1

INTRODUCTION

1.1

Airports Authority of India

Airport Authority of India came into being on April 1995 by merging the International Airports Authority of India and the National Airports Authority. The Airports Authority of India (AAI) was formed with the view to accelerate the integrated development, expansion and modernization of the operational, terminal and cargo facilities at the airports in the country conforming to the international standards.

1.1.1 Company profile The government owned Airports Authority of India (AAI) operates 125 airports and civil enclaves out of a total of 449 airports and airstrips located throughout India. The cities of Bengaluru, Delhi, Hyderabad, Kochi and Mumbai are served by privately (or joint-venture) operated airports. All operational airports handled a total of 123.8 million passengers (89.4 m domestic and 34.4 m international) in the year ended March 2010. The total number of aircraft movements amounted to 1.31 million and freight volumes was at 1.7 million tons in 2008-09. A large pool of trained and highly skilled manpower is one of the major assets of Airports Authority of India. Improvement of passenger facilities is a continuous process. AAI has to cater to very of facilities are available at other international airports in the world.

In Airports Authority of India, the basic approach to planning of airport facilities has been to create capacity ahead of demand. In our efforts towards implementation of the strategy, a number of projects for extension and strengthening of runway, taxi track and aprons at different airports has been taken up. In tune with global approach to modernization of Air Navigation infrastructure, AAI has been going ahead with its plans for transition to satellite based Communication, Navigation, Surveillance and Air Traffic Management. The continuing security environment has brought into focus the need for strengthening security of vital installations. With in this view, a number of steps were taken including induction of CISF for airport security, CCTV surveillance system at sensitive airports, latest and state-of-the-art X-Ray baggage inspection systems. Information Technology holds the key to operational and managerial efficiency transparency and employee productivity. AAI initiated a programme to inculcate IT culture among its employees and this most powerful tool to enhance efficiency in the organization. AAI website with domain name www.airportsindia.org.in or www.aai.aero is a popular website giving a host of information. 1.1.2 Functions of AAI Control and management of the Indian airspace extending beyond the territorial limits of the country, as accepted by ICAO. Design, development, operation and maintenance of international and domestic Airports and civil enclaves. Construction, modification and management of passenger terminal. Development and management at cargo terminals at international and domestic airports. Provision of passenger facilities and information system at the passenger terminals at airports. Expansion and strengthening of operation area viz. runways, aprons, taxiway etc. 2

Provision of visual aids. Provision of communication and navigational aids viz. ILS, DVOR, DME, Radar, etc.

1.2 Integrated Cargo Management System

AAI, being custodian of cargo terminals at various Airports, needs interaction with different agencies like Customs, Airlines, Banks, Cargo Clearing / Handling Agents and other trade partners for clearing/disposing the import/export cargo. To eliminate paper-based process, AAI has completed in-house computerization (ICMS) at cargo terminals of all the four metro airports. Hard patch EDI connectivity from ICMS to Customs computer systems have been provided at Delhi, whereas at other locations, the work for similar connectivity is in progress. AAI now proposes to provide EDI connectivity to other trade partners e.g. Airlines, banks, cargo clearing/handling agents etc. through Web. The proposed Web set-up shall integrate the ICMS installed at four airports namely Delhi, Mumbai, Chennai and Kolkata with Web servers to be positioned at AAI Operational Offices, Gurgaon Road, New Delhi This software also has features like Export Import Disposal Transshipment

The platform at which this application is running is: SCO/Aix- Operation System Oracle 8i Database Eliminating of labor intensive tasks such as data entry resulting in greater productivity.

1.2.1 Web EDI Electronic data interchange (EDI) is the electronic movement of data between or within organizations in a structured, computer-retrievable data format that permits information to be transferred from a computer program in one location to a computer program in another location without rekeying. EDI includes the direct transmission of data between locations; transmission using an intermediary such as a communication network; and the exchange of computer tapes, disks, or other digital storage devices. In many cases, content-related error checking and some degree of processing of the information are also involved. EDI differs from electronic mail in that an actual transaction is transmitted electronically, rather than a simple message consisting primarily of text. Benefits of EDI "EDI saves money and time because transactions can be transmitted from one information system to another through a telecommunications network, eliminating the printing and handling of paper at one end and the inputting of data at the other.EDI may also provide strategic benefits by helping a firm 'lock in' customers, making it easier for customers or distributors to order from them rather than from competitors." EDI was developed to solve the problems inherent in paper-based transaction processing and in other forms of electronic communication. In solving these problems, EDI is a tool that enables organizations to reengineer information flows and business processes. It directly addresses several problems long associated with paper-based transaction systems:

Time delaysPaper documents may take days to transport from one location to another, while manual processing methodologies necessitate steps like keying and filing that are rendered unnecessary through EDI.

Labor costsIn non-EDI systems, manual processing is required for data keying, document storage and retrieval, sorting, matching, reconciling, envelope stuffing, stamping, signing, etc. While automated equipment can help with some of these processes, most managers will agree that labor costs for document processing represent a significant proportion of their overhead.

In general, labor-based processes are much more expensive in the long term EDI alternatives.

AccuracyEDI systems are more accurate than their manual processing counterparts because there are fewer points at which errors can be introduced into the system.

Information AccessEDI systems permit myriad users access to a vast amount of detailed transaction data in a timely fashion. In a non-EDI environment, in which information is held in offices and file cabinets, such dissemination of information is possible only with great effort, and it cannot hope to match an EDI system's timeliness. Because EDI data is already in computer-retrievable form, it is subject to automated processing and analysis. It also requires far less storage space.

EDI at AAI AAI is having EDI working independently at all Cargo locations. But the information available at any particular cargo Terminals is of itself only. Every Cargo terminal is maintaining its own database. Due to this decentralization of database, to track any transaction it required a manual transfer of documents; i.e. sending/ receiving of documents. This procedure not only incorporates delays but it is time consuming also and hence is not an efficient method. In order to overcome this problem, AAI decided to prepare a hub so as to connect all these locations and to give access to their users / clients online. This WEB EDI enables the users to track their transaction round the clock at their will. The Trade partners connect to AAI web site through ISDN/ Leased Line Internet connection. Web Server depending on transactional requirements diverts the call to Message Exchange Server connected with database server of requested Cargo location. Message thereafter is exchanged between AAI and Trade partners. EDI web setup functions automatically without any human intervention for EDI connectivity between AAI and ICMS Cargo.

