Networking

Concepts
Skills for the Electronic Workplace

Stephen Carr, smcarr@ist

Copyright  1998 IST SEW

Permission to use this document for non-commercial purposes, in original or modified form, is granted,
provided that the original source of the document is acknowledged as Skills for the Electronic Workplace,
Information Systems and Technology, University of Waterloo.

TABLE OF CONTENTS
INTRODUCTION .................................................................................................................................. 2

THE STRUCTURE OF NETWORKS................................................................................................... 2

LAYERS, LEVELS, HIERARCHIES............................................................................................................. 2
HIERARCHY OF NETWORKS .................................................................................................................... 2
Local Area Networks (LANs) ............................................................................................................. 2
Wide Area Networks (WANs) and the Internet.................................................................................... 3
Your Privileges on the Network ......................................................................................................... 3
LAYERED COMMUNICATION PROTOCOLS ................................................................................................ 3
HOW IT ALL WORKS TOGETHER ............................................................................................................ 5
PHYSICAL STRUCTURE OF THE CAMPUS NETWORK ................................................................................. 6
NETWORK APPLICATIONS............................................................................................................... 8
THE CLIENT / SERVER MODEL................................................................................................................ 8
EMAIL CONCEPTS .................................................................................................................................. 9
Attachments ...................................................................................................................................... 9
Configuring an Email Client Program ............................................................................................... 9
Junk Mail and Other Unwanted Mail............................................................................................... 10
WEB CONCEPTS ................................................................................................................................... 10
Features of the Web ........................................................................................................................ 11
REMOTE COMMUNICATIONS CONCEPTS ................................................................................................ 11
Remote File Systems........................................................................................................................ 11
Remote File Transfers ..................................................................................................................... 12
Remote Log-ins ............................................................................................................................... 12
Internet Service Providers and Dialing In from Home...................................................................... 12
DATA SECURITY CONCEPTS.......................................................................................................... 12
PASSWORDS AND PERMISSIONS ............................................................................................................ 12
EAVESDROPPING AND ENCRYPTION ...................................................................................................... 13
VIRUSES, TROJAN HORSES, AND WORMS ............................................................................................. 13
ACKNOWLEDGEMENTS.................................................................................................................. 13

-1- IST-SEW
Introduction
Networks connect computers together. Advantages of networking include communication with other users,
sharing resources such as printers and software, centralization of software and account maintenance, and
mobility of users.

This course will introduce the basic concepts necessary to make effective use of a networked computing
environment. The majority of these concepts are independent of the type of computer workstation or its
operating system.

The technical side of computer networking is pretty complicated, and descriptions of it are littered with
acronyms. The purpose of this course is to demystify the workings of a network as much as possible. Since
most networking applications require some user configuration, we will focus on the common applications
and the terms that average users are likely to encounter.

The Structure of Networks

Layers, Levels, Hierarchies

When we talk about networks (and many other computing concepts as well), we discover that most things
are organized in a “layered” or hierarchical fashion. The purpose of this section is to provide an overview
of how networks work, particularly the Internet. Let’s start by looking at the hierarchy of networks
themselves.

Hierarchy of Networks
The Internet consists of interconnected sub-networks. Let’s look at the hierarchy of networks.

W AN / Internet

LAN

Loc al
W orks tation

Figure 1: Hierarchy of Networks

Local Area Networks (LANs)

If we connect a computer workstation to its neighbour in the next office to share a printer we end up with
a local area network (LAN). Often, a local area network consists of connected computers of a similar type

-2- IST-SEW
(i.e., using the same operating system) which are located in a limited geographical area. The Waterloo
Polaris network on campus is an example of a (rather large) PC LAN. The purpose of a LAN is usually to
pool the computing resources of a group of users. This pooling allows for cost savings such as is achieved
by providing centralized printing. The other main advantage of a LAN is to provide centralized
administration services for the users, such as software installation and maintenance, automated back-ups of
files, network security (passwords), etc.

