Candidates should be able to:
- explain the advantages of networking stand-alone computers into a local area network
- describe the hardware needed to connect stand-alone computers into a local area network, including hub/switches, wireless access points
- explain the different roles of computers in a client-server and a peer-to-peer network
- describe, using diagrams or otherwise, the ring, bus and star network topologies
- describe the differences between a local area network and a wide area network such as the Internet
- explain the terms IP addressing, MAC addressing, packet and protocols
- explain the need for security measures in networks, such as user access levels, suitable passwords and encryption techniques
- describe and justify network policies such as acceptable use, disaster recovery, failover, back up, archiving.
What is a Local Area Network (LAN)?
A Computer Network is a system of connected computers, peripherals and communication devices that can exchange data and share resources.
If the network is limited to a single building or group of buildings then it is described as a Local Area Network (LAN).
Computers in a LAN can be linked together directly but more commonly are linked through a hub or switch.
The network connections can be cable, fibre-optic, or wireless (infra-red, microwave or radio).
A router acts as an interface between networks, passing data packets back and forth between them.
What are the advantages of networking stand-alone computers into a LAN?
- Hardware such as printers can be shared by all the computers on the network.
- Some software and files such as databases can be shared by different users.
- Users can work together as networked computers can communicate with each other easily and quickly via email or internal messaging systems.
- An Internet connection can be shared.
- File storage facilities can be shared and files therefore accessed from any networked computer.
- Improved security as there is central control over user access, which programs, data and hardware users have access to.
- Files can easily be backed up centrally.
What hardware is needed to network stand-alone computers into a LAN?
- A network adapter such as a network interface card (NIC) is needed to connect computers and other peripherals to a network, either by cable or wirelessly. Each connected device is allocated an IP address to uniquely identify it on a TCP/IP network.
- Cabling is needed in a non-wireless network to connect the computers and peripherals together, either directly or through a hub/switch. Typically network cabling will be copper wiring or a mixture of this and fibre-optic cable. The amount of cabling needed depends on the network topology (the way computers and peripherals are physically connected together).
- A hub is used to link computers and peripherals together in a cabled network that uses a star network topology. A hub a junction box but does not manage any of the traffic that comes through it, any data packet entering any port is sent out to all the connected ports. This can result unnecessary data packet collisions which slow the network considerably as the amount of data traffic rises.
- A switch is used in the same way as a hub but the switch uses the IP address of the data packet to direct the data to the correct device, rather than being sent out to all the connected ports. This greatly reduces data packet collisions resulting in a faster network than the equivalent one using a hub.
- A wireless access point is a device that allows computers and printers etc. to connect to a wired network using radio waves rather than cabling, provided they are equipped with a wireless NIC. This allows a network to built with few or no cables and makes it simple to add further wireless devices.
What are the roles of the computers in client-server and peer-to-peer networks?
On a client-server network there are two types of computers with two distinct roles.
One or more server computers which have the role of:
- controlling access to shared files;
- installing software on the client computers;
- allowing the client computers to access networked printers and managing print queues;
- controlling client computer access to the Internet;
- controlling user access to the network by verifying usernames and passwords’
- controlling the levels of access to files and software once users have once logged onto the network;
- storing, delivering and sending email.
Multiple client computers (workstations) are then connected to the server computers. These are where the user actually works.
Some servers may have a more specialised role such as a print server, dedicated to controlling access to shared printers on the network and queuing print jobs in the order that they were sent by the users.
In a peer-to-peer network computers are simply linked together, either using cables and a hub or with a wireless conection.
All the computers in the network have equal status so there is no server controlling the network. Provided that sharing has been enabled, any computer on the network can access data from of any other computer and any computer on the network can use a printer connected to any other computer.
A peer-to-peer network will be cheaper to set up and, provided there are only a small number of computers, will be easier to manage than server based networks. However they are less secure and peer-to-peer networks are used mainly by home users and small companies who do not have the necessary technical staff to maintain a client-server network.
What are ring, bus and star network topologies?
A network topology is the name given to the way in which devices are physically connected in a network. There are three common network topologies: ring; line (bus) and star.