1.2.2 Net-Transaction Hub Net- Transaction Hub (NT-HUB) is responsible for all the cargo tracking. This system is situated at the Operational Offices of the Airport Authority of India, New Delhi, connecting the three airports of Delhi, Kolkata and Chennai. nT-HUB has solved many problems which the customers faced over the years such as: Customers had to wait long queues just to get information about the status of their cargo. There was unnecessary wastage of time and energy in transportation to the enquiry counter. Customers opt for middleman to enquire about the status of their cargo thus adding unnecessary expenses. Customers in the remote parts of the country are unable to enquire about their cargos. In order to solve these problems nT-Hub has been set-up which handles an interactive website i.e. www.airports-ecom.gov.in from where the status of the cargo to the three metropolitans can be done only by the cargo handling or the import/export agencies.

THEORETICAL BACKGROUND

2.1 Computer Networks A group of computers and peripherals devices connected to the communication lines which are capable of sharing files and other resources between several users is called computer network. The three basic types of networks include:

Local Area Network (LAN) Metropolitan Area Network (MAN) Wide Area Network (WAN)

Local Area Network A Local Area Network (LAN) is a network that is confined to a relatively small area. It is generally limited to a geographic area such as a writing lab, school, or building. Rarely are LAN computers more than a mile apart. In a typical LAN configuration, one computer is designated as the file server. It stores all of the software that controls the network, as well as the software that can be shared by the computers attached to the network. Computers connected to the file server are called workstations. The workstations can be less powerful than the file server, and they may have additional software on their hard drives. On most LANs, cables are used to connect the network interface cards in each computer. Metropolitan Area Network A Metropolitan area network (MAN) is a network that interconnects users with computer resources in a geographic area or region larger than that covered by even a large local area network (LAN) but smaller than the area covered by a wide area network (WAN). The term is applied to the interconnection of networks in a city into a single larger network (which may then also offer efficient connection to a wide area network). It is also used to mean the interconnection of several local area 7

networks by bridging them with backbone lines. The latter usage is also sometimes referred to as a campus network. Wide Area Network Wide Area Networks (WANs) connect larger geographic areas, such as Florida, the United States, or the world. Dedicated transoceanic cabling or satellite uplinks may be used to connect this type of network. Using a WAN, schools in Florida can communicate with places like Tokyo in a matter of minutes, without paying enormous phone bills. A WAN is complicated. It uses multiplexers to connect local and metropolitan networks to global communications networks like the Internet. To users, however, a WAN will not appear to be much different than a LAN or a MAN.

2.2 Network Topologies

Some of the most common topologies in use today include: Bus Each node is daisy-chained (connected one right after the other) along the same backbone, similar to Christmas lights. Information sent from a node travels along the backbone until it reaches its destination node. Each end of a bus network must be terminated with a resistor to keep the signal that is sent by a node across the network from bouncing back when it reaches the end of the cable. Advantages: o Simple control of traffic flow. o Failure of a node does not affect the network. Disadvantages: o If the transmission channel fails the entire network fails.

Figure 2.1 Bus network topology

Ring Like a bus network, rings have the nodes daisy-chained. The difference is that the end of the network comes back around to the first node, creating a complete circuit. In a ring network, each node takes a turn sending and receiving information through the use of a token. The token, along with any data, is sent from the first node to the second node, which extracts the data addressed to it and adds any data it wishes to send. Then, the second node passes the token and data to the third node, and so on until it comes back around to the first node again. Only the node with the token is allowed to send data. All other nodes must wait for the token to come to them. Advantages: There is no need of a central computer. It is more reliable than star network.

Disadvantages: Communication delay is directly proportional to number of nodes in the network

Figure 2.2 Ring network topology Star In a star network, each node is connected to a central device called a hub. The hub takes a signal that comes from any node and passes it along to all the other nodes in the network. A hub does not perform any type of filtering or routing of the data. It is simply a junction that joins all the different nodes together. Advantages: o o Star network needs minimal line cost because for connecting n nodes Fault isolation and traffic flow is simple. it requires only one line.

Disadvantages: o The entire network depends on central computer so if it fails the entire network fails.

Figure 2.3 Star network topology

Star bus 10

Probably the most common network topology in use today, star bus combines elements of the star and bus topologies to create a versatile network environment. Nodes in particular areas are connected to hubs (creating stars), and the hubs are connected together along the network backbone (like a bus network). Quite often, stars are nested within stars, as seen in the example below:

Figure 2.4 A typical star bus network

2.3 Network model

The OSI, or Open System Interconnection, model defines a networking framework for implementing protocols in seven layers. Control is passed from one layer to the next, starting at the application layer in one station, and proceeding to the bottom layer, over the channel to the next station and back up the hierarchy.

11

Figure 2.5 OSI network model Application (Layer 7) This layer supports application and end-user processes. Communication partners are identified, quality of service is identified, user authentication and privacy are considered, and any constraints on data syntax are identified. Everything at this layer is application-specific. This layer provides application services for file transfers, email, and other network software services. Telnet and FTP are applications that exist entirely in the application level. Tiered application architectures are part of this layer. Presentation (Layer 6) This layer provides independence from differences in data representation (e.g., encryption) by translating from application to network format, and vice versa. The presentation layer works to transform data into the form that the application layer can 12

accept. This layer formats and encrypts data to be sent across a network, providing freedom from compatibility problems. It is sometimes called the syntax layer. Session (Layer 5) This layer establishes, manages and terminates connections between applications. The session layer sets up, coordinates, and terminates conversations, exchanges, and dialogues between the applications at each end. It deals with session and connection coordination. Transport (Layer 4) This layer provides transparent transfer of data between end systems, or hosts, and is responsible for end-to-end error recovery and flow control. It ensures complete data transfer. Network (Layer 3) This layer provides switching and routing technologies, creating logical paths, known as virtual circuits, for transmitting data from node to node. Routing and forwarding are functions of this layer, as well as addressing, internetworking, error handling, congestion control and packet sequencing. Data Link (Layer 2) At this layer, data packets are encoded and decoded into bits. It furnishes transmission protocol knowledge and management and handles errors in the physical layer, flow control and frame synchronization. The data link layer is divided into two sub layers: The Media Access Control (MAC) layer and the Logical Link Control (LLC) layer. The MAC sub layer controls how a computer on the network gains access to the data and permission to transmit it. The LLC layer controls frame synchronization, flow control and error checking.

13

Physical (Layer 1) This layer conveys the bit stream - electrical impulse, light or radio signal -- through the network at the electrical and mechanical level. It provides the hardware means of sending and receiving data on a carrier, including defining cables, cards and physical aspects. Fast Ethernet, RS232, and ATM are protocols with physical layer components.

