The Processes that Occur in a Network - Essay Example

?The Processes that Occur in a Network Sharing information and resources was the basic idea behind initial network implementations but today networkshave grown so advance and intelligent that their technological advancements have broken all traditional barriers. Today, a student can access university resources from his laptop or at home through numerous wired or wireless network means. These mind boggling network implementations have extended the scope of knowledge and complexity of networks, multiple times. CISCO Systems (2010) outlines this change, “These are wondrous times in education: students and faculty are using technology to break down barriers, bring people together, and fire the imagination”. There are several processes that are running concurrently, both at server and client ends, to make this communication a success. A thorough knowledge of these devices and their roles, protocols and associated technologies, at various levels of the network, is required for understanding the process that take place in a network for communication to occur successfully. Analyzing the process at various layers of a network demands a methodical comprehension of a ‘broad brush’ picture of the communication channel and protocol stack that might be at work behind the scene. More often than not, access to private networks, like the X-Stream server from our home or some other remote location is materialized through Virtual Private Network (VPN) technology. VPN is used to access a private network, like a university Learning Management System (LMS), over a public network like the Internet. When a student access X-Stream Server over a public network, this implementation of VPN is known to be an ‘Access VPN’. VPN ensures a secure access to the private resource through implementation of security at various layers of the communication channel. As VPN runs over a TCP/IP network, therefore an insight into the TCP/IP stack is prerequisite to know exactly what processes are run and catered for in a VPN implementation over a TCP/IP packet-switched network. TCP/IP is the most commonly used group of protocols over the Internet as well as on private networks. TCP/IP has operational and functional association with seven layers of OSI Modal. The four layers used to define communication spectrum over the TCP/IP suit of protocols includes; Application Layer, Host to Host Layer , Internet Layer and Network Access Layer. The process that occurs on the network is mainly the study of data as it travels through the TCP/IP stack because WAN is only used as a vehicle to carry data and no significant processing is done as far the data is concerned. There are several important protocols that forms a part of the TCP/IP protocol suite which includes FTP, TFTP, VoIP, HTTP, ICMP, UDP, ARP and RARP etc. Moreover the RIP and OSPF are also the part of TCP/IP protocol suite which ensures the routing of the information over a network. From a user’s perspective the process that occur on a network starts with the use of application software that can talk to a underlying network e.g. a web browser that uses HTTP to make things happen for a user. Comer refers this as the application level internet service and states, “From a user’s point view, the internet appears to consist of a set of application programs that use the underlying network to carry out useful communication tasks”(3). Moreover the session of communication instance is maintained at the Application Layer, however these session are not logged by HTTP. “Each HTTP request is self-contained; the server does not keep a history of previous request or previous sessions” (Comer, 490). At next level the processes to ensure and enforce the data integrity, correctness and reliable packet delivery are guarded by the Host to Host layer. This layer also segments and sequences the continuous stream of data that leaves a user end and reassembles it at server end while acknowledging the receipt of each segment. “As each segment of data is received at the destination, an acknowledgement is sent to the sender, with a specific period. If an acknowledgement is not sent with that time, the sender resends the data” (Blank, 46). The role of Internet Layer, at TCP/IP stack is considered most important because it is responsible for moving packet through a network. The Internet layer at TCP/IP stack is comparable to Network Layer of the OSI Reference Model. At this layer a packet is assigned addresses which will be used throughout the network to recognize the origin and the destination of the packet. Moreover routing information is appended to the packet to ensure the reliable delivery. Kozierok observes “At this layer, you find IP, which is arguably the heart of TCP/IP, as well as supports protocols such as Internet Control Message Protocol (ICMP) and the routing protocols (RIP, OSPF, BGP and so on)”(129). At the last layer of TCP/IP Protocol suite, data format for it transmission is finalized by the Network Access layer. It is important to note that when a remote user access the X-Stream Server from his browser, the data traverse all layers of the TCP/IP stack from top to bottom before it reaches the local router for further dispatch to its destination, where it traverse from TCP/IP layers in a reverse order. This debate on TCP/IP is mainly concerned with two extreme end i.e. a user and X-Stream Server and VPN is mostly looking after the information security and communication details on the public networks. There may be many different implementations of VPNs, however we can assume a general implementation for our reference. In my perceived scenario, when a remote user access the X-Stream Server from it web browser, it first hits a CPE (Consumer Premises Equipment). This may be a modem or a home based router (if one is used to connect the internet, otherwise the user may connect to its ISP in several different ways including the dialup connections). This CPE then routes this request to the local ISP responsible for the provision of internet services to the user. As soon as the request for the X-Stream Server leaves the user premises, there exists a well converged network path for this request to route through various routers. This converged route is not a constant path to the destination rather it can converge differently over a failure of some link and it normally depends on the routing table converged at various routers on the path. The basic philosophy behind these converged routing tables is to route the traffic, in a minimum possible time and hops count (A Hop is a terminology used to explain the number of devices passed to a reach a destination network). It is important to note that the CPE installed at a remote location for establishing connection to a local ISP is termed as the demarcation