More generally a LAN is a network such as the campus network as a whole which connects computers of
various types, and various sub-networks (including Waterloo Polaris), within a small geographical area.
The network supports various campus-wide functions such as the financial system database, the dial-in
modem pool, centralized data processing functions, etc. The campus network is much more diversified in
terms of its functions than a homogeneous LAN, and individual users generally only have access to a small
subset of these functions.

Wide Area Networks (WANs) and the Internet

A Wide Area Network (WAN) connects networks of computers of various types over a wide
geographical area. The world-wide Internet is the largest possible example of a WAN. The campus
network provides a link to the Internet  remote sites linked by data communications over the global
telecommunication system.

Your Privileges on the Network

It is important to realize that you have different privileges at different network “levels”. For example,
you generally have quite a bit of latitude to modify your local workstation as you please. Your office area
LAN may allow you access to some shared network drives and printers, but not others. (Your network
administrator is the person who configures your LAN). Although you probably have access to the
Internet, you generally have very limited privileges to do anything other than collect information (read-
only access). However, if you save that information locally on your workstation, you can then modify
your local copy.

It is essential that you recognize which files (and disk drives) are local to your workstation and which are
being made available to you over the network. This distinction is important because it relates to data
security  whether or not the files are being backed up or whether they are accessible by people other
than you. The location of disk and files is not always obvious, since remote disk drives can be “mounted”
by your workstation to look and behave just like local drives. Also, some operating systems such as
Windows98 blur the distinction between local and remote files even further by integrating Web browsing
tools into the file management software.

Layered Communication Protocols

So, how do the many different kinds of computers that make up the Internet communicate with each other?
Diplomats from different countries rely on standard diplomatic protocols in order to communicate without
misinterpretation. Similarly, computers on the Internet share information according to agreed upon
protocols (communication rules) which allow them to correctly route and interpret the transmitted
messages. The particular set of protocols that define the Internet is called the TCP/IP protocol suite. The
TCP/IP protocol suite is designed in layers, each successively lower layer providing a library of more
fundamental functions required by more and more applications.

Technically, there are seven layers in the protocol suite, but for the purposes of this course, and for clarity
of understanding, we will simplify the discussion by talking about just four layers: the applications layer,
the transport layer, the network layer, and the data-link layer. These layers roughly correspond (if you lump
together the middle two layers) to the programs, operating system and hardware layers of your computer
workstation, respectively.

Each protocol layer relies on the protocols provided by the layers beneath it. The figure below summarizes
the layers of the TCP/IP protocol suite.

-3- IST-SEW
 Applic ations Layer

T rans port Layer

N etw ork Layer

D ata-Link
Layer

Figure 2: TCP/IP Protocol Suite

In the applications layer, there are various application protocols which enable the tasks we perform on the
Internet, including

• Electronic mail, text-based communications using Simple Mail Transfer Protocol (SMTP)
• News, discussion groups using Network News Transfer Protocol (NNTP)
• World-Wide Web, multi-media electronic “publishing” using HyperText Transfer Protocol (HTTP)
• File transfers, using File Transfer Protocol (FTP)
• Remote terminal sessions using, e.g. TELNET
• Remote file system access using Network File System protocol (NFS), or Server Message Block
protocol (SMB)

Networking applications are available to anyone with a connection to the Internet and appropriate client
software on their workstation (see The Client / Server Model below). You can think of the application
layer protocols as defining the syntax of the messages being transmitted by the application. Application
layer protocols communicate with the lower level protocols through software structures called ports. Most
server applications have dedicated port numbers. Network traffic directed to a particular port number is
processed by a single network application. For example, a Web server application “listens” on port 80 for
incoming Web traffic.