This is typically a peer-to-peer network. The devices are connected in a ring and data travels in one direction using a control signal called a ‘token’. To send data, a computer must wait for the token to reach it, attach the data to the token, and then return both to the network. When the token reaches the intended destination, the receiving device removes the data from the token and returns it to the network so the process can start again.
- Advantages: Not greatly affected by adding further devices or heavy network traffic as only the device with the ‘token’ can transmit data so there are no data collisions. Relatively cheap to install and expand.
- Disadvantages: Slower than a star topology under normal load. If the cable fails anywhere in the ring or any device fails then the whole network will fail because the token cannot be passed around the ring. This is the hardest topology to troubleshoot because of the difficulty of tracking down where in the ring the failure has occurred. It is inconvenient to modify or expand because to add or remove a device means the network has to be shut down temporarily. The special network interface cards needed to connect devices are expensive.
Bus (line) topology
This is typically a peer-to-peer network. Devices are connected to a main (bus) cable using special T-connectors. If data is being sent between devices then the other devices cannot transmit. The bus cable must have a terminator fitted at each end to prevent reflected signals
- Advantages: The simplest and cheapest to install and extend. Well suited for temporary networks with not many devices. Very flexible as devices can be attached or detached without disturbing the rest of the network. Failure of one device does not affect the rest of the bus network. Simpler than a ring topology to troubleshoot if there is a cable failure because sections can be isolated and tested independently.
- Disadvantages: The bus cable has a limited length and if it fails then the whole network will fail. Performance of the network slows down rapidly with more devices or heavy network traffic as data cannot be transmitted while the bus is in use by other devices. Slower than a ring network.
This is typically a client-server network. A central computer (server) is connected to the other devices either through a switch or hub.
- Advantages: The most reliable because the failure of one device does not affect other devices. Simple to troubleshoot because only one device is affected by a cable break between the switch and the device. Adding further devices does not greatly affect performance because the data does not pass through unnecessary devices. Easy to add extra devices by plugging their cables into the hub/switch.
- Disadvantages: Uses the most cable which makes it more expensive to install than the other two topologies. The extra hardware required such as hubs/switches further increases the cost. If the hub/switch fails then the whole network will fail. When used as a client-server network then the whole network will fail if the cable link between the server and the hub/switch switch fails.
Network topology summary
|Performance with few devices or low network traffic||Medium||Slow||Fast|
|Change in performance with many devices or high network traffic||Most affected||Least affected||Some effect but the switch/hub can be upgraded easily|
|Ease of troubleshooting (compared to other topologies)||Fairly easy||Hard||Easy|
|Cost of installation (compared to other topologies)||Low||High||High|
|Ease of setting up and modifying (compared to other topologies)||Easy to set up and modify||Easy to set up but harder to modify||Easy to set up and modify|
|Problems to the network caused by cable or device failure||Failure of the bus cable causes total failure. Failure of a PC has no affect.||Cable or PC failure causes total network failure.||Failure of the cable to the client PC only affects that PC. Failure of the hub/switch or the server causes total network failure.|
What is a Wide Area Network (WAN)?
A WAN covers a much larger geographical area than a LAN. The largest WAN is the Internet itself as it is a global network of linked computers and LANS.
Smaller examples of a WAN would include a national ATM network used by a bank to allow customers to access cash. Many supermarkets and other large companies operate their own national WANs.
What do the terms IP addressing, MAC addressing, packet and protocols mean?
An Internet Protocol (IP) address is a unique address number that is allocated to devices on a computer network that uses the Internet Protocol.
Each address has to be unique as it is used to identify a particular device on a network, allowing data to be sent to the correct device and returned to the device that requested it.
The old IPv4 IP address system uses 32-bit numbers but for our convenience they are usually displayed as a series of 4 decimal numbers, each one representing 8 bits of the original binary address.
- Binary version (32-bit): 11001001010000001011011011111111
- Decimal version: 220.127.116.11
The new IPv6 IP address system uses 128-bit numbers but for our convenience they are usually displayed as a series of 8 hexadecimal numbers, each one representing 16 bits of the original binary address.
- Binary version (128-bit):
- Hexadecimal version:
An IP address can be private, (for use on a LAN) or public (for use on the Internet or another WAN). The IP address allocated to a device on a network can be static (assigned by a system administrator) or dynamic, (assigned by another device on the network and different each time the connection is made). The latter is more efficient as a network administrator does not need to keep track of all the addresses used.