2.4 Computing Structures

Peer-to-peer (P2P) Peer-to-peer (P2P) computing or networking is a distributed application architecture that partitions tasks or workloads between peers. Peers are equally privileged, equipotent participants in the application. They are said to form a peer-to-peer network of nodes. Peers make a portion of their resources, such as processing power, disk storage or network bandwidth, directly available to other network participants, without the need for central coordination by servers or stable hosts.[1] Peers are both suppliers and consumers of resources, in contrast to the traditional clientserver model where only servers supply (send), and clients consume (receive).

Figure 2.6 Peer-to-peer model 14

Client server model The clientserver model of computing is a distributed application structure that partitions tasks or workloads between the providers of a resource or service, called servers, and service requesters, called clients. Often clients and servers communicate over a computer network on separate hardware, but both client and server may reside in the same system. A server machine is a host that is running one or more server programs which share their resources with clients. A client does not share any of its resources, but requests a server's content or service function. Clients therefore initiate communication sessions with servers which await incoming requests.

Figure 2.7 Client server model

2.5 Network devices

Computer networking devices are units that mediate data in a computer network. Computer networking devices are also called network equipment, Intermediate Systems (IS) or Inter Working Unit (IWU). Units which are the last receiver or generate data are called hosts or data terminal equipment. 2.5.1 Routing devices These devices or network equipments are responsible for connecting different networks and network terminals. Common network devices are:-

15

Router A router is a device that forwards data packets between telecommunications networks, creating an overlay internetwork. A router is connected to two or more data lines from different networks. When data comes in on one of the lines, the router reads the address information in the packet to determine its ultimate destination. Then, using information in its routing table or routing policy, it directs the packet to the next network on its journey or drops the packet. A data packet is typically forwarded from one router to another through networks that constitute the internetwork until it gets to its destination node. Bridges A network bridge connects multiple network segments at the data link layer (Layer 2) of the OSI model. In Ethernet networks, the term bridge formally means a device that behaves according to the IEEE 802.1D standard. A bridge and a switch are very much alike; a switch being a bridge with numerous ports. Switch or Layer 2 switch is often used interchangeably with bridge. Bridges are similar to repeaters or network hubs, devices that connect network segments at the physical layer (Layer 1) of the OSI model; however, with bridging, traffic from one network is managed rather than simply rebroadcast to adjacent network segments. Bridges are more complex than hubs or repeaters. Bridges can analyze incoming data packets to determine if the bridge is able to send the given packet to another segment of the network. Switch A network switch or switching hub is a computer networking device that connects network segments. The term commonly refers to a multi-port network bridge that processes and routes data at the data link layer (layer 2) of the OSI model. Switches that additionally process data at the network layer (Layer 3) and above are often referred to as Layer 3 switches or multilayer switches.

16

Hub An Ethernet hub, active hub, network hub, repeater hub or hub is a device for connecting multiple twisted pair or fiber optic Ethernet devices together and making them act as a single network segment. Hubs work at the physical layer (layer 1) of the OSI model.[1] The device is a form of multiport repeater. Repeater hubs also participate in collision detection, forwarding a jam signal to all ports if it detects a collision. Repeater A repeater is an electronic device that receives a signal and retransmits it at a higher level and/or higher power, or onto the other side of an obstruction, so that the signal can cover longer distances. Network card A network interface controller (also known as a network interface card, network adapter, LAN adapter and by similar terms) is a computer hardware component that connects a computer to a computer network. Whereas network interface controllers were commonly implemented on expansion cards that plug into a computer bus, the low cost and ubiquity of the Ethernet standard means that most newer computers have a network interface built into the motherboard. Modem A modem (modulator-demodulator) is a device that modulates an analog carrier signal to encode digital information, and also demodulates such a carrier signal to decode the transmitted information. The goal is to produce a signal that can be transmitted easily and decoded to reproduce the original digital data. Modems can be used over any means of transmitting analog signals, from light emitting diodes to radio. The most familiar example is a voice band modem that turns the digital data of a personal computer into modulated electrical signals in the voice frequency range of

17

a telephone channel. These signals can be transmitted over telephone lines and demodulated by another modem at the receiver side to recover the digital data. ISDN terminal adapter In ISDN terminology, a terminal adapter or TA is a device that connects a terminal (computer) to the ISDN network. The TA therefore fulfills a similar function to the ones a modem has on the POTS network, and is therefore sometimes called an ISDN modem. The latter term, however, is partially misleading as there is no modulation or demodulation performed. 2.5.2 Cabling Cable is the medium through which information usually moves from one network device to another. There are several types of cable which are commonly used with LANs. In some cases, a network will utilize only one type of cable, other networks will use a variety of cable types. The type of cable chosen for a network is related to the network's topology, protocol, and size. Understanding the characteristics of different types of cable and how they relate to other aspects of a network is necessary for the development of a successful network. Unshielded Twisted Pair (UTP) Cable Twisted pair cabling comes in two varieties: shielded and unshielded. Unshielded twisted pair (UTP) is the most popular and is generally the best option for school networks

Figure 2.8 Unshielded twisted pair

18

The quality of UTP may vary from telephone-grade wire to extremely high-speed cable. The cable has four pairs of wires inside the jacket. Each pair is twisted with a different number of twists per inch to help eliminate interference from adjacent pairs and other electrical devices. The tighter the twisting, the higher the supported transmission rate and the greater the cost per foot. The EIA/TIA (Electronic Industry Association/Telecommunication Industry Association) has established standards of UTP and rated six categories of wire (additional categories are emerging).

Table 2.1 Categories of Unshielded Twisted Pair Category 1 Mbps 4 Mbps 16 Mbps 20 Mbps 100 Mbps (2 pair) 1000 Mbps (4 pair) 1,000 Mbps 10,000 Mbps Speed Use Voice Only (Telephone Wire) Local Talk & Telephone (Rarely used) 10BaseT Ethernet Token Ring (Rarely used) 100BaseT Ethernet Gigabit Ethernet Gigabit Ethernet Gigabit Ethernet

Unshielded Twisted Pair Connector The standard connector for unshielded twisted pair cabling is an RJ-45 connector. This is a plastic connector that looks like a large telephone-style connector (See fig. 2). A slot allows the RJ-45 to be inserted only one way. RJ stands for Registered Jack, implying that the connector follows a standard borrowed from the telephone industry. This standard designates which wire goes with each pin inside the connector.