The transport layer includes three protocols, TCP, UDP, and ICMP.
Transmission Control Protocol (TCP) ensures reliable transmission of large messages by
• breaking up long messages into smaller pieces called datagrams
• handling the sending and reception of those datagrams with delivery acknowledgements and error
checking
• reassembling messages from datagrams.
User Datagram Protocol (UDP) is used for small messages that fit into a single datagram. Reliability of
delivery is not ensured. If no response is received in a reasonable time, the message is just resent.
Internet Control Message Protocol (ICMP) is another unreliable delivery protocol used to transmit error
messages generated and used by the lower level protocols.

Routing of messages is handled by the network layer using Internet Protocol (IP). Each computer on the
Internet is assigned an IP address composed of four eight-bit segments (represented as decimal numbers 0

-4- IST-SEW
to 255) separated by dots (periods). The first two of these numbers are assigned by a central authority to
identify a LAN connected to the Internet. For example, all computers at UW have an IP address beginning
with 129. 97. The next number is usually your local subnet of the LAN assigned at UW (e.g. that
corresponding to your department). The last number, also assigned at UW, indicates your particular
workstation. To make addressing easier for humans, each workstation can also have a name corresponding
to its address. For example the UW Unix host with IP address 129.97.108.150 is called ist.uwaterloo.ca,
where the host name is “ist” and the domain name is “uwaterloo.ca”. An application layer process called
Domain Name Service (DNS) does the translation between names and IP addresses from a local copy of a
continuously updated list. The network layer relies on intelligent devices called routers to monitor and
direct the comings and goings of datagrams between networks.

The data-link protocol layer directs messages to specific hardware devices such as switches and network
cards. Each piece of networking hardware has a built-in physical address (a.k.a. Media Access Control or
MAC address). At UW, the data-link layer predominantly uses Ethernet protocols and the physical address
is called an Ethernet address. Conversion between IP addresses and physical address is handled by
Address Resolution Protocol (ARP) via a table look-up procedure. Data traffic is controlled on campus
with Ethernet switches and repeaters. A switch can intelligently control the flow of data so that it only
passes to the network segment where it is needed. A repeater just passes datagrams from one cable on to all
other connected cables. The type of cable most commonly used on campus is Unshielded Twisted Pair
(UTP), which just means that there are two conductors twisted together inside a protective plastic sheath.

How It All Works Together

Let’s look at an example to see how all these levels work together. Say you send an email message to a
friend at another university. You use an email application to do this, such as Eudora on a PC or Macintosh.
Your email program creates and sends the message to your local email server, which passes it on to the
remote email server. Your friend uses his own mail client program to get the mail from his mail server (see
The Client / Server Model below).

At the applications protocol layer, the email message data is assembled according to Simple Mail Transfer
Protocol which the email server programs (usually running on Unix hosts) at either end can understand.
The next problem is to get the message from your computer to your friend’s computer over the Internet.
The mail application makes its connection to the lower level transport layer protocol, TCP, through a port
which is assigned an arbitrary number. The port number of the destination server program is predetermined
by convention to be 25. TCP breaks your long mail message up into datagrams. Each datagram has a data
section (a piece of your mail message) and a header section which contains the source and destination IP
addresses, the source and destination port numbers, a check sum to identify the amount of information in
the data, and some ordering information so the mail message can be put back together again. TCP then
passes its datagrams along to IP for routing from your computer to your friend’s.

IP takes a TCP datagram as its data and adds its own header containing the source and destination IP
addresses and a check sum, thus creating a new datagram which envelops the one provided by TCP. Each
IP datagram is sent along independently of the others. The job of getting each datagram to its destination is
accomplished by sending it off to a router (gateway) which connects the local network to outside networks.
If there is more than one router on the local network, then usually one of them is chosen as the default. If it
turns out that another router would have been preferable, then this information is stored in each computer’s
local routing table. Routers use other protocols to determine the best routes amongst themselves.

