” are used where data on a network is
intercepted by the hacker. The best defence for this
type of attack is encryption of the data.
Active Attacks – this type of attack is designed to
actively cause damage to a system. In this type of
attack the hacker breaches the network security then
alters the data stream entering the network eg by
diverting the data through another computer to corrupt
it before sending it back to the network again. DoS
attacks are examples of Active Attacks.
St Andrew's High School, Higher Computing
72
Topic 7 – Denial of Service (DoS) Attacks
A Denial of Service attack is an attack on a network
server which significantly reduces the capacity of that
server to provide resources to legitimate users. Denial
of Service attacks are not normally launched from
within a network, as such an attack would be easy to
trace and to counteract. Denial of Service attacks are
almost always launched from outside an organisation,
and are directed towards the services which the
network is providing to the external users of that
network. Denial of Service attacks may be designed to
put a competitor out of business, to bring down a high
profile organisation or just to cause trouble.
St Andrew's High School, Higher Computing
73
Topic 7 – Types of (DoS) Attacks
Physical Attack: The simplest form of physical DoS
attack is to cut the cables between the company
providing the service and their customers. This kind of
attack is rare, and is relatively easy to protect against.
St Andrew's High School, Higher Computing
74
Topic 7 – Types of (DoS) Attacks
Exploitation of Software flaws: Operating Systems
and Server Software can be released for use prior to all
the bugs being found and fixed. The remaining bugs and
loopholes are an easy way for hackers to gain access to
a system.
Attacks which were devastating when
unleashed
included
sending
e-mails that had
attachments with 256-character file names to Netscape
and Microsoft mail programs, or the Ping of Death,
where a ping message larger than the permitted size
was sent to a server. In both these cases the software
suffered a buffer overflow. Usually when a buffer
overflow attack is successful the application that has
been attacked crashes in a way which allows the hacker
to gain control of a system or execute code as the
system crashes.
St Andrew's High School, Higher Computing
75
Topic 7 – Types of (DoS) Attacks
Resource starvation: This means using up a network
resource to the point that legitimate users can’t access
it. Eg if the M8 motorway was filled with cars with no
people in them then legitimate commuters would not be
able to get on to the motorway for legitimate journeys.
A DoS attack may send badly assembled packets to a
server of workstation. The server or workstation can’t
deal with the packets so keep them in their buffers,
buffers fill up jamming the network.
Bandwidth consumption – Flood the network with
useless traffic. If you flood an email server with
useless traffic it will crash to simply stop legitimate
users being able to send/receive emails. “I Love You”
was of this type.
St Andrew's High School, Higher Computing
76
Topic 7 – Types of (DoS) Attacks
Attacking Routers – these are vulnerable to ping
attacks. Ping attacks are used to test the integrity and
operating speed of a network. Corrupted packets mean
the ping attacks divert routers from their normal
function of routing data around the network.
Viruses or worms can also be regarded as DoS attacks
as they consume bandwidth in an attempt to propagate
themselves. Some DoS attacks have been propagated by
viruses which install server software on unsuspecting
users machines. Port scanning software is then used to
identify the infected machines and use them as a
platform to mount a resource starvation attack on a
server.
St Andrew's High School, Higher Computing
77
Topic 7 – Types of (DoS) Attacks
DNS attacks: This type of attack disrupts network
access by filling the cache on Dame Name Servers with
name lookup information about non-existent hosts. This
causes legitimate requests to be dropped. This is a
specific type of resource starvations.
St Andrew's High School, Higher Computing
78
Topic 7 – Effects of (DoS) Attacks
The effects of a DoS attack can be devastating for a
company, particularly if they are high profile or rely on
24 hour connectivity. Apart from the loss of business,
there is the loss of confidence by users, the cost of
repair and response, and the disruption to the
organisation.
Denial of Service attacks became world news in August
2000 when Yahoo, Amazon.com and other web sites
were hit by attacks lasting for several hours. As with
most DoS attacks, these attacks just simply overran the
target web sites with streams of poorly formed IP
packets.
St Andrew's High School, Higher Computing
79
Topic 7 – Effects of (DoS) Attacks
Why do DoS attacks occur?
There are a variety of reasons why DoS attacks occur.
In September 2003 a number of anti spam web sites
which supply spam blocking lists were hit by DoS
attacks perpetrated by hackers who had been hired by
spammers. Business competition may well become a more
common reason for DoS attacks in the future. Some
DoS attacks are merely malicious, though this does not
make them any less annoying or inconvenient. DoS
attacks may also be politically motivated, one example
being the attacks on the US White House web site
after the Chinese embassy in Belgrade was accidentally
bombed. (Disgruntled ex-employees of a firm etc).
St Andrew's High School, Higher Computing
80
Topic 7 – Effects of (DoS) Attacks
Avoiding Disaster
Disaster can come in a number of guises, such as virus
or hacker attack, or physical disasters such as fire
flood, theft or even just deleing crucial files by
accident. The most important thing to remember as far
as disaster avoidance and recovery is concerned is that
the data held on a computer system is many times more
valuable than the physical equipment itself. Obviously
avoiding hardware failure is a sensible strategy, but it
always makes sense to build redundancy into a system by
having replacement parts, backup servers etc available
even though they may never be used.
St Andrew's High School, Higher Computing
81
Topic 7 – Effects of (DoS) Attacks
Software Solutions
Make regular backups, keep them in a safe and secure
place. A backup schedule is an automatic system which
runs at a specific time every day (usually in the middle
of the night when network activity is at its minimum).
A backup strategy minimises data loss in the event of a
disaster. A simple backup strategy – backup servers
every night to tape, the tapes are taken off site to a
secure location the next day. Tapes are used because
they are cheap and portable, although tape drives are
expensive.
Do daily backups, but also do a backup once a week.
