Network Structure &

Directory Services

Lesson 01 - Networking Fundamentals

Overview
This module will:

● introduce to basic concept of a computer network

● arm with the tools needed to work through the more
technical aspects
● know the different types of networks focus on the LAN
Overview (cont...)
● introduce to the concept of layers which is central to
understanding how computer networks operate
● be familiar with Request for Comments (RFC)* documents,
which are standards that define all of the Internet
protocols.

*RFCs are created by The Internet Engineering Task Force (IETF).

Objectives
Upon successful completion of this unit, you will be able to:
● demonstrate an understanding of the evolution of Internet
and computer networks;
● define the use of layers in networking; and
● explain the role of the Network Request for Comments
(RFC)
Network Topology
● is the arrangement of the elements (links, nodes, etc.) of a
communication network
● this can be used to define or describe the arrangement of
various types of telecommunication networks, including
command and control radio networks, industrial field busses
and computer networks.
Network Topology
● is the topological structure of a network and may be
depicted physically or logically.
● is an application of graph theory wherein communicating
devices are modeled as nodes and the connections between
the devices are modeled as links or lines between the nodes
Network Topology
● Physical topology is the placement of the various
components of a network (e.g., device location and cable
installation)
● Logical topology illustrates how data flows within a
network.
Network Topology
● Distances between nodes, physical interconnections,
transmission rates, or signal types may differ between two
different networks, yet their topologies may be identical.
● A network’s physical topology is a particular concern of the
physical layer of the OSI model.
Network Layers