-5- IST-SEW
 Applic ations
Layer D atagram

T CP D atagram

IP D atagram

T o Cabling S ys tem

D ata-Link Layer P ac ket

Figure 3: Packaging of Datagrams by TCP/IP Protocol Layers

The physical transport media determines what goes on at the data-link level. On an Ethernet network each
IP datagram becomes the data portion of an Ethernet packet whose header contains the physical (MAC or
Ethernet) addresses of the source and destination involved, and a check sum is added to the end. The
translation between IP addresses and physical addresses is done via an ARP table. When a router connects
two networks that use different physical media (e.g. Ethernet and fiber optic cable), translation between
data-link protocols is done by the router. When the datagrams reach their destination, they are unwrapped
one layer at a time, reassembled by TCP, and passed, ultimately, to the destination port for interpretation by
the receiving application.

Physical Structure of the Campus Network

Currently, the campus network is organized in two layers. The top layer is the uwaterloo.ca network
(129.97), which is connected via a router to ONet (the Ontario regional network) and from there to Canada-
wide networks. The first level network is a ring of routers connected by fiber optic cable. The second level
network consists of many subnetworks serving many academic and administrative departments.

-6- IST-SEW
 CANARIE
UW campus network, IP subnet topology
CA*net-II 1998-07-15
Bell level-one level-two networks
ITS networks
admin1 , admin2 , ahs, cs , csgrad ,
ONet descartes, echadmin, gsccom,
cn-mc math , mathfaculty1 , mcadmin ,
mfcf , opera, opt, uwcs , watserv
bfg, bcr , ccng , cgl , cong, ece ,
cn-dc engxdc , marti , sd , sho , swen , vlsi
cn-onet
uw admin3 , arts , b1b2esc , c2phy,
pp1, pp2, cn-phy fes1, fes2, hagey, lib, me , mlech,
pp3, pp6 psych, renison , sjc
res1, rn-rtv1 cn-rtmc cecs, cn, dcs, hs, tlab
res2,
res3 cn-rte2 cgc, cpp, cupid, eng2, esc, hr, intaud,
plantops
Figure 4: UW Campus Network (courtesy R. Watt)
The topology of the campus network is changing as technological advances take place.
The bulk of the networking hardware at UW consists of Ethernet devices connected by UTP
cable. Over the years, these devices have evolved significantly. Originally, Ethernet was
designed to operate over co-axial cable, with computers connected serially along segments of
cable which carried traffic generated by all the attached hosts. To maintain the signal strength,
cable segments were connected with repeaters that just passed along Ethernet packets from one
cable to the next. In order to keep local traffic localized, some intelligence was added to a
repeater, so that only packets intended for hosts on the other segment would be passed on. This
device was called a bridge. There were also multi-port repeaters to connect several Ethernet
segments. Computers were connected to the Ethernet co-axial cable though an Ethernet interface
card. Routing (an IP layer task) was done by network hosts containing several Ethernet cards
connected to different IP subnets (i.e. computers with more than one Ethernet address) or by
dedicated routing devices.

Within the last few years, UTP cabling has supplanted co-axial cable. This change has improved
both speed and reliability of communication. A UTP cable joins only one host to another
Ethernet device, so only a single computer is affected by a bad connection, and all of the
“bandwidth” (data communications capacity) of the cable is available to that one computer.
Communication speeds can also 10 to 100 times faster over UTP than over co-axial cable. The
wiring for a typical workstation at UW today is shown below.

-7- IST-SEW
 floor-area wiring closet: UTP/Ethernet multi-port repeater
UTP
wiring
panel
station-mgmt module with multi-
port repeater and AUI, BNC,or
four pairs of twisted FOIRL connection to thick, thin,
24g solid copper wires or fibre segment
(max: 100m, 1 device)

two-port computer
faceplate
in office
Ethernet board with RJ45 port
and built-in transceiver

Figure 5: Typical Wiring of a Workstation at UW (courtesy R. Watt)

Along with the change of cabling media, came improvements in the miniaturization and
intelligence of bridging technology. The bridge evolved into the Ethernet switch, an intelligent
device, containing numerous bridges, that can control traffic among many connected UTP
segments. Today, Ethernet switches and hubs (multi-port repeaters) are the means of connecting
networked computers. A switch can also be programmed to create VLANs (virtual LANs)
which may span IP subnets, allowing it to do some work formerly done by a router. Also, an IP
router can be built right in to a switch. Therefore the number of physical devices required to
connect even a large modern LAN is becoming quite small.