Weekly tapes are kept for at least a month. Daily ones
are rotated every 5 days.
St Andrew's High School, Higher Computing
82
Topic 7 – Software Solutions
Backup versions available for every weekday up to a week
before plus every Friday up to a month before. Backups can
be made over a network connection if there is sufficient
bandwidth.
There are various types of backup:
Full Backup – backup all data on drives irrespective of
changes since last backup, slow, for an end of week backup.
Differential Backup – backup only data files that have
changed since the last full backup. End of day - saves
time/space.
Incremental Backup – backs up all files changed since the
last backup of any type. Fastest to do, restoring data slow.
St Andrew's High School, Higher Computing
83
Topic 7 – Software Solutions
In a situation where servers are destroyed additional
redundant servers would be utilised. Such identical
systems make it easier to recover from a disaster.
Backup strategies will vary according to the size of the
organisation and the importance of the data to its
survival.
Backup are either made to DAT tape, DLT tape of Super
DLT tape. However backups can be made over the
internet if bandwidth is sufficient. This saves tapes
having to be removed and stored off-site.
St Andrew's High School, Higher Computing
84
Topic 7 – Hardware Solutions
1. Regular maintenance
2. Fault Tolerant Components: This is simply making sure to install
components which have duplication built in so that if one part
fails, the other can take over. Many servers are fitted with dual
power supplies for this reason. Or an organisation has 2 servers,
switch to backup server if main server fails.
3. Hardware Redundancy: Duplicates of crucial equipment like
servers, switches and routers, so that if one of these fails, it
can be quickly replaced without waiting for a supplier to deliver.
A failsafe strategy would ensure that the spare equipment was
always configured with the latest version of the current
network software and data. This is likely to be the most
expensive but most effective precaution against disaster.
4. Uninterruptible Power Supplies (UPS): An Uninterruptible
power supply is a device which contains a battery with enough
capacity to supply a server for a short power cut, and to shut
down the server gracefully in the event of a longer problem.
Usually a UPS will communicate with the server via a serial cable
and will be able to instruct it to shut down when the remaining
capacity is nearing its end. A UPS can also act as a "filter" for
erratic or dirty power supplies, avoiding large changes in voltage
or frequency which might damage a server.
St Andrew's High School, Higher Computing
85
Topic 7 – Hardware Solutions
1. Disk Mirroring and RAID: An alternative and/or a
complementary strategy to tape backup is to use a disk
mirroring system or a server which runs a Random Array of
Inexpensive Disks (RAID). The best versions of RAID enable
the recreation of the data on a failed hard disk from the
information on the other disks in the array, "hot-swapping"
means the server doesn’t need to shut-down or rebooted if the
disk fails. Another option is simply to write to two hard disks
simultaneously, so that in the event of a failure of one, the data
will always be duplicated on the other. This is called disk
mirroring.
2. Network Topology: Different network topologies can have
different tolerances to failures. Channel failures will normally
only affect the node which they are connected to unless that
channel is one from server to switch or router. In general, bus
topologies are the least tolerant to channel failure. Star and
tree topologies are better as a channel failure only affects the
node which it serves unless the channel which fails is the one
which serves the node at the centre. Node failure can be much
more serious if the node concerned is a server, switch or
router.
St Andrew's High School, Higher Computing
86
Topic 7 – Hardware Solutions
Summary
• Denial of Service attacks are attempts to reduce the resources
available to legitimate users of a server.
• DoS attacks can be physical attacks, or exploitation of careless
network management.
• An example of the exploitation of software flaws is where the hacker
crashes the server and then gains access via a debug mode.
• Resource starvation is where the server is flooded with ping messages
or attacked with a virus or a worm
• DNS attacks are where DNS servers are used to launch a resource
starvation attack.
• The effects of a DoS attack are loss of business, loss of trust,
inconvenience and expense.
• The reasons for a DoS attack may be political, economic or malicious.
• Disaster can be avoided by keeping regular and reliable backups and
making sure that a robust backup strategy is in place.
• Backup tapes should normally be taken off site and kept in a secure
location.
• Hardware solutions include duplicate equipment, uninterruptible power
supplies, and disk mirroring or RAID servers.
St Andrew's High School, Higher Computing
87
Topic 8 – Data Transmission – Pre-Requisite Knowledge
You should know that telecommunications
networks are used for voice and data
transmission. You should know about the
infrastructure required for an Ethernet
network including cabling, hubs, switches and
Network Interface Cards. You should know that
there are a number of different types of
Internet connection available including dialup
modem, Asymmetric Digital Subscriber Line
(ADSL), Integrated Subscriber Digital
Network (ISDN), Cable modem, and leased line.
You should know about the different types of
transmission modes: unicast, broadcast and
multicast.
St Andrew's High School, Higher Computing
88
Topic 8 – Data Transmission – Pre-Requisite Knowledge
Learning Objectives
• After studying this topic you should be able to:
• Understand the units of measurement used in data
transmission
• Describe the difference between synchronous and
asynchronous data transmission
• Describe the difference between circuit and packet
switching
• Understand the Ethernet standard and its use of
CSMA/CD
• Describe a Network Interface Card and why it needs
a MAC address
• Describe error checking methods including parity and
CRC
• Understand the different types of Internet
connection and where they might be used
St Andrew's High School, Higher Computing
89
Topic 8 – Data Transmission – Revision
Q1: Which of the following technologies would
not be suitable for a company needing a high
bandwidth network connection?
a) ADSL
b) ISDN
c) Dialup modem
d) Cable modem
Q2: Which one of the following transmission
modes describes streaming video?
a) Unicast
b) Simplex
c) Broadcast
d) Duplex
St Andrew's High School, Higher Computing
90
Topic 8 – Data Transmission – Revision
Q3: What is the major benefit of VOIP
(Voice over IP)
a) Phone calls don’t cost anything because
they are transmitted over the Internet
b) Phone calls are connected more quickly
c) Phone call quality is better
d) Phone calls are faster
St Andrew's High School, Higher Computing
91
Topic 8 – Data Transmission – Introduction
The Data Link Layer of the OSI model is
responsible for putting data into
frames/packets and providing an errorfree data transfer from one node to
another. This topic looks at Ethernet,
which implements the Data Link Layer in
many Local Area Networks. We also look
at a number of other types of network
connection available to the home and
business user such as dialup or ADSL
where the Data Link Layer performs a
similar function and compare them in
terms of speed and bandwidth.