● While networking is often discussed in terms of topology in

a horizontal way, between hosts, its implementation is
layered in a vertical fashion throughout a computer or
network.
Network Topology
● A wide variety of physical topologies have been used in
LANs, including ring, bus, mesh and star.
● Conversely, mapping the data flow between the components
determines the logical topology of the network.
● In comparison, Controller Area Networks, common in
vehicles, are primarily distributed control system networks
of one or more controllers interconnected with sensors and
actuators over, invariably, a physical bus topology.
Network Layers
● networking is often discussed in terms of topology in a
horizontal way, between hosts, its implementation is
layered in a vertical fashion throughout a computer or
network.
● Networking means there are multiple technologies and
protocols that are built on top of each other in order for
communication to function more easily.
● Each successive, higher layer abstracts the raw data a little
bit more, and makes it simpler to use for applications and
users.
Network Layers
● Networking also allows you to leverage lower layers in new
ways without having to invest the time and energy to
develop the protocols and applications that handle those
types of traffic.
● As data is sent out of one machine, it begins at the top of
the stack and filters downwards. At the lowest level, actual
transmission to another machine takes place. At this point,
the data travels back up through the layers of the other
computer.
Network Layers
● Each layer has the ability to add its own “wrapper” around
the data that it receives from the adjacent layer, which will
help the layers that come after decide what to do with the
data when it is passed off.
OSI Model
● OSI stands for Open Systems Interconnect.
● The 7 layers in this model are:
○ Application
○ Presentation
○ Session
○ Transport
○ Network
○ Data Link
○ Physical
OSI Model - Application
● The application layer is the layer that the users and user-
applications most often interact with.
● Network communication is discussed in terms of availability
of resources, partners to communicate with, and data
synchronization
OSI Model - Presentation
● The presentation layer is responsible for mapping resources
and creating context.
● It is used to translate lower level networking data into data
that applications expect to see
OSI Model - Session
● The session layer is a connection handler.
● It creates, maintains, and destroys connections between
nodes in a persistent way.
OSI Model - Transport
● The transport layer is responsible for handling the layers
above it a reliable connection*.
*Reliable refers to the ability to verify that a piece of data
was received intact at the other end of the connection.
● This layer can resend information that has been dropped or
corrupted and can acknowledge the receipt of data to
remote computers.
OSI Model - Network
● The network layer is used to route data between different
nodes on the network.
● It uses addresses to be able to tell which computer to send
information to.
● This layer can also break apart larger messages into
smaller chunks to be reassembled on the opposite end.
OSI Model - Data Link
● this layer is implemented as a method of establishing and
maintaining reliable links between different nodes or
devices on a network using existing physical connections.
OSI Model - Physical
● The physical layer is responsible for handling the actual
physical devices that are used to make a connection.
● This layer involves the bare software that manages
physical connections as well as the hardware itself (like
Ethernet).
TCP/IP Model
● More commonly known as the Internet protocol suite
● Is another layering model that is simpler and has been
widely adopted.
● It defines the four separate layers, some of which overlap
with the OSI model:
○ Application
TCP/IP Model - Application
● In this model, the application layer is responsible for
creating and transmitting user data between applications.
The applications can be on remote systems, and should
appear to operate as if locally to the end user.
The communication is said to take place between peers.
TCP/IP Model - Transport
● The transport layer is responsible for communication
between processes. This level of networking utilizes ports
to address different services. It can build up unreliable or
reliable connections depending on the type of protocol used.
TCP/IP Model - Internet
● The internet layer is used to transport data from node to
node in a network.
● This layer is aware of the endpoints of the connections, but
does not worry about the actual connection needed to get
from one place to another.
● IP addresses are defined in this layer as a way of reaching
remote systems in an addressable manner.
TCP/IP Model - Link
● The link layer implements the actual topology of the local
network that allows the internet layer to present an
addressable interface.
● It establishes connections between neighboring nodes to
send data.
Interfaces
● Interfaces are networking communication points for your
computer. Each interface is associated with a physical or
virtual networking device.
● Typically, your server will have one configurable network
interface for each Ethernet or wireless internet card you
have.
Interfaces
● This will define a virtual network interface called the
“loopback” or localhost interface.
● This is used as an interface to connect applications and
processes on a single computer to other applications and
processes.
● You can see this referenced as the “lo” interface in many
tools.
Interfaces
● Many times, administrators configure one interface to
service traffic to the internet and another interface for a
LAN or private network.
● In DigitalOcean, in datacenters with private networking
enabled, your VPS will have two network interfaces (in
addition to the local interface).
● The “eth0” interface will be configured to handle traffic
from the internet, while the “eth1” interface will operate to
communicate with the private network.
Protocols
● Networking works by piggybacking a number of different
protocols on top of each other.
● In this way, one piece of data can be transmitted using
multiple protocols encapsulated within one another.
Media Access Control
● It is a communications protocol that is used to distinguish
specific devices.
● Each device is supposed to get a unique MAC address
during the manufacturing process that differentiates it from
every other device on the internet.
Media Access Control
● Addressing hardware by the MAC address allows you to
reference a device by a unique value even when the
software on top may change the name for that specific
device during operation.
● Media access control is one of the only protocols from the
link layer that you are likely to interact with on a regular
basis.
IP - Internet Protocol
● IP is one of the fundamental protocols that allow the
internet to work.
● IP addresses are unique on each network and they allow
machines to address each other across a network.
● It is implemented on the internet layer in the IP/TCP
model.
● Networks can be linked together, but traffic must be routed
when crossing network boundaries.
IP - Internet Protocol
● This protocol assumes an unreliable network and multiple
paths to the same destination that it can dynamically
change between.
● There are a number of different implementations of the
protocol.
● The most common is IPv4, although IPv6 is growing in
popularity as an alternative due to the scarcity of IPv4
addresses available and improvements in the protocols
capabilities.
ICMP
● ICMP stands for internet control message protocol.
● It is used to send messages between devices to indicate the
availability or error conditions.
● These packets are used in a variety of network diagnostic
tools, such as ping and traceroute.
● Usually ICMP packets are transmitted when a packet of a
different kind meets some kind of a problem.
● Basically, they are used as a feedback mechanism for
network communications.
TCP
● TCP stands for transmission control protocol.
● It is implemented in the transport layer of the IP/TCP
model and is used to establish reliable connections.
● TCP is one of the protocols that encapsulates data into