Network Applications

The Client / Server Model

Computing networks have evolved away from the “main frame” with connected “dumb terminals” where
all task were done centrally, into a distributed computing environment. In distributed computing, different
computers may take on specific functions, such as file storage, email, Web, etc. This distributed network
architecture resulted in the client/server model of interaction. A server is a program (computer) which
stores some files and transmits them (i.e. copies of them) over the network when a request is received from
a client program (computer). A client (program) requests files from a server and presents the received files
in a form which is useful to the end user. Often a single computer is dedicated to running a single server
program, so the computer itself is referred to as a server. For example, a file server is a computer that stores
files on its local hard disk(s) and sends them over the network to client computers that request them. As a
second example, a Web server stores HTML files on its local disks and sends them out when requested by
computers running a (client) Web browser program.

These days most computers are multi-tasking (can run many programs simultaneously), so a single
computer can run several server and client programs at the same time. However, because server
functions can use up a lot of a computer's available hardware resources, it is still common practice to
provide computers which are dedicated servers for a network, as separate from the workstations which

-8- IST-SEW
run network clients and other application programs. Also, it is commonly the case that workstations are
PCs running Microsoft Windows 95 or Apple MacOS operating systems while servers often run more the
sophisticated Unix or Microsoft NT operating systems.

Email Concepts
As briefly discussed above, email is enabled over the Internet via Simple Mail Transfer Protocol
(SMTP) as the method by which one email server process talks to another. The email servers at
each end of a communication take care of the transmission of the message between them. Humans
communicate with their local mail servers through client programs. The client programs are the
ones familiar to users, such as Pine or Eudora. They take care of the tasks of displaying, editing,
and managing mail messages. We've already discussed the server-side process of transferring a
mail message via TCP/IP over the Internet. Now lets discuss some of the client-side issues.

Attachments
Like most TCP/IP data files, email messages consist of plain text (ASCII text). But most people
these days are aware that binary files such as spreadsheets or word processor documents can also
be “attached” to an email message. How does this work?

Any attached binary file must first be converted into plain ASCII text before it can be sent via
SMTP. To do this, email client programs use one of several encoding methods. The most
common of these is called MIME (Multipurpose Internet Mail Extensions). MIME can also be
used to include sounds and images in mail messages, depending on the capabilities of the email
client program.

Other methods of encoding attachments are BINHEX, a method introduced by Apple for the
Macintosh, and uuencoding, an older method originating in the Unix operating system.

Most current email client programs only use MIME and/or BINHEX. If you receive an
attachment in a form that your mail client can't decode, then you need to save it and find a utility
program that can.

Configuring an Email Client Program

When you first install an email client program on your workstation, it needs to be configured in
order to be able to connect to a mail server program. Configuration is usually done under the
Preferences or Options menu of the client program.

In order to send mail, you need to identify an SMTP server, either by its domain name or IP
number. If you are using an Internet Service Provider (ISP) other than the UW’s dial-in server
to gain access to the Internet, it is important that you configure your mail client program with the
SMTP server provided by your ISP. Otherwise, you may be prevented from sending mail to off-
campus addresses (see Junk Mail and Other Unwanted Mail below).