St Andrew's High School, Higher Computing
92
Topic 8 – Data Transmission – Units of Measurement
It is important to be aware of the units used in
computer networking. Firstly we need to distinguish
carefully between a bit and a byte.
A bit is a single unit of information, on or off,
represented as a 1 or a 0.
A byte is 8 bits, originally used to represent a single
character in ASCII code.
Since transmitting data over networks often involves
sending extra bits in order to cope with error detection,
error correction and the information needed to identify
where a message starts and where it stops, the unit for
measuring the quantity of data transmitted is measured
in Kilobits per second (Kbps) or Megabits per second
(Mbps). It is important to distinguish these units from
MB (Megabytes) and KB (Kilobytes) which are normally
used to measure file size and storage capacity.
St Andrew's High School, Higher Computing
93
Topic 8 – Data Transmission – Asynchronous/Synchronous Data Trans.
Asynchronous data transmission (where
the sending and receiving machines are
not synchronised) uses a transmission
system where each byte is sent
individually with its accompanying start
and stop bits. Asynchronous data
transmission is normally used for low
speed transmission and the protocols used
do not normally include any error
checking.
St Andrew's High School, Higher Computing
94
Topic 8 – Data Transmission – Asynchronous/Synchronous Data Trans.
Synchronous data transmission (where the sending and
receiving machine are synchronised) uses a start frame
to tell the receiving station that a packet is on its way
and is used to synchronise the receiving station with the
transmitting one. Synchronous transmission is much
more efficient because a start and stop frame is only
needed at the beginning and end of a block of
characters which can be up to 8Kb in length, whereas
with asynchronous data transmission, start and stop bits
need to be transmitted with every byte. Error checking
information can be included in the block. Synchronous
transmission is more difficult and expensive to
implement than asynchronous transmission, since it
requires the transmitter and receiver clocks to be
synchronised. It is used with higher transfer rates of
communication: such as 100Mbps Ethernet.
St Andrew's High School, Higher Computing
95
Topic 8 – Data Transmission – Circuit/Packet Switching
Connections between nodes on different networks can
be achieved either by circuit switching or packet
switching.
Circuit switching is where there is a direct connection
established between the two networks (sender and
receiver). All data follows the same physical path during
the communication. Circuit switching is expensive
because it means dedicating a particular connection for
the time that the communication is occurring. It is used
for transmitting video, audio, and computer data over
the same network, and makes sure that no single type of
data monopolises the line. Used to connect networks
over a leased telephone line. This is expensive,
particularly if large distances are involved, but provides
a high bandwidth connection.
St Andrew's High School, Higher Computing
96
Topic 8 – Data Transmission – Circuit/Packet Switching
In packet switching the message is broken up
into blocks of data called packets. These
packets are given a destination address and a
sequence number, and this information is used
to re-assemble the communication when it
reaches its destination. Breaking the data down
into packets means that packets may follow
different routes between the transmitter and
the receiver, but is extremely efficient because
packets from different users can be mixed, and
the network hardware can decide on the most
efficient transmission route. Packet switching is
usually much cheaper than circuit switching
because it does not need a dedicated
connection. Most Internet traffic uses packet
switching.
St Andrew's High School, Higher Computing
97
Topic 8 – Data Transmission – Circuit/Packet Switching
In packet switching the message is broken up
into blocks of data called packets. These
packets are given a destination address and a
sequence number, and this information is used
to re-assemble the communication when it
reaches its destination. Breaking the data down
into packets means that packets may follow
different routes between the transmitter and
the receiver, but is extremely efficient because
packets from different users can be mixed, and
the network hardware can decide on the most
efficient transmission route. Packet switching is
usually much cheaper than circuit switching
because it does not need a dedicated
connection. Most Internet traffic uses packet
switching.
St Andrew's High School, Higher Computing
98
Topic 8 – Data Transmission – Unicast, Broadcast, Multicast
Unicast Transmission
Unicast is the term used to describe
communication where a packet is sent
from a single source to a specified host.
Unicast transmission is still the main form
of transmission on LANs and on the
Internet and uses the TCP and UDP
protocols which are implemented on the
Transport Layer.
St Andrew's High School, Higher Computing
99
Topic 8 – Data Transmission – Unicast, Broadcast, Multicast
Broadcast Transmission is a method of
delivering a packet to every host on a
particular network or group of hosts on
the Internet. Broadcast transmission
does not retransmit dropped packets or
wait for acknowledgement of their
delivery, so the protocol used is UDP.
Examples of broadcast technology in
action are streaming audio or video.
St Andrew's High School, Higher Computing
100
Topic 8 – Data Transmission – Unicast, Broadcast, Multicast
Multicast Transmission is where packets
are sent from one or more points to a set
of other points. In this case there are
maybe one or more senders, and the
information is distributed to a set of
receivers. One example of an application
which may use multicast is a video server
sending out a number of different TV
channels.