packets. It then transfers these to the remote end of the
connection using the methods available on the lower layers.
● On the other end, it can check for errors, request certain
pieces to be resent, and reassemble the information into one
logical piece to send to the application layer.
TCP
● The protocol builds up a connection prior to data transfer
using a system called a three-way handshake. This is a way
for the two ends of the communication to acknowledge the
request and agree upon a method of ensuring data
reliability.
● After the data has been sent, the connection is torn down
using a similar four-way handshake.
TCP
● TCP is the protocol of choice for many of the most popular
uses for the Internet, including WWW, FTP, SSH, and
email.
● It is safe to say that the internet we know today would not
be here without TCP.
UDP
● UDP stands for user datagram protocol.
● It is a popular companion protocol to TCP and is also
implemented in the transport layer.
● The fundamental difference between UDP and TCP is that
UDP offers unreliable data transfer.
● It does not verify that data has been received on the other
end of the connection. This might sound like a bad thing,
and for many purposes, it is. However, it is also extremely
important for some functions.
UDP
● Because it is not required to wait for confirmation that the
data was received and forced to resend data, UDP is much
faster than TCP. It does not establish a connection with the
remote host, it simply fires off the data to that host and
doesn’t care if it is accepted or not.
● Because it is a simple transaction, it is useful for simple
communications like querying for network resources.
UDP
● It also doesn’t maintain a state, which makes it great for
transmitting data from one machine to many real-time
clients. This makes it ideal for VOIP, games, and other
applications that cannot afford delays.
HTTP
● HTTP stands for hypertext transfer protocol.
● It is a protocol defined in the application layer that forms
the basis for communication on the web.
● HTTP defines a number of functions that tell the remote
system what you are requesting.
● For instance, GET, POST, and DELETE all interact with
the requested data in a different way.
FTP
● FTP stands for file transfer protocol.
● It is also in the application layer and provides a way of
transferring complete files from one host to another.
● It is inherently insecure, so it is not recommended for any
externally facing network unless it is implemented as a
public, download-only resource.
DNS
● DNS stands for domain name system.
● It is an application layer protocol used to provide a human-
friendly naming mechanism for internet resources.
● It is what ties a domain name to an IP address and allows
you to access sites by name in your browser.
SSH
● SSH stands for secure shell.
● It is an encrypted protocol implemented in the application
layer that can be used to communicate with a remote server
in a secure way.
● Many additional technologies are built around this protocol
because of its end-to-end encryption and ubiquity.
SSH
● There are many other protocols that we haven’t covered
that are equally important.
● However, this should give you a good overview of some of
the fundamental technologies that make the internet and
networking possible.
Networking Glossary
● Connection - refers to pieces of related information that are
transferred through a network.
- This generally infers that a connection is built before the
data transfer (by following the procedures laid out in a
protocol) and then is deconstructed at the end of the data
transfer.
Networking Glossary
● Packet - the most basic unit that is transferred over a
network. When communicating over a network, packets are
the envelopes that carry your data (in pieces) from one end
point to the other.
- Packets have a header portion that contains information
about the packet including the source and destination,
timestamps, network hops, etc.
- The main portion of a packet contains the actual data being
transferred. It is sometimes called the body or the payload.
Networking Glossary
● Network Interface - can refer to any kind of software
interface to networking hardware.
- For instance, if you have two network cards in your
computer, you can control and configure each network
interface associated with them individually.
- A network interface may be associated with a physical
device, or it may be a representation of a virtual interface.
The “loopback” device, which is a virtual interface to the
local machine, is an example of this.
Networking Glossary
● LAN - for “local area network”.
- It refers to a network or a portion of a network that is not
publicly accessible to the greater internet.
e.g A home or office network is an example of a LAN.
Networking Glossary
● WAN - for “wide area network”.
- It means a network that is much more extensive than a
LAN. While WAN is the relevant term to use to describe
large, dispersed networks in general, it is usually meant to
mean the internet, as a whole.
- If an interface is said to be connected to the WAN, it is
generally assumed that it is reachable through the internet.
Networking Glossary
● Protocol - is a set of rules and standards that basically
define a language that devices can use to communicate.
- There are a great number of protocols in use extensively in
networking, and they are often implemented in different
layers.
- Some low level protocols are TCP, UDP, IP, and ICMP.
Some familiar examples of application layer protocols, built
on these lower protocols are HTTP (for accessing web
content), SSH, TLS/SSL, and FTP.
Networking Glossary
● Port - is an address on a single machine that can be tied to
a specific piece of software.
- It is not a physical interface or location, but it allows your
server to be able to communicate using more than one
application.
Networking Glossary
● Firewall - is a program that decides whether traffic coming
into a server or going out should be allowed.
- A firewall usually works by creating rules for which type of
traffic is acceptable on which ports.
- Generally, firewalls block ports that are not used by a
specific application on a server.
Networking Glossary
● NAT - stands for network address translation.
- It is a way to translate requests that are incoming into a
routing server to the relevant devices or servers that it
knows about in the LAN.
- This is usually implemented in physical LANs as a way to
route requests through one IP address to the necessary
backend servers.
Networking Glossary
● VPN - stands for virtual private network.
- It is a means of connecting separate LANs through the
internet, while maintaining privacy.
- This is used as a means of connecting remote systems as if
they were on a local network, often for security reasons.
Network Principles
● Principle 1: Understand the user need
● Principle 2: Use services to protect your data, don’t rely on
the network
● Principle 3: Design for interworking and flexibility
Network Principles
● Government networks form a platform that enables the
delivery of digital services.
● Good network design should create a user experience that
the network is transparent, resilient and ubiquitous, with
the right balance of quality, speed, security, control and
cost.
Network Principles
● These principles help designers deliver this experience for
their users when designing networks across government.
Note that these are principles, not a set of rules that must
be arbitrarily followed.
● Designers can deviate from them where there is good
justification.
● Government end-users - individuals who consume a service,
not those purchasing or provisioning it.
Network Principles
The
diagram
presents the
context for
these
principles
Principle 1: Understand the User Need
● Understand your basic network requirements
● Different networks have very different characteristics.
● In the diagram above- at one end of the range - some users
accessing services over the highest capacity fixed networks,
with others remotely accessing services over a limited-
bandwidth mobile link.
Principle 1: Understand the User Need
Know:
● what business services your users depend on
● what network services they rely on to access them
Principle 1: Understand the User Need