19

Figure 2.9 RJ-45 connector Shielded Twisted Pair (STP) Cable Although UTP cable is the least expensive cable, it may be susceptible to radio and electrical frequency interference (it should not be too close to electric motors, fluorescent lights, etc.). If you must place cable in environments with lots of potential interference, or if you must place cable in extremely sensitive environments that may be susceptible to the electrical current in the UTP, shielded twisted pair may be the solution. Shielded cables can also help to extend the maximum distance of the cables. Shielded twisted pair cable is available in three different configurations: 1. Each pair of wires is individually shielded with foil. 2. There is a foil or braid shield inside the jacket covering all wires (as a group). 3. There is a shield around each individual pair, as well as around the entire group of wires (referred to as double shield twisted pair). Fiber Optic Cable Fiber optic cabling consists of a center glass core surrounded by several layers of protective materials (See fig. 5). It transmits light rather than electronic signals eliminating the problem of electrical interference. This makes it ideal for certain environments that contain a large amount of electrical interference. It has also made it the standard for connecting networks between Fiber optic cable has the ability to transmit signals over much longer distances than coaxial and twisted pair. It also has the capability to carry information at vastly greater speeds. This capacity broadens communication possibilities to include 20

services such as video conferencing and interactive services. The cost of fiber optic cabling is comparable to copper cabling; however, it is The center core of fiber cables is made from glass or plastic fibers (see fig 5). A plastic coating then cushions the fiber center, and kevlar fibers help to strengthen the cables and prevent breakage. The outer insulating jacket made of teflon or PVC.

Figure 2.10 Fiber optic cable There are two common types of fiber cables -- single mode and multimode. Multimode cable has a larger diameter; however, both cables provide high bandwidth at high speeds. Single mode can provide more distance, but it is more expensive.

2.6 Connectivity
The private network needs to be connected to the internet and other company offices. The connectivity is established through :1. Leased Lines 2. ISDN 2.6.1 Leased Line A permanent telephone connection between two points set up by a

telecommunications common carrier. Typically, leased lines are used by businesses to connect geographically distant offices. Unlike normal dial-up connections, a leased line is always active. The fee for the connection is a fixed monthly rate. The primary factors affecting the monthly fee are distance between end points and the

21

speed of the circuit. Because the connection doesn't carry anybody else's communications, the carrier can assure a given level of quality. For example, a T-1 channel is a type of leased line that provides a maximum transmission speed of 1.544 Mbps. You can divide the connection into different lines for data and voice communication or use the channel for one high speed data circuit. Dividing the connection is called multiplexing. Increasingly, leased lines are being used by companies, and even individuals, for Internet access because they afford faster data transfer rates and are cost-effective if the Internet is used heavily.

2.6.2 ISDN (Integrated Services Digital Network) An international standard for switched, digital dial-up telephone service for voice and data. Analog telephones and fax machines are used over ISDN lines, but their signals are converted into digital by the ISDN terminal adapter. Although announced in the early 1980s, it took more than a decade before ISDN became widely available. It enjoyed a surge of growth in the early days of the Internet, because it provided the only higher-speed alternative to analog modems in many areas. Still working in many behind-the-scenes applications, ISDN is rarely used for Internet access.

2.6.3 VPN A virtual private network (VPN) is a private communications network usually used within a company, or by several different companies or organizations, to communicate over a public network. VPN message traffic is carried on public networking infrastructure (e.g. the Internet) using standard (often insecure) protocols, or over a service provider's network providing VPN service guarded by well-defined Service Level Agreement (SLA) between the VPN customer and the VPN service provider. There are three types of VPN: 22

Intranet VPNs allow private network to be extended across the Internet or the other public network service in a secure way. Intranet VPNs are sometimes referred to as site to site or LAN to LAN. Remote Access VPNs allow individual dial-up users to connect to a central site across the internet or other public service in a secure way. Remote access VPNs are sometimes referred to as dial VPNs. Extranet VPNs allow secure connections with business partners, suppliers and customers for the purpose of e-commerce. Extranet VPNs are an extension of intranet VPNs with the addition of firewalls to protect the internet network.

2.7 Protocols
A network protocol defines rules and conventions for communication between network devices. Protocols for computer networking all generally use packet switching techniques to send and receive messages in the form of packets. Network protocols include mechanisms for devices to identify and make connections with each other, as well as formatting rules that specify how data is packaged into messages sent and received. Some protocols also support message acknowledgement and data compression designed for reliable and/or high-performance network communication. Hundreds of different computer network protocols have been developed each designed for specific purposes and environments. Internet Protocols The Internet Protocol family contains a set of related (and among the most widely used network protocols. Besides Internet Protocol (IP) itself, higher-level protocols like TCP, UDP, HTTP, and FTP all integrate with IP to provide additional capabilities. Similarly, lower-level Internet Protocols like ARP and ICMP also coexist with IP. These higher level protocols interact more closely with applications like Web browsers while lower-level protocols interact with network adapters and other computer hardware.

23

Routing Protocols Routing protocols are special-purpose protocols designed specifically for use by network routers on the Internet. Common routing protocols include EIGRP, OSPF and BGP. TCP/IP Standard Internet communications protocols that allow digital computers to communicate over long distances. The Internet is a packet-switched network, in which information is broken down into small packets, sent individually over many different routes at the same time, and then reassembled at the receiving end. TCP is the component that collects and reassembles the packets of data, while IP is responsible for making sure the packets are sent to the right destination. TCP/IP was developed in the 1970s and adopted as the protocol standard for ARPANET (the predecessor to the Internet) in 1983. IP address: An identifier for a computer or device on a TCP/IP network. Networks using the TCP/IP protocol route messages based on the IP address of the destination. The format of an IP address is a 32-bit numeric address written as four numbers separated by periods. Each number can be zero to 255. For example, 1.160.10.240 could be an IP address. Within an isolated network, you can assign IP addresses at random as long as each one is unique. However, connecting a private network to the Internet requires using registered IP addresses (called Internet addresses) to avoid duplicates. The four numbers in an IP address are used in different ways to identify a particular network and a host on that network. Four regional Internet registries -- ARIN, RIPE NCC, LACNIC and APNIC -- assign Internet addresses from the following three classes. Class A - supports 16 million hosts on each of 126 networks Class B - supports 65,000 hosts on each of 16,000 networks Class C - supports 254 hosts on each of 2 million networks

24

Class ranges The address ranges used for each class are given in the following table, in the standard dotted decimal notation. Table 2.2 Classification of IP address CIDR suffix /8 Default subnet mask 255.0.0.0

Class

Leading bits

Start

End

Class A

0.0.0.0

127.255.255.255

Class B

10

128.0.0.0

191.255.255.255

/16

255.255.0.0

Class C

110

192.0.0.0

223.255.255.255

/24

255.255.255.0

The number of unassigned Internet addresses is running out, so a new classless scheme called CIDR is gradually replacing the system based on classes A, B, and C and is tied to adoption of IPv6.