St Andrew's High School, Higher Computing
101
Topic 8 – Data Transmission – Ethernet
The Ethernet standard was developed by the
Xerox Corporation, DEC and Intel. Ethernet is a
networking system where all nodes are
connected together on a common bus but where
only one node can transmit at any one time. The
system used for making sure that only one
machine is transmitting at a time is called
Carrier Sense Multiple Access / Collision
Detection (CSMA/CD). The Ethernet standard
operates on the Data Link Layer of the OSI
model. Ethernet is currently the most commonly
used technology for Local Area Networks.
St Andrew's High School, Higher Computing
102
Topic 8 – Data Transmission – Ethernet
Ethernet frames and transmission rates
When data is being passed between two
computers on the same Ethernet segment,
the computers are identified by their
MAC addresses. The actual data to be
transmitted is packaged up into a frame.
The frame contains the destination
address, the source address, the data
itself, error detection information and
some additional information necessary for
successful transmission.
St Andrew's High School, Higher Computing
103
Topic 8 – Data Transmission – Ethernet
This table shows the structure of an
Ethernet frame.
The original Ethernet transmission rate was 10Mbps, but
the common standard is now 100Mbps with 1Gbps and
10Gbps available for applications which require a
particularly high bandwidth such as the connections
between servers.
A collision is when two devices transmit simultaneously
on an Ethernet segment. The propagation delay of a
network is the time it takes for a signal to travel from
one end of a segment to another.
St Andrew's High School, Higher Computing
104
Topic 8 – Data Transmission – CSMA/CD
Carrier Sense Multiple Access/Collision Detection
(CSMA/CD)
In order to transmit a frame on an Ethernet network a
node should “listen before talking”. This means it should
“listen” to the line (carrier sense), make sure it is not
transmitting a message, then it can “talk”, ie transmit a
message. Once the transmission has started, if a
collision is detected, (the Collision Detection part) then
transmission stops, and both machines wait for a short
random time before attempting to re-transmit. If a
collision is detected again during this retransmission,
then both machines will wait for a longer random time
before re-trying. On a busy network with lots of
collisions, this delay can reduce network performance
considerably.
St Andrew's High School, Higher Computing
105
Topic 8 – Data Transmission – CSMA/CD
Carrier Sense Multiple Access/Collision Detection
(CSMA/CD)
In order to transmit a frame on an Ethernet network a
node should “listen before talking”. This means it should
“listen” to the line (carrier sense), make sure it is not
transmitting a message, then it can “talk”, ie transmit a
message. Once the transmission has started, if a
collision is detected, (the Collision Detection part) then
transmission stops, and both machines wait for a short
random time before attempting to re-transmit. If a
collision is detected again during this retransmission,
then both machines will wait for a longer random time
before re-trying. On a busy network with lots of
collisions, this delay can reduce network performance
considerably.
•View the video demos:C03demo5
C03demo6
St Andrew's High School, Higher Computing
106
Topic 8 – NIC and MAC Address
Every Ethernet network interface card (NIC) has its own
unique Media Access Control (MAC) address which
identifies it on the network. It is this address which is used
by the Ethernet protocol to direct data around the network
from one host to another. The data to be transmitted is
packaged into a frame.
The frame contains the destination MAC address, the source
MAC address, error detection and transmission information
along with the actual data.
NIC on Ethernet networks receives all frames, only accepts:
• Frames with the destination as its own MAC address
• Frames with the destination as the broadcast address
(address is all 1s)
• Frames with the destination as a multicast address
• All frames if it has been put into promiscuous mode.
It passes to its host machine only the frames which it accepts
St Andrew's High School, Higher Computing
107
Topic 8 – NIC and MAC Address
The last item in this list is why a switched network is
more secure than one which uses multiport repeaters
(hubs) and why unsecured wireless networks are a
particular security risk. Someone wishing to break into
an Ethernet network could connect a laptop with the
NIC set to promiscuous mode, and use software to read
all the packets on that particular segment. Any traffic
where passwords and IDs were sent in unencrypted
form would be a security risk.
St Andrew's High School, Higher Computing
108
Topic 8 – Data Transmission – Identifying a machine
Machine Identification – MAC/IP/Computer Name
All nodes on a network (servers or clients) have a unique
identity. The type of identity will be determined by the
protocols running on the network.
The Ethernet standard requires that every network
interface card has a MAC address in the form of a 6 byte
number.
The TCP/IP protocol used for access to Internet services
requires that every node has its own IP address in the form
of a 4 byte number.
In addition to these identifiers, nodes on a network may
also have a user friendly name which identifies them to
users on the network. The network operating system is
responsible for making sure that all of these different
ways of identifying a machine are mapped to the same
unique entity.
St Andrew's High School, Higher Computing
109
Topic 8 – Practical Tasks
Practical Exercise: Setting up a Local Area Network
For this exercise you will need to have access to at
least two machines which do not have the kind of
restrictions applied to them which machines connected
to a school or college LAN would normally have. Initially
you should set the machines up as a peer to peer
network.
Allocating an IP address:
Do the practical task, Setting a Static IP address.
Setting Up a Temporary Network using Bluetooth
Devices
Using your own mobile phone connect to another user in
the class. Show this connection to your teacher. This
forms part of the practical NAB for the Networking
Unit.
St Andrew's High School, Higher Computing
110
Topic 8 – Error Detection and Correction
Error detection is the business of
determining whether an error has
occurred during the transmission of data
from one machine to another. If an error
is detected, then the only solution is to
ask the transmitting machine to
retransmit the data. If error correction
is in place, then depending on the amount
of extra data sent with the original, the
errors may be able to be corrected
without asking for it to be retransmitted.
St Andrew's High School, Higher Computing
111
Topic 8 – Error Detection and Correction - Parity
Parity – to detect errors in the transmission of single
characters. An extra bit called a parity bit is added to
each unit of information.
Odd parity - the parity bit will be set so keep number
of ones odd. Receiver counts the 1s, if odd, no errors.