In order to receive mail you need to identify a Post Office Protocol (POP) account (your
account on a computer that runs an SMTP server and a POP server). POP is an application
protocol provides a means of transferring your new mail from an SMTP server to your local
workstation. Your email client program can be configured to automatically check for new mail
on the mail server by establishing an POP connection periodically (as long as the client program
is running). An alternative to POP is Internet Mail Access Protocol (IMAP), which allows you
to keep a single mailbox on a mail server instead of downloading mail to your local workstation.
Many email clients will allow you to use either POP or IMAP.

An alternative method of using email is to log in directly to the email server and run an email
client program there. For example, most email servers run on Unix computers, but these same
computers also run email client programs such as Pine or Elm.

-9- IST-SEW
Junk Mail and Other Unwanted Mail
The Internet was originally designed on the premise of friendly co-operation. For example, email servers
were designed to pass on to the correct destination any incoming mail messages not destined for one of
its local users. Unfortunately, unscrupulous people are now taking advantage of the original openness of
the Internet. Mass junk mailing, or “spam” mail, is accomplished by sending mail to large lists of email
addresses (obtained by “mining” the Internet) through a friendly SMTP server. At UW, there is now an
effort underway to eliminate junk mail traffic through our servers by disabling the relay feature of all our
mail servers. This does not prevent users from receiving junk mail sent through SMTP servers off
campus, but reduces the number of mail servers that can be used to send junk mailings.

It is also possible to filter out unwanted email messages. Many email client programs have this feature.
The filtering is based on key words that appear in the email header. For example, it is possible to filter
out and discard messages originating from a particular address. However, it is difficult to set up a filter
which will remove all junk mail, since this originates from many sources and the message subject lines
are all different. Note that if you do set up mail filtering, particularly for keywords (e.g. “money”) in the
subject line, it is possible that you will discard some useful mail too by mistake.

Web Concepts
The World-Wide Web (a.k.a. the Web) is the latest and, perhaps, the most flexible and useful applications
on the Internet. In fact, the Web incorporates and integrates all familiar network applications such as e-
mail, file transfer (FTP), news, etc. The Web was developed at the CERN high energy physics lab in
Geneva, Switzerland, in order to facilitate collaborative research with colleagues around the world. First
conceived in 1989 and only in wide distribution since 1993, it has rapidly been adopted as the standard for
multimedia communications on the Internet. Development of the Web is currently being managed by the
World-Wide Web Consortium (W3C), an international body representing the interests of member
corporations, universities, governments and research establishments.

The Web may best be thought of as a system of digital “publishers” and “subscribers” (the servers and
clients, respectively). Web servers store and provide any combination of text, graphics, sounds, movies and
programs (e.g. Java or ActiveX applets). The information a publisher supplies is not restricted to materials
prepared locally; it can be gathered from many sources distributed all over the Internet simply by
“pointing” to it. The Web client programs or “browsers” present the received information in a graphical,
point-and-click environment.

The basis of the Web is Hypertext Transfer Protocol (HTTP) which is a convention for moving
multimedia information around the Internet. Part of this protocol is the Hypertext Markup Language
(HTML), which is a language for formatting multimedia documents. All of the user interface constructs,
such as text, images, and links (buttons that connect the viewer to other documents, local or anywhere on
the Internet), are described by HTML. HTML documents consist of ASCII text containing “tags” which
describe the format. The Web client translates the HTML document into the layout of the user’s screen.
The W3C is recommending that HTML be replaced with a more flexible variant called eXtensible
Markup Language (XML).

In order to publish information on the Web, information providers must have an account on a computer
running a Web server program. Because the server must be running all the time, computers with a true
multi-tasking operating system (such as UNIX or NT) make the most efficient servers. Also, storing and
moving large movies, sounds and graphics can put a significant load on the computer, so a fast computer
with a lot of memory really helps. Unlike other Internet applications such as FTP or Telnet, the
communications between Web servers do not require the clients to log in. Servers can be configured to
provide some security, however, e.g. only allowing requests from a local network domain rather than the
whole world, or requiring a authentication of users via a password.