HTTP (Hyper Text Transfer Protocol) The communications protocol used to connect to servers on the Web. Its primary function is to establish a connection with a Web server and transmit HTML pages to the client browser or any other files required by an HTTP application. Addresses of Web sites begin with an http:// prefix; however, Web browsers typically default to the HTTP protocol. For example, typing www.yahoo.com is the same as typing http://www.yahoo.com. HTTP is a "stateless" request/response system. The connection is maintained between client and server only for the immediate request, and the connection is closed. After the HTTP client establishes a TCP connection with the server and sends it a request command, the server sends back its response and closes the connection. FTP 25

(File Transfer Protocol) A protocol used to transfer files over a TCP/IP network (Internet, UNIX, etc.). For example, after developing the HTML pages for a Web site on a local machine, they are typically uploaded to the Web server using FTP. FTP includes functions to log onto the network, list directories and copy files. It can also convert between the ASCII and EBCDIC character codes. FTP operations can be performed by typing commands at a command prompt or via an FTP utility running under a graphical interface such as Windows. FTP transfers can also be initiated from within a Web browser by entering the URL preceded with ftp: //.

2.8 Switching techniques

Think how things would be if you could only use your telephone to talk to just one other person! You would not be very productive. So there are requirements for switching systems to route your calls around the world. The ways to perform switching:

Circuit Switching Packet Switching Message Switching Cell Switching

Circuit Switching This method involves the physical interconnection of two devices. A good example of circuit switching involves the Public phone network. A data example would be the classic A/B switch. Packet Switching Packet Switching techniques switch packets of data between destinations. Traditionally, this applied to X.25 techniques, but this also applies to TCP/IP and IPX/SPX routers also. Proprietary Frame Relay switches can switch voice signals. Message Switching 26

Message Switching techniques were originally used in data communications. An example would be early "store and forward" paper tape relay systems. E-Mail delivery is another example of message switching. In voice systems, you can find Voice Mail delivery systems on the Internet. The classic "forward voice mail" capability in some voice mail systems is another example. Cell Switching Cell Switching is similar to packet switching, except that the switching does not necessarily occur on packet boundaries. This is ideal for an integrated environment and is found within Cell-based networks, such as ATM. Cell-switching can handle both digital voice and data signals.

27

3
SERVER ARCHITECTURE

A server computer is a computer, or series of computers, that link other computers or electronic devices together. They often provide essential services across a network, either to private users inside a large organization or to public users via the internet. For example, when you enter a query in a search engine, the query is sent from your computer over the internet to the servers that store all the relevant web pages. The results are sent back by the server to your computer. Many servers have dedicated functionality such as web servers, mail servers, and database servers

3.1 Network security zones

To protect the private date and LAN the servers are placed in 2 zones which are characterized by their accessibility through the internet. These are1. De-Militarized zone 2. Militarized zone 3.1.1 DMZ - Demilitarized Zone In computer networking, DMZ is a firewall configuration for securing local area networks (LANs). In a DMZ configuration, most computers on the LAN run behind a firewall connected to a public network like the Internet. One or more computers also run outside the firewall, in the DMZ. Those computers on the outside intercept traffic and broker requests for the rest of the LAN, adding an extra layer of protection for computers behind the firewall. 28

Traditional DMZs allow computers behind the firewall to initiate requests outbound to the DMZ. Computers in the DMZ in turn respond, forward or re-issue requests out to the Internet or other public network, as proxy servers do. The LAN firewall, though, prevents computers in the DMZ from initiating inbound requests. The Mail Server, Web Server, Intrusion Detection Server and SCM server are placed in this zone. It is only 15% secure zone.

3.1.2 Militarized Zone Militarized zone is 100% secure zone. This zone is separated from the other zones through firewall. The SQL server, BizTalk Server, Intrusion Detection Server, Access Control Server and NMS server are placed in this zone. To access the militarized zone the client must have accessibility rights which are granted through authentication checks of the client. Only authenticated (registered clients) are permitted to

3.2 Server at NT Hub

Cargo website www.airport-ecom.gov is hosted at the EDI-NT hub of Airports Authority of India. The Server is basically cluster of various dedicated servers which are placed under different security zones.

3.2.1 Cluster Computing A computer cluster is a group of linked computers, working together closely so that in many respects they form a single computer. The components of a cluster are commonly, but not always, connected to each other through fast local area networks. Clusters are usually deployed to improve performance and/or availability over that of

29

a single computer, while typically being much more cost-effective than single computers of comparable speed or availability. High-availability (HA) clusters High-availability clusters (also known as Failover Clusters) are implemented primarily for the purpose of improving the availability of services that the cluster provides. They operate by having redundant nodes, which are then used to provide service when system components fail. The most common size for an HA cluster is two nodes, which is the minimum requirement to provide redundancy. HA cluster implementations attempt to use redundancy of cluster components to eliminate single points of failure. There are commercial implementations of High-Availability clusters for many operating systems. The Linux-HA project is one commonly used free software HA package for the Linux operating system. Load-balancing clusters Load-balancing is when multiple computers are linked together to share computational workload or function as a single virtual computer. Logically, from the user side, they are multiple machines, but function as a single virtual machine. Requests initiated from the user are managed by, and distributed among, all the standalone computers to form a cluster. This results in balanced computational work among different machines, improving the performance of the cluster system. Compute clusters Often clusters are used primarily for computational purposes, rather than handling IO-oriented operations such as web service or databases. For instance, a cluster might support computational simulations of weather or vehicle crashes. The primary distinction within compute clusters is how tightly-coupled the individual nodes are. For instance, a single compute job may require frequent communication among nodes - this implies that the cluster shares a dedicated network, is densely located, and probably has homogenous nodes. This cluster design is usually referred to as

30

Beowulf Cluster. The other extreme is where a compute job uses one or few nodes, and needs little or no inter-node communication. 3.2.2 Server setup The server is the cluster of 12 dedicated servers. They are: Web Server 1 Web Server 2 Mail Server 1 Mail Server 2 SQL Server BizTalk server AC Server SCM Server IDS Server-1 IDS Server -2 NMS Server Standby Server

31

Overall server block diagram is shown in figure.