If even then it will request a retransmission.
Eg, As ASCII is a 7-bit code the 8th bit (128) can be
used as a parity bit. When sending the letter A (A=65),
and using odd parity, the data sent would be:Odd
Parity 64
32
16
8
4
2
1
A=65 1
1
0
0
0
0
0
1
The parity bit set to 1 ensures the data sent has an odd
number of ones.
St Andrew's High School, Higher Computing
112
Topic 8 – Error Detection and Correction - Checksums
A checksum is used when blocks of data
are being transmitted. A checksum is
generated by performing a calculation on
the data - usually by performing a
calculation involving the numerical value of
all the bits in the block. The checksum is
transmitted along with the data and an
identical calculation is done by the
machine at the receiving end. If the
results match, then it is assumed that the
data has been transmitted correctly. If
the results do not match then a retransmission
the data is requested.
St Andrew's
High School, Higher of
Computing
113
Topic 8 – Error Detection and Correction – Cyclic Redundancy Check
A Cyclic Redundancy Check (CRC) uses
more complicated maths than a checksum,
although the principle is similar. A
calculation is done on the data to be
transmitted resulting in additional data
which is added to the packet. The
receiving machine performs the same
calculation and if it gets the same answer,
then the data is presumed to be error
free.
St Andrew's High School, Higher Computing
114
Topic 8 – Error Correction
Error correction is possible if the data being transmitted is
encoded in a way which allows for potentially redundant information
to be transmitted along with it. If the difference between two
character codes is sufficiently great, then the corruption of one or
even two bits may still leave the character recognizable. A parallel
with written communication would be the fact that you can often
still read text which has faded or has had some part of the letter
erased, because they can be recognized without all of the letter
needing to be visible. Inevitably the extra data required to be
transmitted for error correction to work must be traded off
against the time taken to re-transmit the data if error detection
alone is implemented. A good example of where error correction as
opposed to error detection is worthwhile would be where there is a
large time delay between transmission and receipt of data such as
in communications with robotic spacecraft on planetary exploration
missions.
St Andrew's High School, Higher Computing
115
Topic 8 – Types of Internet Connection - Dialup
A modem converts the digital signal from a computer
into a modulated analogue signal that can be transmitted
down a telephone line and vice versa.
Modem is a short name for "modulator / demodulator".
The current maximum bandwidth available is 56Kbps.
Typically dialup takes 15 to 20 seconds to connect.
The original protocol used for dialup connections was
Serial Line Internet Protocol (SLIP) which was
designed to allow IP packets to be transmitted using a
modem. A more secure protocol called Point to Point
Protocol (PPP) is now used, which includes features like
Address Notification which allows a server to inform a
dial-up client of its IP address, password authentication
and better compression.
St Andrew's High School, Higher Computing
116
Topic 8 – Types of Internet Connection – ISDN
The Integrated Services Digital Network (ISDN) digital transmission over telephone copper wire.
A single ISDN line has two 64 Kbps B-channels which
can carry data or voice, and one 16 Kbps D-channel used
for transmitting control information. T
The two channels can be used independently (one for
analogue or digital telephone, one for internet access)
or can be combined together to provide a single digital
connection.
Both channels used for internet = 128 Kbps connection.
ISDN can be combined together giving 128Kbps per line.
Need ISDN Terminal Adapter, max 5.5km tel exchange.
ISDN lines are often used for one to one video
conferencing if a high bandwidth IP connection is not
available – this is expensive.
St Andrew's High School, Higher Computing
117
Topic 8 – Types of Internet Connection – ADSL
An ADSL connection requires a special ADSL modem but
uses a normal copper telephone line. ADSL2/2+ as per
the advert below, allows data transfer speeds of
20Mbps downstream and up to 2Mbps upstream. ADSL
is well suited for web browsing, video on demand and
some client-server applications.
ADSL is an "always on" connection which means that
users will have a static IP address which makes them
much more vulnerable to hacker attack (and more
attractive as they have access to higher bandwidth).
Users of ADSL connections need to make sure that they
have a reliable firewall installed
St Andrew's High School, Higher Computing
118
Topic 8 – Types of Internet Connection – Cable
Transmitting TV over a cable connection is common due
to the spread of optical cable network infrastructure. A
cable modem is needed. Although the possible
bandwidth for Internet services over a cable TV line
can be up to 27Mbps, since this bandwidth will be
shared by a substantial number of other users on the
line (and the total bandwidth available will also be
limited by the bandwidth which the cable company has
leased from the telecommunications provider) the actual
bandwidth available to the home user is usually only
slightly higher than that available using ADSL.
Like ADSL, cable is also an "always on" connection so
users need to make sure that they have a reliable
firewall installed.
St Andrew's High School, Higher Computing
119
Topic 8 – Types of Internet Connection – Leased Line
A leased line is an agreement with a communications company
to provide a permanent dedicated circuit between two points.
The cost of the line is usually based on the distance between
the locations. The traditional telephone system utilises the
same lines for many different conversations by using packet
switching whereas leased lines maintain a single open circuit
at all times. Leased lines most commonly are rented by
businesses to connect branch offices, because these lines
guarantee bandwidth for network traffic. Leased lines are
expensive to set up and expensive to maintain. A leased line is
often called a T1 connection. A T1 connection is sometimes
referred to as a Symmetric Digital Subscriber Line (SDSL)
(to distinguish it from ADSL).
Because they provide a permanent switched circuit between
two points, leased lines often transmit video and audio as well
as computer data.
St Andrew's High School, Higher Computing
120
Topic 8 – Benefits of High Bandwidth
A high bandwidth connection provides a number of
benefits to an organisation using Voice Over IP (VOIP).
