So what is a network?
A network supports the interconnection of many devices and a protocol for ensuring they can communicate with one another in the most effective way. The best way to understand how networks work is to visualise each element of the network as a layer, one on top of another. The conceptual model that describes this layered model is known as the OSI Reference Model, which has seven layers. All Network professionals use this in their day to day design and engineering work.
For our purposes we can simplify it into three layers, going from the bottom up there is:
1. The Physical layer – the cable between machines (typically called 100BaseT, uses four pairs), the card in the back of your machine (802.3 Ethernet NIC) or Wireless Networking adapter (802.11n etc) etc.
2. Data Link, Network and Transport Layers – Responsible for managing the addressing, routing and packaging of data around the network. Includes the Internet protocol (TCP/IP), gaming and file transfer based protocols (such as UDP), and VPN networking from home to your office (PPTP or IPSec)
3. And the Session, Presentation and Application Layers – file sharing and database access in the office (NetBIOS, Named Pipes, NFS), Internet browsing (HTTP, DNS), eMail (MIME, SMTP, POP3) and securing Internet banking or shopping (SSL/TLS)
Breaking it out into layers like this helps us understand when we buy software or hardware which layer(s) it works at and therefore what it can provide for us. Is it providing connectivity, access to another Wide Area Network (WAN, i.e. for the Internet), security or access to my own Local Area Network (LAN, i.e. for access to a printer). It’s extremely useful when diagnosing problems with networks.
In order to send a letter to your friend in the next town, or a country on the other side of the world the postal system requires an address which hones down through the address layers from country to house number to narrow down exactly where your friend lives and which post box the postman should drop the letter in. Digital Networks work in a similar way only rather than moving mail around they move digital data packets.
MAC addresses – The Media Access Control address identifies a single piece of hardware on the physical network and is a scheme with a long number designed to be globally unique. It’s set in the hardware at the point of manufacture. An example of a MAC address is 1A-2F-1D-9C-7A-3C (Layer 2).
IP address – The Internet Protocol address uniquely identifies all network interfaces that are typically endpoints on the Internet, or your own local IP based network (in an office). Within the local or global (Internet) address space the IP address must be unique, otherwise the IP routing protocol won’t know where to send the packet. An IP address will be mapped across to a physical MAC address as described above, the mapping is held in the routing tables of router hardware on the network. A sample IP address is 192.168.0.1 (Layer 4). Addresses are divided up into Class A, B and C each having a larger address space for larger organisations requirements. Small offices and domestic addresses are almost always Class C and the 192.168.0.nnn network is reserved for anyone to use on any small private network.
DNS name (and server) – Domain Name Server based addresses are just names, with dots to designate levels of uniqueness. We are all familiar with Internet domain names such as; www.cryopc.co.uk, the DNS name in this instance is the ‘cryopc’ element of the full address. DNS servers store all these hostnames and the IP addresses they map to.
Your home hub/router will usually have built in security features, including the following:
MAC identification – Using the MAC address of the hardware as a list of authorised hardware to access your network. Its a good basic precaution but unfortunately a dedicated hacker can spoof a known MAC address and gain access if they really want to. It just stops the opportunists.
WEP and WPA – Are the most widely available forms of wireless network encryption and security. Without the WEP or WPA keys your wireless network is unusable to outsiders. WEP is now considered quite weak as hackers have demonstrated ways of cracking it fairly quickly, and once cracked its no longer secure. WPA is the more secure system as it is harder to crack (has a much longer passphrase) and once cracked still only leaves a very small window of opportunity for exploitation as it derives a cipher for each packet that changes constantly. It utilises TLS encryption just like the Internet checkout padlock. Still the network is only ever as secure as the passphrase used to protect it, so pick an obscure one.
VPN, SSL/TLS and IPsec – Most of us don’t even know we are using these technologies but they all work in a similar way. They use sophisticated and robust encryption to ensure private information sent over a public network is not visible to snoopers. SSL/TLS is used most widely and you will recognise it as the checkout padlock, or encryption used when typing in credit card details when Internet shopping.