Figure 3.1 Server block diagram

Web Server Typically, Users visit a Web site by either clicking on a hyperlink that brings them to that site or keying the sites URL directly into the address bar of a browser. We decide to visit a website by typing its URL into the Web Browser. Through an Internet connection, your browser initiates the connection that is storing the files by first connecting the domain into an IP address (through a domain name service) and then locating the server that is storing the information for that IP address. There are two web setup provided in the web set-up i.e. Web1 and web2 server. Both these are working simultaneously i.e. these two servers are in active/active mode. The web servers are configured to display the static as well as interactive web pages with the help of the website (www.airports-ecom.gov.in) provided by AAI. These servers route the queries generated from AAI ICMS at 4 locations with the network 32

to respective device. The users are unaware of the server, they are logged onto. These two are clustered in load balancing mode. Network load balancing distributes the load to traffic to the web servers, each running on a host within the cluster. As enterprise traffic increases, network admin can simply plug server into the cluster. Mail Server There are two mail servers i.e. Mail 1 and Mail 2 server. These two servers are clusters in the high availability mode. High Availability Mode clustered servers are implemented primarily for the purpose of improving the availability of service which the cluster provides. They operate by having redundant nodes, which are then used to provide services when system component fails. During the failure of one server all its resource are transferred to the working server. They are considered in active passive mode. In this both the servers must have the same configuration. The two mail servers are clustered with common RAID storage (V A 7400). These servers store flat files, text files, SMTP (Simple Mail Transfer Protocol) which allows automatic processing and forwarding of mail messages. In addition to these servers are used for overall mail management providing standard features such as creation/mailboxes for users user authentication for mail processing, audit of mail processing activity. SQL Server SQL server is a comprehensive database platform providing enterprise-class data management with the integrated business intelligence (BI) tools. SQL servers queries and analyze data over the network with enhanced scalability and reliability. The SQL server used in the NT-HUB is responsible for handling the authentication of the users. It manages the users id and password. The SQL server database engine provides more secure, reliable storage for both relational and structural data, enabling us to build and mange highly available data application that can be used to take the business to the next level. SQL and BizTalk server are in clustering mode i.e. they are in Active/Passive mode.

33

BizTalk Server Biz Talk is a Business Process Management (BPM) server that enables companies to automate and optimize business process. This includes powerful, familiar tools to design, develop, deploy, and manage that process. BizTalk is a platform for enterprise application integration facilitating electronics customers and partners communication, enterprise application database and business processing. Its support XML EDI and flat file formats and multiple transport protocols such as HTTP, HTTPS, SMTP and network file sharing. BizTalk basically provides a standard gateway to provide exchange from internet. BizTalk performs three functions. Firstly, processing of the file is done where it creates the file in its own format. Then this file is sent to the oracle agent where these files are put in Oracle at different locations. Finally, with the help of ATC (Application Transmission Component) are sent to their destinations. ATC basically enables the transmission of documents to their destination. In BizTalk server two types files are handled I.e., FTP files and E-mails files. AC Server This server is being used to provide user level as well as group level security. It acts as a domain controller in the militarized zone. A powerful tool eTrust AC is used for managing security for Windows platform by implementing a security policy that can be customized entirely to an enterprise security requirement. eTrust AC provides security for the users group and resources beyond what is available in native windows, to centrally manage windows security across the organization. This server is also hosting backup software in order to keep updated backup for the entire server. It has two Digital Linear Tape drives for the backup storage. Across control server facilitates administration monitoring of access control policies implemented as the server. eTrust AC protects the following entities: Files- Is user authorized to access a particular registry key? Terminals- Is user authorized to use a particular terminal? 34

Sign on time- Is user authorized to log in a particular time on a particular day? Programs- Can a particular is trusted? Is the user authorized to invoke it? Can user access specific resources using a program? TCP/IP- Is another station authorized to receive TCP/IP from a local computer? Is another computer is authorized to supply TCP/IP service to the local computer? Is another station permitted to receive services from every user of the local station?

Multiple login privileges- Is a user permitted to log in from a second terminal.

eTrust AC services start immediately after the operating system finishes its initialization. eTrust AC places hooks in system services that must be protected. In this way control is passed to eTrust AC before the services should be granted to the user. SCM Server SCM (Secure Content Manager) server is a mail relay server and is being used as a gateway for mail servers. SCM is placed in Demilitarized zone and is hosting the www.airports-ecom.gov.in domain. Its IP has been NAT Ed (Network Address Translation which provides a way to hide IP address of a private network from the internet while still allowing the network to access to the internet) in the firewall. The outside world sends/receives to from SCM server and then this server communicates with Mail servers. SCM files all types of scripts and e-mail attachment if any as per the security plan. It detects and removes viruses in HTTP and SMTP traffic on the network. It addition to this, it has audit trail logging and reporting facility also. Secure Content Manager is security solution that helps protect your business from a wide range of business and network integrity threats, including spam, viruses, spy ware, confidential data loss, peer to peer file sharing , malicious mobile code and inappropriate internet use and content access.

35

IDS Server There are two IDS (Intrusion Detection System) servers i.e. IDS1 and IDS2 in both militarized and demilitarized zone. An intrusion indicates network or system attacks from someone attempting to break into or compromise the system. IDS is a tool that is used to detect attempted attacks or intrusion by crackers or automated attacks tools by identifying security system or network. NMS Server NMS (Network Management System) server is being used for overall network management, performance and web management. NMS server is used to track and monitor the action of network connected to the nT-HUB. Standby Server Standby server is not connected to the web-setup permanently but acts as standby server in full or in parts as per requirement. The server is placed in militarized zone. In case any server fails or there is any other fault that the standby server fails or there is any other fault that that the stand by server is set the faulty server is required. Standby servers are really useful in large environments. They are used to implement secondary sites for disaster recovery, and for testing purposes. Web Traffic Analyzer Web Traffic Analyzer is a high performance Internet/Internet log analysis tool for use in the windows 2000 and 2003 server environment. It generates simple, elegant, and easy to understand reports that show statistical, demographic, and marketing trends in the performance and use of your websites. Knowing the strengths and weaknesses of your website is critical to creating as effective web presence. Web Traffic Analyzer analyzes log files created by web servers or Intranet servers running on Windows XP, 2000, 2003 Server, Linux and UNIX. analyzer supports more than 45 different log file formats. Web Traffic Analyzer provides enterprise-level database capabilities. These give you a choice of a number of database options to store and process server log files in embedded Microsoft Access. 36 Web Traffic breaches such as: incoming shell code, viruses, malware or Trojan horse transmitted via computer

3.3 Power Supply unit

To provide uninterrupted online services to the clients the servers needs a reliable and uninterrupted power. A power failure forcefully shut downs the servers which may take hours to boot providing inconvenience to the customers. In order to cope with the situation UPS are installed which are capable of providing power backup of up to 20 hrs in case of failure. Also they protect the hardware from the consequences of unstabilized Power which may harm the system.