The saving in telephone charges for an organisation
which has a number of branches distributed around the
world is very large indeed, if they are able to use a
system where their Internet connection provides a
telephone service, as the connection is already being
paid for through the ISP. Video Conferencing is another
service which a high bandwidth connection can provide,
again saving telephone charges or travelling costs. Both
of these applications need a guaranteed bandwidth to
work successfully, so any system which uses contention
to share a connection is likely to be unsuitable.
St Andrew's High School, Higher Computing
121
Topic 8 – Summary
Bandwidth = Kilobits per sec Kbps / Megabits per sec Mbps
Asynchronous data transmission transmits one byte at a time
along with start and stop bits
Synchronous data transmission more efficient as larger
blocks of data and less control information included
Circuit switching maintains a fixed connection between two
points while data is being transferred
Packet switching is "Connectionless" because data is routed
in packets which may take different routes
The Ethernet standard uses Carrier Sense Multiple Access /
Collision Detection (CSMA/CD) to reduce collisions.
A switched Ethernet network has less collisions and is more
secure because the switch effectively divides the network
up into a number of separate segments
Every Network Interface Card (NIC) has a unique MAC
address to identify it. This is separate from the IP address
which is controlled by software.
St Andrew's High School, Higher Computing
122
Topic 8 – Summary
Error detection using Parity, Checksums and Cyclic
Redundancy Checks means extra data is transmitted
Dialup connection, modem, maximum speed of 56Kbps
An ISDN line and terminal adapter provides two 64Kbps
digital channels and one 16Kbps control line
An ADSL line is programmed to operate between two
specific locations and can provide 2Mbps download and
128Kbps upload bandwidth. ADSL bandwidth may be
shared between a number of users.
A Cable modem provides similar bandwidth to an ADSL
line but uses Television distribution cable to provide the
connection
A leased line provides a guaranteed 1.54 Mbps digital
connection between two specific locations but is by far
the most expensive option
St Andrew's High School, Higher Computing
123
Topic 2 – The OSI Network Model – Pre-Requisite Knowledge
Before studying this topic you should know the
difference between a node and a channel on a network.
You should be familiar with the functions of a hub
(multiport repeater), a switch and a router on a
network.
You should be familiar with the idea of a network
protocol, and the fact that different protocols operate
at different levels - for instance the SMTP protocol
operates at the level of an application such as an email
client, whereas the TCP/IP protocol operates at the
level of a node on the network.
A host on a network usually means a node which provides
a service - in effect a machine which can act as a
server.
St Andrew's High School, Higher Computing
124
Topic 2 – The OSI Network Model – Pre-Requisite Knowledge
After studying this topic you should be able to:
• Name and describe the functions of the 7 layers in
the OSI Network model
• Understand the reasons for dividing network
functions into a hierarchy of different layers
• Understand the reasons for Independence and
transparency in network layers
St Andrew's High School, Higher Computing
125
Topic 2 – The OSI Network Model – Review
Q1: What is a node in a network?
a) A device on a network with a unique IP address
b) A connection between two computers
c) An Internet link
d) A type of communications software
Q2: What is a channel on a network?
a) A device on a network with a unique IP address
b) A connection between two nodes
c) An Internet link
d) A type of communications software
St Andrew's High School, Higher Computing
126
Topic 2 – The OSI Network Model – Review
Q3: Which of these statements is false?
a) A hub just retransmits packets to every node on the
network
b) A switch selectively retransmits packets according to
the IP address of the destination machine
c) A hub cannot reduce the number of collisions on a
local area network
d) A switch cannot reduce the number of collisions on a
local area network
St Andrew's High School, Higher Computing
127
Topic 2 – Introduction to Network Architecture
The Open Systems Interconnection (OSI) model was
developed to ensure that communications equipment and
networking software would be compatible, irrespective
of manufacturer. The OSI model divides data transfer
across a network into 7 layers.
The layers are hierarchical with each layer having a
specific task to perform.
The top layer is the Application layer which is the layer
you are using when you send an email using an email
client or view a web page using a web browser.
The lowest layer is the Physical layer which is
concerned with the cabling and physical characteristics
of the network.
Each layer has been designed with a particular task in
mind and communicates with the layers above and below
it in the hierarchy. Each layer is independent.
St Andrew's High School, Higher Computing
128
Topic 2 – Introduction to Network Architecture
The OSI model is often referred to as the OSI
network architecture. There are several good reasons
for using this hierarchical layered model:
Transparency:
The complexities of each layer are hidden from the
user. Layers simply pass data to the layer above/below.
The user makes a request on their computer and it
appears to communicate directly with the other
computer (but the 7 layers must communicate to
transfer the data on each computer)
St Andrew's High School, Higher Computing
129
Topic 2 – Introduction to Network Architecture
Hierarchy:
Imagine sending an email or accessing a web page
(application layer). When the data is transmitted the
data is passed by one layer to the layers below, these
files are split into smaller segments, each with that
layer’s headers, error correction and sequence
information added to them, until the data becomes a
stream of bits transmitted via the physical layer. The
reverse process takes place at the receiving end with
the headers getting stripped out, segments reassembled
until the application layer presents the user with the
transmitted file. Each layer is responsible to the layer
above and below it for ensuring that the data it receives
and transmits remains intact.
C05demo03
C05demo04
C05demo05
St Andrew's High School, Higher Computing
130
Topic 2 – Introduction to Network Architecture
Independence:
Because the layers are independent, it is
possible to replace or upgrade one layer
with another software version without
having to change how the other layers
communicate with it. This modularity
means that parts of the system can be
upgraded independently without changing
the entire system.