NAT – Network Address Translation isn’t really security at all but about economising on the rapidly diminishing availability of IPv4 addresses on the Internet, but it does shield your private network addresses from the outside by creating the impression to the internet that only a single address (your routers own public address) is accessing the Internet from your network. This means ad hoc access to your local network from the outside is much more difficult without internal network devices initiating a connection first (and thereby establishing a NAT translation).
Typical network devices
Segment – a segment isn’t really a device it’s a single network cable potentially connected to multiple machines, but sometimes only a single machine. It can be useful to think of it as a device in its own right as the cable itself imposes limits, resource demands and capabilities on the network.
Router – maps one address in one address space to another in another through routing tables and protocols stored on the device, usually in memory.
Hub / Switch – Most Hubs are known as switching hubs as each network port on the hub functions as its own segment of the LAN thus it’s able to utilise the full bandwidth of the link and not share it with everyone on the same LAN.
Firewall – Can be software or dedicated hardware based the latter widely being considered the best. Windows has a built in firewall and most home hub/routers also have them preconfigured and built-in. Firewall rules determine what traffic you want to let out, and into your network. Usually they are preconfigured to let out only connections initiated internally (to prevent ad hoc attacks) and to let back in only traffic on certain known safe ports such as those commonly used for the Internet, http and ftp. Games can sometimes have issues with firewalls as they will use other ad hoc ports. You will need to create custom rules to get around this problem.
Wireless Access Point – Wireless networks are effectively airborne segments of network. The access point serves as a point of access, and also secures the network as discussed in the above security section.
In a small network it often makes sense to combine many network devices into a single physical device. That’s why most small office routers also have a Firewall, Hub and Wireless Access point built in. However in a medium sized organisation or large enterprise single devices need to have more reliability, capacity and security and so tend to be dedicated devices to a single purpose. A firewall for example can cost US$100 with a hub and router built-in or for a government departmental web site it could cost US$40,000 as a single appliance.
Benefits of different types of Network
Cable based networking – 802.3 Ethernet, which typically supports 100Mbit/s (CAT5 cable) or 1Gbit/s (CAT5e cable) speeds and higher if you are reasonably up to date. Most network devices are backward compatible and will fallback to the speed of the slowest device in the network. Cable is the best for reliability an speed.
Wireless Networking – It is defined by the standard 802.11a, b, g, and n (at Draft 2.0 stage at the time of writing this article). Wireless offers flexibility, roaming, convenience but quality of reception can be very patch in large or complex buildings and this affects connectivity and connection speed. In addition to the standards MIMO (Multiple-Input Multiple-Output) uses multiple antennas to increase signal strength and quality, increasing range and available bandwidth.
Broadband, ADSL and Cable – all use local telephony cable and fibre optic trunks to provide homes and small businesses with relatively high speed Internet access. Each one uses a different technology standard for implementation and you must buy the correct router or modem.
Setting up your own home or small office network
Based on the information provided above you need to decide what you need. If you are starting with nothing then a good quality 802.11n combination router/hub device is the best solution. They are now more or less preconfigured out of the box and only require connecting to the Internet. Access to mobile devices, laptops and desktops can be provided by the Wi-Fi support or for fixed desktop by network switch port and cable.
Don’t forget to enable the WPA security with a good mixed alphanumeric and non-alphanumeric passphrase. For extra protection limit access to only device MAC addresses you know.
Troubleshooting my network
There are a number of low level tools that are very easy to use that help network engineers diagnose problems with your network. It pays dividends to get familiar with them for yourself. To use these tools in Windows run the command line interpreter cmd.exe (type in cmd after Start->Run), then simply type the command in.
ping – using a hostname or address it ‘bounces’ a network packet off the endpoint. Rather like a submarine using sonar, hence the name ‘ping’. It outputs status information to confirm whether it has been able to reach the endpoint or not and how long the roundtrip took.
ipconfig – reports all the network information for all of the network adapters on your PC including wireless, cable, MAC address (physical address), IP address, gateway address (router), subnet (class of address), hostnames, connection state etc.
tracert – reports the route through the network that a data packet will take to reach a host. It can help provide indications of why a connection might be slow or not working by indicating where it gets stuck in the network. Like ping it also reports time taken to travel the route.