Edward's CS Journey

Operational Security and Overall Class Reflection This week, we learned about operational security. Two types of operational security methods were discussed: firewalls and intrusion detection systems. Firewalls help filter out packets passing from the Internet to an internal network. They are designed to prevent denial of service attacks and illegal modifications of internal data and only allow authorized access to a network. This can help keep the untrusted packets out of an internal network and let the trusted packets in.  There are three types of firewalls. First, there is a firewall with stateless packet filtering. This firewall decides which packet to forward or drop based on information such as IP address, TCP/UDP port numbers, ICMP message types, and TCP SYN and ACK bits. The firewall can be set so that packets with given information can be evaluated based on rules, such as ACK =0, and can be blocked from entering the internal network.  Second, there is a firewall with ...

Link Layer This week, we learned about the link layer of the Internet Protocol Stack. The link layer transfers frames between nodes (routers and hosts) in a network. Communication is completed by connecting each node by a link. These links can be wired, wireless, or local area networks (LANs). To transfer datagrams received from the network layer above it, the link layer encapsulates a datagram in a frame before sending it to another node. This layer uses MAC addresses, which are stored in the frame headers, to identify the source and destination of the frame. The link layer transfers frames between nodes in a network. Switches can be used to store and forward frames to their intended destinations. To do so, a frame's MAC address is read and selectively forwarded to the appropriate outgoing, using point-to-point links to access a segment. Each switch has a switch forwarding table that maps the MAC address to the appropriate interface. Switches are self-learning and use flooding to ...

Network Layer: Control Plane This week, we learned more about the control plane and its role in the network layer. The control plane is in charge of determining the route a packet takes to get from the source to the destination. Two approaches are used to determine the routing path: per-router control and logically centralized control.  In a per-router control panel, the routers interact with each other to find a packet's routing path. Each router has a local forwarding table that contains output links for each packet. The router reads the packet header and determines which link to send the packet to. In a logically centralized control plane (software-defined network), a remote controller interacts with local control agents in routers. The controller communicates with local control agents to compute forwarding tables, which then determine the appropriate route for each packet using the packet's header bits.  A routing path needs to be "good" if it has certain characte...

Network Layer: Data Plane This week, we had an introduction to the network layer and learned about the data plane. The network layer has the responsibility of routing data from host to host via segments or packets. When sending data, segments are encapsulated into datagrams that hold the data, and the network adds header information to help with the routing process. Routers use the header information to keep the datagrams in order and determine their next hop. Receiving data is sent from the network to the transport layer and then to the appropriate application. In this process, the network is responsible for forwarding packets from one router to another until it reaches its destination and determining the route that needs to be taken to get packets from one place to its intended destination.  In the network layer, there are two planes: the data plane and the control plane. The data plane is local and functions in each router. When datagrams arrive at a router, the next port is det...

 Security In Computer Networks This week, we learned about security in computer networks. There are three principles of network security: confidentiality, authentication, and message integrity. Confidentiality involves ensuring that only the sender and receiver understand the message being sent. Authentication involves confirming the identity of both the sender and receiver. Message integrity involves ensuring that the message has not been altered while being transmitted or after it has been transmitted.  Confidentiality can be obtained by having the user and sender use the same symmetric keys to encrypt and decrypt the messages between them. A symmetric key is a key that both the sender and receiver agree upon. Currently, the Advanced Encryption Standard is used to create symmetric keys. Using this standard, we can process our data and message into 128-bit blocks and use 128, 192, or 256-bit keys to create our symmetric key.  When deciding on a key to use, the sender and...

 Transport Layer This week, we learned about the transport layer of a computer network. When a message is sent on the sender's side, it is broken up into segments and passed through the network layer. On the sender's side, a transport header is added to the segments, and the network sends the data to the receiver via sockets. The receiver then reassembles the message using the transport header information and passes it to the appropriate place in the application layer. This is called demultiplexing. Two transport protocols that can be used to send data through the Internet are the Transmission Control Protocol (TCP) and the User Datagram Protocol (UDP).  In TCP, there is one sender and one receiver. Data can flow in both directions on the same connection. This protocol involves a three-way handshake to start the connection. TCP sockets use four pieces of information to identify a segment: a source IP, a destination IP, a source port number, and a destination port number. ...