James Bond
St Andrew's High School, Higher Computing
131
Topic 2 – Introduction to Network Architecture
An easy way to remember the order of
the layers is:
All People Seem to Need Domino’s Pizza
St Andrew's High School, Higher Computing
132
Topic 2 – Application Layer
The Application Layer is the top layer of the OSI model
and is concerned with specific applications eg browsers,
e-mail, file transfer, database access. It provides a set
of interfaces for applications to obtain access to
networked services as well as access to the kinds of
network services that support applications directly such
as an email client, or an Internet browser.
Application Layer protocols include HTTP, FTP, SMTP
and POP3. Examples of software used: Email client,
browser.
How to Pass Book:
Concerned with specific applications eg it supports
applications such as mail transfer, database access and
file transfer.
Controls how applications access the network
Connects user applications with network functionality.
St Andrew's High School, Higher Computing
133
Topic 2 – Presentation Layer
Handles data format information for networked
communications.
Converts data into a standardised format that can be
understood by both sides, character code conversion,
compression or encryption.
Controls file locking and security at the user level - this
is why if a file is already open for writing on a network
drive, another user cannot also open it for writing.
Standards such as HTML, GIF, ASCII might be used at
this layer.
How to Pass Book:
Manages data represented to enable 2 way comm.
Converts data - from application to network (Defines
data format so application receives suitable data).
Encrypts the data, Compresses data
St Andrew's High School, Higher Computing
134
Topic 2 – Session Layer
Manages log on procedures and password recognition.
Permits two parties to hold ongoing communications
called a session across a network.
It performs Domain Name Resolution.
How to Pass Book:
Synchronizes the exchange of data
Defines how connections can be established, maintained
and terminated. Performs name resolution functions
turning the text names for web pages into IP addresses.
Domain Name Resolution.
St Andrew's High School, Higher Computing
135
Topic 2 – Transport Layer
Breaks file into segments, combines incoming segments
into a contiguous file.
Creates/maintains end-to-end connection between
systems, ensuring that the bits delivered are the same
as bits transmitted; in the same order and without
modification, loss or duplication.
Guarantees an error free connection between two hosts.
The TCP protocol operates at this level.
How to Pass Book:
Sets up communication between users, controls the
transmission between sending and receiving systems.
Sequences packets so that they can be reassembled at
the destination in the correct order. Generates
acknowledgements and retransmits packets.
Decompresses data
St Andrew's High School, Higher Computing
136
Topic 2 – Network Layer
Concerned with the path through the network.
Responsible for routing, and controlling the flow of
information between hosts.
Adds network hardware source and destination
addresses as a header.
Does not guarantee the datagram will reach destination.
The Network layer works in units of packets. The IP
protocol is used at this layer.
Network Routers operate at this level as they are
responsible for routing packets between networks.
How to Pass Book:
Defines host addresses, for example IP addresses,
creates packet headers and routes packets using
routers.
St Andrew's High School, Higher Computing
137
Topic 2 – Data Link Layer
Puts data into frames or packets along with error
checking data. In an Ethernet network it uses frames.
Alternatively it transforms a stream of raw bits (0s and
1s) from the physical layer into a data frame, provides
error-free transfer between nodes, allowing the layers
above it to assume virtually error-free transmission.
Is a firmware layer of the NIC where the Ethernet
network standard is implemented.
Network switches operate at this layer.
From How to Pass Book:
Organized stream of raw bits into frames (deals with
size of packets)
Sets up error detection and correction
Deals with hardware addressing, eg MAC addresses.
Prevents 2 nodes transmitting at same time
St Andrew's High School, Higher Computing
138
Topic 2 – Physical Layer
Transforms bits in a computer system into
electromagnetic (or equivalent) signals for a particular
transmission medium (wire, fibre, ether, etc.)
The Physical Layer defines items like the type of
cabling (coax, twisted pair, etc.), the frequency of
operation (10 Mbps, 100Mbps, etc.), voltage levels, and
network topology (star, bus, ring, etc)
The Physical layer functions in units of bits.
Network hubs and repeaters operate at this layer.
How to Pass Book:
Defines the physical and electrical characteristics of
the network interface
Defines the bit synchronization, cabling topologies, how
the NIC interfaces with the cabling.
St Andrew's High School, Higher Computing
139
Topic 2 – Summary
•
•
•
•
•
•
•
•
•
•
The OSI model divides networks into seven layers
All People Seem To Need Domino’s Pizza
Layers are hierarchical, transparent, and independent
Application layer provides interfaces for network
applications
Presentation layer handles data format information
Session layer manages log-on and password
authentication
Transport layer breaks up file into segment for
transport over a network and guarantees that these
segments are not lost
Network layer routes packets
Data Link layer guarantees error free transmission
Physical layer transmits bits over physical medium
St Andrew's High School, Higher Computing
140
Topic 9 – Wireless Data Applications – Pre-Requisite Knowledge
You should know the difference between the following
wireless communications methods:
Wireless Personal Area Networks (WPAN)
Wireless Local Area Networks (WWAN)
Wireless Wide Area networks (WWAN)
Learning Objectives
• After studying this topic you should be able to:
• Describe modern wireless communication methods
• Describe a Wireless Personal Area Network (WPAN)
and its applications
• Describe a Wireless Local Area Network (WLAN)
and its applications
• Describe a Wireless Wide Area Network (WWAN)
and its applications
St Andrew's High School, Higher Computing
141
Topic 9 – Wireless Data Applications – Pre-Requisite Knowledge
Q1: What is the range of a typical Bluetooth WPAN?
a) 100 Metres
b) 50 Metres
c) 10 Metres
d) 1 Metre
Q2: Which one of these is not a wireless technology?
a) Ethernet
b) Bluetooth
c) Microwave
d) IEEE 802.11b
St Andrew's High School, Higher Computing
142
Topic 9 – Wireless Data Applications – Pre-Requisite Knowledge
Q3: What is the main difference between a WPAN and
a WLAN?
a) A WLAN has multiple users a WPAN normally does
not
b) A WLAN does not need any cables whereas a WPAN
does
c) A WPAN has more potential connections than a
WLAN
d) A WLAN cannot share as many resources as a WPAN
St Andrew's High School, Higher Computing
143
Topic 9 – Wireless Data Applications – Introduction
There are a number of different wireless technologies
available for the different applications we are going to
look at:
Bluetooth is a low power and low bandwidth technology
for personal area networks,
802.11b, is a wireless networking standard for Local
Area Networks (along with its companions, 802.11g,
802.11a and 802.11n)
and there is a selection of wireless technologies
available for Wireless Wide Area Networking including
satellite, mobile phone networks and wireless
broadband.