3.3.1 UPS An Uninterruptible Power Supply, or UPS, is a device or system that maintains a continuous supply of electric power to certain essential equipment that must not be shut down unexpectedly. The UPS is inserted between a primary power source, such as a commercial utility, and the primary power input of equipment to be protected, for the purpose of eliminating the effects of a temporary power outage and transient anomalies. UPS Overcomes following problems:There are nine power problems that a UPS encounters. They are as follows: 1. Power failure. 2. Under voltage for up to a few seconds. 3. Over voltage for up to a few seconds. 4. Long term under voltage for minutes or days. 5. Long term over voltage for minutes or days. 6. Line noise superimposed on the power waveform. 7. Frequency variation of the power waveform. 8. Under voltage or over voltage for up to a few nanoseconds. 9. Harmonic multiples of power frequency superimposed on the power waveform.

37

Online UPS Online UPS implies that an electronic inverter is constantly supplying AC power to the load under all modes of operation. The batteries in an on-line UPS are always "on-line". That means there is not switching time to battery mode when there is a power failure. An on-line UPS generally does a "double conversion" process: rectifies incoming AC power to DC, then inverts DC power to AC. This power regeneration process enables the UPS to provide superior noise reduction and voltage regulation.

Figure 3.2 Block diagram of UPS

3.3.2 SNMP in UPS A protocol is a set of rules that governs data transmission and reception. Simple Network Management Protocol (SNMP) is a network management protocol. Software and firmware products designed for networks are often based on SNMP. It is developed to provide a common framework for network management. SNMP is the emerging communications and control management standard. Use of SNMP in Network Network managers use SNMP applications to: Monitor printer queues Set up addresses for devices Assign priorities for communication Manage databases 38

Manage power on the network Remote monitoring of UPS

39

NETWORK ARCHITECTURE

AAI manages the cargo at the two prime airports i.e. Kolkata and Chennai. The database being decentralized needs to be connected to the Net Transaction Hub at Delhi headquarters. The database servers located at Kolkata and Chennai can be connected either through Internet or via WAN. Connecting servers through internet may lead to insecure and unreliable network. Also this will require different IP addresses for both the database servers leading to additional cost. Due to these reasons the database servers are connected via leased lines discussed in section 2.5.1. The network setup for ICMS is given in figure 4.1.

Figure 4.1 Overall network layout A point of presence (POP) consists of the high-speed telecommunications equipment and technologies that enable users to connect to the Internet via their ISP. The POP might include call aggregators, modem banks, routers, and high-speed Asynchronous 40

Transfer Mode (ATM) switches. A POP has one or more unique IP addresses plus a pool of assignable IP addresses for its permanent and dial-up clients. The actual POP for an ISP might be located within the telecommunications facility of a telco or a long-distance carrier. The ISP rents or leases space in the facility to install the routers and access servers that provide Internet connectivity for clients and for the equipment that provides the ISP with a high-speed T1 or T3 connection to the Internets backbone. The severs at the NT Hub are connected to the Delhi PoP of ISP via leased line. Addition ISDN lines (4X128Kbps) are also available in case leased line connectivity goes down due to some fault The database servers are connected to PoP in their respective cities. Thus a VPN is established for fast and secure data transfer.

4.1 Request handling

Whenever a client accesses the cargo website the webpage is made available through the Internet. Web server being in de-militarized zone any outside user can access the website but only authenticated users can access the data regarding their cargo management like arrival , departure, clearance, cargo tracking etc. The client authentication data is stored in the SQL server placed in the militarized zone. Once the authenticated users enter a valid username password combination, the cargo related information can be retrieved. Suppose a Kolkata client needs to track his cargo, in this case he will access the cargo website. After the authentication check the ICMS will retrieve the required data from the Kolkata server through the VPN. This data is then given to the client via HTTP. Link status to the database servers are continuously monitored through ping tests. Any fault in the network needs to be resolved instantly.

41

4.2 Network security

In the field of networking, the area of network security consists of the provisions and policies adopted by the network administrator to prevent and monitor unauthorized access, misuse, modification, or denial of the computer network and networkaccessible resources. Network Security is the authorization of access to data in a network, which is controlled by the network administrator. Users are assigned an ID and password that allows them access to information and programs within their authority. Network Security covers a variety of computer networks, both public and private that are used in everyday jobs conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access. Network Security is involved in organization, enterprises, and all other type of institutions. It does as its titles explains, secures the network. Protects and oversees operations being done. 4.2.1 Firewall Any system or device that allows safe network traffic to pass while restricting or denying unsafe traffic. Firewalls are usually dedicated machines running at the gateway point between your local network and the outside world, and are used to control who has access to your private corporate network from the outsidefor example, over the Internet. More generally, a firewall is any system that controls communication between two networks. In todays networking environment in which corporate networks are connected to the Internetinviting hackers to attempt unauthorized access to valuable business informationa corporate firewall is essential. How It Works In its simplest form, a firewall is essentially a kind of router or computer with two network interface cards that filters incoming network packets. This device is often called a packet-filtering router. By comparing the source addresses of these packets with an access list specifying the firewalls security policy, the router determines whether to forward the packets to their intended destinations or stop them. The firewall can simply examine the IP address or domain name from which the packet 42

was sent and determine whether to allow or deny the traffic. However, packetfiltering routers cannot be used to grant or deny access to networks on the basis of a users credentials.

