Week 10 Flashcards
When do Network Communications work badly?
Network Communication works badly if two or more computers send messages at
the same time.
When do Network Communications work well?
Network Communication work well if one computer sends a message at a time (for a limited period of time)
What are the 2 sorts of Multiple Access Protocol?
- Carrier sense, multiple access/ collision detection (CSMA/ CD), for wired networks, such as Ethernet
- Carrier sense, multiple access/ collision avoidance (CSMA/ CA), for wireless networks such as WiFi
What are the properties of a CSMA/ CD wired network?
All computers are attached to a shared cable - Multiple Access (MA)
Any computer may transmit if the cable is unused - Carrier Sense (CS)
What is the Collision Detection and Waiting Time of CSMA/CD?
While transmitting, a computer may detect that it is receiving a message - Collision Detection (CD)
After detecting a collision, a computer waits for a random interval (chosen from an exponentially-doubling range), and then tries again
What is Random Waiting Time of CSMA/CD?
By using random interval we avoid repeated collisions
What is Exponentially-Doubling Range of CSMA/CD?
An exponentially-doubling range enables computers to adapt to the network load
Why is CSMA/CD not used today?
Not used today because modern Ethernet variants avoid collisions by operating in full duplex mode
What are the properties of a CSMA/ CA wireless network?
All computers use a shared frequency - Multiple Access (MA)
Any computer may transmit if the frequency is clear - Carrier Sense (CS)
What is Collision Avoidance in CSMA/CA?
a computer finding the frequency clear, transmits after an instant
a computer finding the frequency busy counts down from a random value
(chosen from an exponentially-doubling range) while the channel is clear;
otherwise, the count is frozen — Collision Avoidance (CA)
a computer then transmits and (hopefully) receives an acknowledgement
What is the Hidden Node Problem?
A computer may be in range of the base station, but out of range of another
computer — the hidden node problem
How is the Hidden Node Problem Resolved?
The hidden node problem may be solved by reservation using ready to send and
clear to send messages
What are the 3 Collision-Free Protocols?
- Token Ring
- Bit-map Protocols
- Binary Countdown
What is Token Ring?
In a token ring wired network, a token continuously circulates, to which
messages may be attached, and from which they may be removed
What is Token Bus?
In a token bus, the token is passed around a virtual ring
What is Bit-Map Protocol?
In a bit-map protocol, host n may announce that it has a frame to send by
inserting a 1 bit into slot n
Following this, hosts begin to transmit frames in numerical order
What is Binary Countdown?
Hosts that wish to transmit broadcast their binary address. Hosts with ”1”s in
their address get priority. The winner of the bid gets to transmit a frame
What is the property of Network Gateways?
Modern networks have a single fortified point of entry/exit
What are the Firewall Characteristics?
A Firewall can:
restrict both incoming and outgoing traffic
use both positive and negative filters
consider both the payload and different TCP/IP headers
consider packets individually or as part of a flow
What are the Firewall Characteristics?
- packet-filtering firewalls
- stateful packet inspection firewalls
- application-level gateways
- circuit-level gateways
What are Packet-Filtering Firewalls?
A packet-filtering firewall filters individual packets on the basis of packet headers
(up to the transport layer) and packet payloads
What are examples of Packet-Filtering Firewalls?
- Port Numbers
- IP addresses
- Filetypes
- Malware Signatures
What is a Wildcard Mask?
A wildcard mask indicates which bits of an IP address a particular rule is
concerned with during IP address matching.
0: The corresponding bit must match
1: The corresponding bit does not matter
000101000000000100000001000000001
What are examples of Wildcard Masks?
Action IP address Wildcard Mask
Allow 20.1.1.1 0.0.255.255
means “allow all IP addresses of the form 20.1.x.y
Action IP address Wildcard Mask
Deny 20.2.1.1 0.0.0.255
means “deny all IP addresses of the form 20.2.1.z
What are Stateful Firewalls?
A stateful firewall reviews the same packet information as a packet filtering
firewall, but also filters packets on the basis of a directory of established
transport-layer connections
What are Stateful Firewalls?
A stateful firewall can track
TCP connections by looking for handshakes during connection start-up and
connection shutdown
UDP segments by tracking IP addresses and port numbers
What is the Application-Level Gateway?
An application-level gateway filters packets based on applications or certain
features of applications.
An application-level gateway sets up two TCP connections: one from the trusted
network to the firewall, and one from the firewall to the untrusted network
What is an example of an Application-Level Gateway?
An application-level gateway can be used as a web or e-mail gateway
What are Circuit-Level Gateways?
A circuit-level gateway determines which TCP connections will be allowed. Just
as the application-level gateway, a circuit-level gateway sets up two TCP
connections.
What are examples of Circuit-Level Gateways?
- The circuit-level gateway receives a TCP connection request from a trusted
client - The circuit-level gateway approves or denies the TCP connection based on
IP addresses, port numbers, user authentication, etc. - If the connection is approved, the circuit-level gateway establishes a second
TCP connection to the server on the client’s behalf - From this point on, the circuit-level gateway simply relays segments in the
TCP connection
What do Firewall Organisations include?
- Single firewall inline
- Double firewall inline
What is a Single Firewall Inline?
A single firewall inline puts a firewall between an external and internal router
What is a Double Firewall Inline?
A double firewall inline puts a demilitarized zone (DMZ) between an external
and internal firewall. The DMZ is a network for systems that must be externally
accessible (e.g., e-mail, DNS, web), but still need some protection
What are Virtual Private Network?
A virtual private network (VPN) uses encryption and authentication (provided
by, for example, IPsec) to provide a secure connection through an otherwise
insecure network, typically the Internet
What are the benefits of Virtual Private Networks?
A VPN can be used to bypass firewalls and other restrictions, and to increase
privacy and security
What are the limitations of Virtual Private Networks?
Using a VPN may result in a lower connection speed, blocks from certain
internet services, and resale of your data to third parties