St Andrew's High School, Higher Computing
144
Topic 9 – Wireless Data Applications – WPAN
A Wireless Personal Area Network (WPAN) is a
personal area network that permits communication
within about 10 meters such as Bluetooth. A WPAN
could interconnect all the ordinary computing and
communicating devices that many people carry with
them today such as mobile phone, mp3-player, laptop
and Personal Digital Assistant (PDA).
St Andrew's High School, Higher Computing
145
Topic 9 – Wireless Data Applications – WPAN
Each bluetooth device has a unique 48-bit address.
Devices are able to communicate when within range.
Eg printing from bluetooth laptop to bluetooth printer.
Using a system like this it should be possible to have all
mobile and fixed computer devices totally coordinated.
Bluetooth uses the radio waves in the frequency band of
2.4 GHz with a speed of up to 2Mbps. Bluetooth devices
can function in two modes:
circuit switched (for voice over land/wireless). This
connection is asynchronous, speed of 57.6 Kbps to 721 Kbps.
packet switched (for Internet data, as well as for higher
bandwidth mobile communication systems like the General
Packet Radio Service (GPRS)). This connection is
synchronous with at a speed of 64 Kbps.
St Andrew's High School, Higher Computing
146
Topic 9 – Wireless Data Applications – WLAN
A Wireless Local Area Network (WLAN) uses wireless
signals and wireless network cards. Wireless networks
are useful in creating temporary networks or where it is
difficult or expensive to fit a cable infrastructure. A
network station on a WLAN will be fitted with a
wireless Ethernet card which communicates with a
wireless base station (sometimes called a wireless hub).
The base station must be connected to the server in
some way (often by cable, as the bandwidth available on
cable is much greater than the bandwidth currently
available over a wireless connection).
St Andrew's High School, Higher Computing
147
Topic 9 – Wireless Data Applications – WLAN
In a small network for the home user, the wireless hub
may be replaced by a wireless router combined with an
ADSL or cable modem. There may be a number of base
stations throughout a building, since the range of
wireless networks can be as little as 100 metres or less,
and users can “roam” picking up different connections as
they move through a building.
The wireless protocol standards currently in use with
their theoretical bandwidths are:802.11b
up to 11 Mbps
802.11g
up to 54 Mbps
802.11n
up to 160 Mbps
St Andrew's High School, Higher Computing
148
Topic 9 – Wireless Data Applications – Security on WLAN
Securing a network which uses wireless workstations is
more difficult as it is difficult to physically check which
stations are connected to the network. The area within
which a wireless laptop can connect is difficult to
control and often will extend beyond the walls of the
building it is installed in. Wireless technologies come
equipped with encryption and other security features to
restrict access to them.
Wireless networks are often referred to as Wi-fi
networks. These are now popular in hotels, airports,
coffee shops and even fast food outlets, where
customers are attracted by the ability to surf the
WWW from their wireless laptops etc. Some of these
organisations will charge for the Wi-fi service.
St Andrew's High School, Higher Computing
149
Topic 9 – Wireless Data Applications – Security on WLAN
Wireless networks can be made secure by a number of
strategies
Using the MAC address of the wireless network card to
authenticate legitimate users
Use an encryption technology such as Virtual Private
Networking (VPN) to ensure that signals which are
intercepted cannot be used to extract information
about the network which a hacker could use
Use the IEEE 802.11b built in Wired Equivalent Privacy
(WEP).to encrypt wireless traffic, although this should
never be relied upon on its own as it is a relatively weak
form of security.
St Andrew's High School, Higher Computing
150
Topic 9 – Wireless Data Applications – WWAN
There are a number of Wireless Wide Area Network
(WWAN) solutions available.
Use your mobile phone to connect your laptop to the
telephone system – simple but expensive!
A satellite modem is another very expensive but more
effective solution if you want mobile connectivity, and
has the added advantage of working anywhere in the
world where the satellite can be accessed.
Wireless Broadband is likely to be the most likely
solution for rural and metropolitan areas if mobile
connectivity is not required.
St Andrew's High School, Higher Computing
151
Topic 9 – Wireless Data Applications – WWAN – Wireless Broadband
Wireless broadband is currently under
development.
WiMax (Worldwide Interoperability of
Microwave Access) 802.16.
This is a broadband wireless access
standard providing bandwidth in excess of
70Mbps.
It services wide area and
metropolitan (city) area networks. It has
a theoretical maximum distance of 31
miles giving service equivalent to T1-level
service.
St Andrew's High School, Higher Computing
152
Topic 9 – Wireless Data Applications – Summary
Wireless networking is still a relatively new technology
and there are a wide variety of standards available to
implement Personal, Local or Wide area networks.
Personal wireless area networks tend to be low
bandwidth and short range and are used for linking
portable communications equipment
Wireless local area networks tend to be high bandwidth
and medium range and are used for connecting portable
machines to conventional cabled networks or replacing
cabled networks
Wireless wide area networks tend to be mid bandwidth
and high range and are used to provide broadband
services to users who do not have access to wired
systems.
St Andrew's High School, Higher Computing
153