In computer networking, a Media Access Control address (MAC address) is a unique 48-bit number assigned by the manufacturer to any hardware device used to connect to a network.
Network hardware such as a switch can then use the MAC address to direct network packets efficiently to just that device. MAC addresses are therefore limited to being used on a LAN.
Because they are so long, MAC addresses are usually displayed as 8 hexadecimal numbers, for example 00-0C-E7-5D-A8-AD.
Another use for the MAC address is as a security feature on cabled and wireless systems, only allowing computers with authorised MAC addresses to have access to the network. This works by inspecting the data packet that is sent from a computer to see if its MAC address matches one of the approved ones in a a stored table.
Modern computer networks, including the Internet, carry data by breaking it down into a series of distinct units called data packets, rather than sending it as a continuous stream of data. A typical data packet might contain 1,000 to 1,500 bytes and has two parts:
- The payload – this is the user data that is to be delivered.
- The header – this is the control data attached to the payload to ensure that it is delivered correctly. It will therefore include:
- The source and destination addresses;
- Error checking data such as checksums;
- The packet sequence number, so it can be reassembled in the correct order.
In complex networks such as the Internet, a series of packets sent from one computer to another may follow different routes to reach the same destination and may arrive out of order. This technology is called packet switching and makes the network more efficient because the network can balance the load across various pieces of equipment and if there is a problem with one piece of equipment in the network then packets can be routed around it.
Warriors of The Net – A 13 minute animation explaining the way IP packets flow on the Internet and Local Area Networks. This movie is made available by Ericsson Medialab at http://www.warriorsofthe.net/ with permission to mirror.
A communications protocol is a description of the format that digital data has to be in and the rules for hardware/software to communicate that data.
The protocol may also define how devices authenticate themselves and may define how error checking and correction takes place.
Examples include the Internet Protocol Suite, the set of communications protocols used for the Internet and similar networks. It is commonly also known as TCP/IP, named from two of the most important protocols in it:
- The Internet Protocol (IP) – used to route data packets between networks and over the Internet.
- The Transmission Control Protocol (TCP) – used to exchange data directly between two networked computers.
Some other common Internet Protocols:
- HTTP (HyperText transfer Protocol): used on the World Wide Web for transferring web pages and files contained in web pages such as images;
- FTP (File Transfer protocol): employed for transferring files from one computer to another.
- SMTP (Simple Mail Transport Protocol): used for email;
- UDP (User Datagram Protocol): a simpler transmission model than TCP, leaving checks for reliability, ordering, or data integrity to the applications exchanging the data. This increases the speed data is exchanged making it more suitable for real-time systems, streaming media, Voice over IP (VoIP) and many online games;
- TLS/SSL (Transport Layer Security / Secure Sockets Layer): Encryption protocols used with secure communications over the Internet.
What security measures are needed in networks?
A network needs security to prevent unauthorised access to the information stored on the network and unauthorised access to hardware managed by the network.
Network security techniques
- User access levels: most network security involves users having different levels of user access to the network. The network manager will have full access to all the hardware and software on the network but other users may be restricted to certain areas of the network, only have READ access to files or be unable to install new software and hardware.
This user access is controlled by the user having to log onto the network with a unique username which is then associated with a particular set of permissions.
- Suitable passwords: a password is used in combination with the username to prevent unauthorised access to a network. A suitable (strong) should ideally not be a dictionary word and should include a mixture of upper-case and lower-case letters, numbers and even symbols so it is unlikely to be guessed. Many network authentication systems will require users to regularly change their passwords and block the use of previous passwords. Stored passwords on the network should be encrypted.
- Access restrictions: users can only log in during certain hours of the day and from certain computers.
Encryption: files can be encrypted making the data meaningless without the correct numerical key to decrypt it. Network data can also be encrypted incase it is intercepted. This is particularly important with wireless networks and sensitive data such as online financial transactions.
Physical security: CCTV, door locks, laptop lock-down cables and swipe-card systems etc. can be used to physically restrict access to networked computers. USB ports and floppy disk / optical media drives can be removed or disabled to stop file copying.
- Firewall: this can be a device or be software-based. Its purpose is to control network transmissions between networks. It is commonly used to block unauthorised access hacking) to a network from the Internet, while allowing legitimate network traffic through.