- 10 - IST-SEW
Features of the Web
URLs
A valuable feature of HTTP is the Uniform Resource Locator (URL). A URL is a way of addressing
just about any form of information on the Internet. From ordinary files in a file system, to FTP archives,
gopher sites (a text-based precursor to the Web), Usenet newsgroups, etc. URL addresses allow the Web
to function as a unifying interface to these diverse resources on the Internet.

The URL for a Web resource begins with http://, an FTP site with ftp://, a news group with news://, etc.
An unofficial convention for addressing Web servers is http://www.server_name.domain e.g.,
http://www.uwaterloo.ca, which is an alias for the actual host name running the server application.

Image Maps
An attractive form of user interface is the image map. An image map is an image file which has areas
defined on it to serve as buttons (“hot links”). For example, a campus map could be an image map where
the buildings are buttons that link to their floor maps.

Forms
Another useful interface tool is the fill-in form. A form allows the subscriber (client) to supply
information to the server to be acted upon. For example a form interface can be used to query a database.

Applets
Most browsers have built-in virtual machines, programs that can interpret programs downloaded via
HTTP from a Web server. Programs written in Java or ActiveX can be interpreted and run through a
browser.

Common Gateway Interface (CGI) Scripts

CGI scripts allow the Web server to control other programs on the computer. For example, a form works
by providing the users information to a CGI script written in C, Perl, or some other supported language.
The script is then executed, processing the information provided and interacting with other programs on
the server such as mail, a database, etc.

Remote Communications Concepts

Remote File Systems

One of the most common server functions on a network is file service. A file server provides centralized
storage of user files. Remote file system protocols allow a client workstation to mount a remote file
system on the network as if it were a local hard disk. Users can then interact with the remote disk space
exactly as they would with a local device. Advantages of remote file systems are the ability to allocate
disk quotas and centralized back-ups. It is also possible to configure remote file systems for sharing files,
so that only people in a specified group of users can read and write files to the shared space.

There are several application protocols which enable remote file service, the most common being the
Network File System (NFS) and Server Message Block (SMB). NFS was developed for the Unix
operating system, but PC clients also exist. SMB is used with Windows NT servers and Windows 95/NT
clients. There is also an SMB server for Unix called Samba, which allows a Unix file system to be
mounted as a drive on Windows 95 or NT workstations.

One important point of network management practice is that it is the disks attached to a file server that
are backed up (archived) to tapes. These are often users' files stored on a remote file server. It is
important to note that most workstations also have a local hard disk. Any user files stored on a local hard
disk are not usually backed up by the system and are vulnerable to loss if a hardware failure occurs.

- 11 - IST-SEW
Remote File Transfers
To move files between a local workstation and network drives which are not exported as remote file
systems, an application protocol called File Transfer Protocol (FTP) can be used. An FTP server
requires the user to log via a password through an FTP client program on the workstation. The client
program can range from a simple text-based, command-line-driven user interface to a graphical view of
the two file systems which allows files to be dragged from one to the other. The common feature of FTP
is that it requires a user ID and password to be supplied on the remote host. If anyone is to be allowed
access to the files served via FTP, a user ID of anonymous is required and, by convention, the user
supplies his or her email address as the password (although any password  or no password at all  is
acceptable).

Remote Log-ins
If you have a user account on a remote (Unix) computer attached to the Internet, it is possible to log in
remotely to that account to run programs, manage files etc. The most common application protocol for
remote log-ins is called TELNET. A telnet client program emulates a text terminal and requires the user
to log in to the remote account, which then looks and behaves as if the user had logged in directly. It is
also possible to run emulators for other Unix terminal types such as graphical X windows terminals,
which allow graphical applications to by executed remotely.

Internet Service Providers and Dialing In from Home

If you want to connect a home PC to the Internet it is necessary to connect via a modem (modulator-
demodulator)  a device which translates digital signals into analogue signals for transmission over
phone lines, and vice versa. Typically you run a client program on your home PC which establishes a
telephone connection to the Internet Service Provider (ISP) and also emulates a simple text terminal. If
you dial in to the UW modem pool, UW is acting as your ISP.