point and a user is seldom aware of the path that is adopted by the router to route his request to a destination beyond this demarcation point. The area of network beyond the demarcation point to the ISP, is known to be the local loop. This local loop is the responsibility of the concerned ISP. The demarcation point is also a point from where the boundaries of Wide Area Network (WAN) starts and various WAN technologies take effect from this point onward until the traffic reached the demarcation point at the destination network. We are assuming a packet switch network and WAN technologies implemented on the traffic within an ISP are considered beyond the scope of this paper. However, the network and data security beyond the demarcation point is the responsibility of the ISP and the ISP will route the network traffic securely to the destination network. In our case the destination is supposed to be the VPN router at X-Stream, once the traffic is reached at the destination data security is handled by the private Local Area Network (LAN) of the University. Unless a VPN connection is establish between the remote user and the destination network, all traffic from the remote user machine to the X-Stream is unencrypted. All machines at WAN that exist on the route between a remote user and the X-Stream can read the information contained in a messages. However, the encryption comes into play when a VPN session is established between the remote user and the VPN router or X-stream Server, which normally require a login with University issued login credentials, all the communication between the remote user and X-Stream server is encrypted. It is important to note that all the intervening machines which occur on the path to destination and those which are the part of the WAN infrastructure cannot read the information contained in the message. Packets over a VPN channel have open and readable network specific information to route through the public network even if they are encrypted. Source and destination information in a packet header are required to be changed at every hop and therefore WAN machines can read and update specific information in a header but cannot read the payload information. Having knowledge of the VPN traffic and its route, now we will have a look at the various processes that take place at remote client machine and the X-Stream server. It is important to note that VPN only ensures the secure communication channel and you can still identify the problem areas with actual data. These issues are looked after through many processes both at the client and server ends. There are four basic areas where these processes are applied during a communication session. At either side these areas include user / server applications; operating systems; network stack and the hardware. At application level the VPN connection is established between client and server application. This database or application level user authentication and information security is implemented through the use of Secure Socket Layer (SSL) framework. SSL ensure ensures the security of the credential during the establish VPN communication session. Application level process are usually implemented at the server side to ensure a protected access to authorized external or remote user machines. Similarly, a secure VPN session does not guarantee the protection at Operating System (OS) level attacks e.g. a virus attack. To guarantee protection at either side of the channel OS level security practices are adopted to avoid any damage to the destination machine after decryption. For the same reason we have operating system level virus protect at remote user machine as well as at X-Stream server for safety of the machine and information. Moreover, the file sharing and other network setting can harm either side of a communication channel if appropriate processes are not adopted to address the potential threats at OS level. VPN only ensures the security at public network through encryption and once the information is transmitted by the VPN server for inward dispatch to the concern machine or server it is unencrypted information.. SSL ensures the encryption of data at application port level. Therefore, the security of information at client end or in the private network of a university is not the responsibility of a VPN server. SSL and OS level security frameworks are implemented widely along VPN to ensure security of the information. It is important to note that the scenario stated above is an implementation of network where the VPN server and the application server are two different machines, however if the X-Stream server is acting both as the VPN server and the application server then implementation of SSL becomes optional, though not a recommended practice. At network stack level security and integrity of information till it reaches the X-Stream server and vice versa is the responsibility of the TCP/IP protocol suit. Cyclic Redundancy Check (CRC) at both ends of the communication channel ensures the data integrity as it passes through various layer of the network. It has the built in mechanism to request for a retransmission of the packets reported corrupt. Similarly, there are several processes implemented through the use of specialized equipment at the server side to ensure the integrity and security of the information. Perimeter Firewall is the outer boundary wall of a secure network implementation. Firewall can implement security at network level through IP address or at application level through denying or permitting communication at specific application port for various application servers in the network. Intrusion Protection System (IPS) is the next layer of security at network level, which scans the network traffic for known and unknown patterns and scripts. Moreover, there are other process and technologies like Active Directory to ensure user authentication and authorization at server end, Public and Key Infrastructure (PKI) which controls the network access for users based on a pre-shared Public and Private Keyes infrastructure. Details of the actual systems at X-Stream may vary, however some of the basic infrastructure devices and services are discussed in this document. The document only provides a big picture of the process that occurs when a student accesses the X-Stream Server from a remote location. References Blank, Andrew, G. (2004) TCP/IP Foundations.USA, SYBEX. CISCO Systems (2010) Smarter Solutions for Education: Intelligent Networking 101, (Internet), USA, CISCO Systems. Available from: < http://www.cisco.com/en/US/> [Accessed 10th January, 2011]. Comer, Douglus E. (2006) Internetworking with TCP/IP: Principals, Protocols and Architecture. (5th ed.). USA, Pearson Printice Hall. Kozierok, Charles, M. (2005) The TCP/IP Guide,USA, No Starch Press. Read More