- Antivirus software: Many viruses are designed to bypass security systems and having up-to-date antivirus software installed will reduce this risk.
- Proxy server: this can be a device or be software-based and uses a set of rules to check that the file, connection or web page the user requests is acceptable. It can filter network traffic by IP address or protocol. If the request is valid then the proxy server makes the connection on behalf of the user.
- WiFi access restrictions should be in place to allow only legitimate computers to connect to the network. All data transmitted over WiFi should be encrypted using the highest level available.
- Filtering: certain websites can be blocked by filtering. However, this only increases security if the sites are known security risks, for example they distribute viruses.
What examples are there of network policies?
Acceptable use policy
Description: An acceptable use policy (AUP) is a set of rules an employee will usually sign as part of their contract. The rules are designed to ensure the employee is aware of:
- the restrictions on the ways in which the computer network or computer system can be used
- how to reduce the risk of data being corrupted
- how to abide by data protection legislation
- the importance of not passing data to third parties
- the expected standards of behaviour whilst connected to the network or computer system
- the sanctions will be applied if the user breaks the AUP rules
A typical AUP would therefore include rules such as:
- Secure personal information should not be revealed
- Secure information on the network should not be revealed
- Email should not:
- be used to send unsolicited email
- contain offensive language or defame anyone
- meet acceptable standards on sexism, racism etc.
- contain offensive attachments
- The network should not be used for personal gain
- Software should not be downloaded by the user
Justification: It is impossible to control everything a user does when they have access to a network or computer system. By signing an AUP the user accepts that they are personally responsible for their actions, rather than just the managers of the network or computer system. They are aware in advance of the sanctions if the rules of the AUP are broken.
Disaster recovery policy
Description: A disaster recovery policy aims to reduce the risk, quickly detect the problem and then minimise the impact of a natural or man-made disaster on a network or computer system.
Such a policy will identify the staff, procedures, hardware and software requirements involved in reducing the initial risk then. in the event of a disaster, restoring the network or computer system as rapidly as possible to the pre-disaster status.
A disaster recovery policy can cover:
- What staff are responsible for what actions if different types of disaster occur
- Automatic shut down systems
- Uninterruptible power supplies (UPS) or backup generators
- Power-surge protection systems
- Intruder, flood, earthquake and fire alarms
- Fire control systems
- Anti-virus, anti-spyware and firewall systems
- Software to log access and warn of suspicious activity
- Off-site and local backup systems
- Data replication and failover systems
Justification: Network and computer systems are increasingly critical to the operation of modern companies and the economy. Having a disaster policy in place reduces the risk or impact of some types of disaster and increases the chances of such systems recovering rapidly from any disaster that does occur. It is important to realise that hardware and staff can be replaced relatively easily but many companies would not recover from a major loss of their business data.
Description: Failover is the capability to switch automatically to a standby network or computer system if there is a failure in the primary computer system. Failover generally happens without any human intervention and users may be transferred to the standby system without even being aware that there was a problem with the primary system.
Justification: Although expensive, having a failover policy means that vital network or computer systems can be continuously available with a high degree of reliability.
Description: Making a backup is the process of making a copy of important computer files that can be used to restore the originals if they are deleted or corrupted. Backup files can also be used to restore files to earlier versions if there are problems with upgraded versions. Many computer systems will automatically backup files, either to local storage media such as DAT tape or to an online server in a different geographical location.
Justification: The considerable storage requirements, as well as the organisation and management of this storage space, make the backup of a network or computer system a complicated undertaking. However this can be justified by the fact that many networks or computer systems would be unable to operate if deleted or corrupted files could not be recovered.
Description: Archiving computer files means that the files are no longer in active use and are moved to somewhere where they can still be accessed if needed. An archived file is therefore the original file, not a backup. Archived files are often compressed as ZIP files to save storage space and are often stored on high capacity removable media.
Justification: If inactive files are not archived then they can cause confusion with active files, as well as using network and computer system resources. Having a network policy that will either automatically or manually archive files avoids this (usually after a set period of time or on a set date such as the end of a financial year).
Network construction simulation – a simulation that lets you build and test the performance of a virtual star LAN and link it to the Internet.