In order to perform Internet functions, the TCP/IP networking layer must be installed your home
computer. Networking is built in to Windows 95/NT and the recent releases of MacOS. For older PC
running Windows 3.1 and older Macs, TCP/IP functionality must be installed separately (as Trumpet
Winsock, LAN Workplace, or MacTCP). Two common data link protocols enable an Internet connection
over your telephone line, Point-to-Point Protocol (PPP) and Serial Line IP (SLIP). Again, these are built
in to current operating systems, but must be added to older ones.

Once a PPP or SLIP connection is established, your home PC becomes a host on the Internet. It is
assigned a temporary IP address on the IP domain of the network you are dialing in to. For example, if
you dial in to the UW dial-in server and establish a PPP connection, your home PC becomes a host in the
uwaterloo.ca domain. Once a PPP connection is established you can run various network client programs
on your home PC such as a Web browser, email, etc.

Data Security Concepts

Passwords and Permissions

When accounts and information are distributed over a network, it becomes more difficult to protect the
privacy of the users. The main methods of maintaining privacy are passwords and file permissions.

Your connection to the network or to a specific account should be password protected. Here are some
simple tips regarding passwords:
• Don’t use anyone’s name, any dictionary word, or a number as a password. Programs that run through
an exhaustive list of passwords can deduce these.
• Don’t share your password with anyone.
• Don’t write your password down anywhere. If you forget it, your system administrator can change it.

- 12 - IST-SEW
File servers are computers that allow multiple users. The privacy of your files is protected by permissions
associated with each file. Make sure that your private files are only readable by you (which they should be
by default). If you want to share files or publish them on the Web, you can change the permissions to allow
them to be readable by others.

Eavesdropping and Encryption

Most network traffic is commonly in the form of plain text files. We have seen this in the discussion of
email above. TCP/IP was designed such that datagrams are ignored by hosts for which they are not
intended. However, snooper programs can be written which listen to all traffic. Consequently, Internet
traffic is not generally secure. For most types of communications, people are willing to take the risk that
someone may be “listening”. However, security is a requirement for business transactions, etc.

Modern, switched Ethernet networks provide a reasonable degree of security against eavesdropping by
localizing traffic. Switches and routers that localize traffic are often referred to as firewalls. However, to
ensure secure transmission of information across the Internet it is necessary to encrypt the data portion of
datagrams. That is, an algorithm known only by the sender and the receiver transforms the data. There are
several “strong” encryption schemes, including Kerberos and PGP (Pretty Good Privacy), which produce
essentially unbreakable codes.

Viruses, Trojan Horses, and Worms

With the ease of communication on a network, the spread of malicious programs can become a problem.
Viruses, executable programs which self-replicate, are usually spread by attaching themselves to other
programs or system files which are shared or transferred on removable storage devices. Viruses are usually
more of a nuisance than a danger to your data. A Trojan horse is a computer program that carries within
itself a means to allow he creator of the program access to the system using it. Trojan horses are often a
means of carrying a virus into a system. Worms are self-propagating and replicating programs designed to
infect networked hosts.

It is important to use anti-virus software regularly when you work on a network. Note: Viruses can only
be transmitted if you run a program containing one. It is impossible to get a virus by simply reading
email, unless you save and execute an attached program containing a virus.

Acknowledgements
The author would like to acknowledge the contribution of Roger Watt, Manager, IST Systems, who
provided valuable technical information and many of the presentation slides used in this course. I would
also like to thank Ray White of IST Systems for his clarification and explanation of many of the nitty-gritty
details. A special thanks also goes out to Greg Cummings of IST Production Support for providing
demonstration equipment and conducting the behind-the-scenes tour.

- 13 - IST-SEW