Figure 4.2 Firewall. Packet-filtering routers can also be configured to block certain kinds of traffic while permitting others. Usually this is done by disabling or enabling different TCP/IP ports on the firewall system. For example, port 25 is usually left open to permit Simple Mail Transfer Protocol (SMTP) mail to travel between the private corporate network and the Internet, while other ports (such as port 23 for Telnet) might be disabled to prevent Internet users from accessing other services on corporate network servers. The difficulty with this approach is that the size of the access list for the firewall can become huge if a large number of domains or ports are blocked and a large number of exceptions are configured. Some ports are randomly assigned to certain services (such as remote procedure call services) on startup; it is more difficult to configure firewalls to control access to these ports. The simple firewall just described is sometimes called a network-level firewall because it operates at the lower levels of the Open Systems Interconnection (OSI) reference model for networking. Network-level firewalls are transparent to users and 43

use routing technology to determine which packets are allowed to pass and which will be denied access to the private network. Network-level firewalls implemented solely on stand-alone routers are called packet-filtering routers or screening routers. Another type of firewall is a circuit-level gateway, which is usually a component of a proxy server. Circuit-level gateways essentially operate at a higher level of the OSI model protocol stack than network-level firewalls do. With a circuit-level firewall, connections with the private network are hidden from the remote user. The remote user connects with the firewall, and the firewall forms a separate connection with the network resource being accessed after changing the IP address of the packets being transmitted in either direction through the firewall. The result is a sort of virtual circuit between the remote user and the network resource. This is a safer configuration than a packet-filtering router because the external user never sees the IP address of the internal network in the packets he or she receives, only the IP address of the firewall. A popular protocol for circuit-level gateways is the SOCKS v5 protocol. Another more advanced type of firewall is the application-level firewall (or application gateway), which is also usually a component of a proxy server. Application gateways do not allow any packets to pass directly between the two networks they connect. Instead, proxy applications running on the firewall computer forward requests to services on the private network, and then forward responses to the originators on the unsecured public network. Application gateways generally authenticate the credentials of a user before allowing access to the network, and they use auditing and logging mechanisms as part of their security policy. Application gateways generally require some configuration on the part of users to enable their client machines to function properly, but they are more atomic in their configurability than network-level firewalls. For example, if a File Transfer Protocol (FTP) proxy is configured on an application gateway, it can be configured to allow some FTP commands but deny others. You could also configure an SMTP proxy on an application gateway that would accept mail from the outside (without revealing internal e-mail addresses), and then forward the mail to the internal mail server. However, because of the additional processing overhead, application gateways have greater hardware requirements and are generally slower than network-level firewalls. 44

4.2.2 Intrusion Detection Intrusion detection (ID) is a type of security management system for computers and networks. An ID system gathers and analyzes information from various areas within a computer or a network to identify possible security breaches, which include both intrusions (attacks from outside the organization) and misuse (attacks from within the organization). ID uses vulnerability assessment (sometimes referred to as scanning), which is a technology developed to assess the security of a computer system or network. Key points of working of the intrusion detection system are: The intrusion Detection System provide surveillance, intrusion and attack detection inappropriate URL Detection and blocking, altering logging and real time response. Protects the network from threats low level protocol attacks and server and desktop intrusion. Automatically detects attacks pattern in network traffic that indicate potential intrusion, attacks and abuses and appropriate action based upon predefined policies, even while such attack are in progress. Packet Sniffing Technology Works in a sniffer mode to ensure that it does not include any network delays while carrying out the required functionality. Stealth Mode Detection Support detection running in a promiscuous mode without even binding with an IP address to make the IDS machine practically invisible. Prevent network abuse by detecting and blocking access to inappropriate websites thus preventing use of organization resource to engage in unproductive communication and network utilization. Network Access control Defines rules based on which user can access specific resources on the network, ensuring only authorized access to network resources like web and ftp severs. Categorized URL blocking by this the Administrators is able to designate categories to URL that uses are not allowed to access, preventing unproductive Web Surfing. 45

SMTP mail Logging By this, users must be able log to log to SMTP contents based on matching specific keywords, to check employees from unauthorized commitments and harassment in communications.

Virus and Mobile code Detection Includes a Virus Scanners to detect network traffic containing computer virus and alert network administrator. Network Usage Logging enables Network administrators to track network usage by end user application. Integration the system is able to integrate with Enterprise Management System. Provide easy to use Graphic User Interface.

Need for IDS despite the Firewall Firewall works at packet Layer (Network Layer) where it does the preliminary filtering of data packets. Ids works at session layer and can detect intrusion attempts that are normally not recognized by firewalls. Thus IDS does the fine tuning to provide the network with maximum protection.

4.3 Fault management

In network management, fault management is the set of functions that detect, isolate, and correct malfunctions in a telecommunications network, compensate for environmental changes, and include maintaining and examining error logs, accepting and acting on error detection notifications, tracing and identifying faults, carrying out sequences of diagnostics tests, correcting faults, reporting error conditions, and localizing and tracing faults by examining and manipulating database information.. A fault management console allows a network administrator or system operator to monitor events from multiple systems and perform actions based on this information. Ideally, a fault management system should be able to correctly identify events and automatically take action, either launching a program or script to take corrective 46

action, or activating notification software that allows a human to take proper intervention. Some notification systems also have escalation rules that will notify a chain of individuals based on availability and severity of alarm. Types There are two primary ways to perform fault management - these are active and passive. Passive fault management is done by collecting alarms from devices (normally via SNMP) when something happens in the devices. In this mode, the fault management system only knows if a device it is monitoring is intelligent enough to generate an error and report it to the management tool. However, if the device being monitored fails completely or locks up, it won't throw an alarm and the problem will not be detected. Active fault management addresses this issue by actively monitoring devices via tools such as ping to determine if the device is active and responding. If the device stops responding, active monitoring will throw an alarm showing the device as unavailable and allows for the proactive correction of the problem. Fault management includes any tools or procedure for diagnosing testing or repairing the network when a failure occurs.

47

CONCLUSION
I have successfully completed my industrial training at Airport Authority of India, New Delhi. I have done my project on Integrated Cargo Management System. I have learnt various aspects of LAN like OSI model, routing protocols, network devices, network topologies, network security and network cabling. I have also learnt about LAN management through VLAN and LAN analyzer and various functions of firewalls.

48

REFERENCES

[1] AAI: Cargo Infrastructure - A Priority area Airports Authority of India official website.1st July 2011 <http://www.aai.aero/misc/CargoConnect_July2011.pdf>. [2] Computer Networks Wikipedia the free encyclopedia. < http://en.wikipedia.org/wiki/Computer_network>. [3] CADE drawing tool version v.2.20.3.16th Jan 2011. http://www.weresc.com [4] Forouzan, A. Behrouz Data Communication and Networking, (2006), Tata McGraw-Hill. [5] Tanenbaum, S. Andrew Computer Networks, (2003), Pearson Prentice Hall.

49