Document your needs across different networks for:

● bandwidth
● availability
● resilience
● class of service (CoS)
● quality of service (QoS)
● price
Principle 1: Understand the User Need
● Design networks for a roaming user base
- Government is increasingly distributed, with people from
your department working from home or in other
government buildings. This use case should be at the heart
of network design. Designing ‘on net’ solutions which only
work in your own premises will limit staff mobility and be
at odds with your own corporate policies.
- The user perception should be that the network is
transparent, resilient and ubiquitous.
Principle 1: Understand the User Need
● Design services to be accessed wider than your own
department
- Design services that can be accessed by a wider user
base.
- This may be other government departments and also
corporate partners.
Principle 1: Understand the User Need
● Design services to be accessed wider than your own
department
- Develop tools that can be accessed without extra client
software and that can be accessed from other
government buildings.
- This will mean making it possible to access the service
from the internet, the PSN or other shared government
networks.
Principle 1: Understand the User Need
Design for organisations who share a site to share the site’s
network
- Multi-tenanting of government buildings is increasing.
- Understand the basic network requirements for all the
different organisations within a site to encourage the
sharing of networks at that site.
- Understand who can supply the network at the best price
per location and have an equitable process for sharing the
cost.
Principle 1: Understand the User Need
● Consider mobile data (3G,4G) as an alternative data
transport mechanism
- Historically, mobile connectivity has provided a limited
set of functionality.
- This is now changing and there may be use cases where
a 4G service could meet user needs, either as a primary
or backup service.
Principle 1: Understand the User Need
● Be able to support your users
- Have the skills and tools to diagnose who or what is
causing a fault or poor performance.
- Check the actual performance and availability that
you’re getting.
- Be prepared for when your service is degraded or
overloaded.
- Plan your business resilience around this.
- Don’t buy unnecessary service guarantees as a
substitute.
Principle 2: Use services to protect your data,
don’t rely on the network
● Understand the threat
Know:
- who is managing your networks
- what organisations and jurisdictions have access to your
data
- who you are sharing your network with
- whether you have adequate data in transit protection
Principle 2: Use services to protect your data,
don’t rely on the network
- This principle is similar to knowing how separation is
achieved in any multi-tenanted cloud services you may
consume.
- Develop a clear strategy for your security. Security and
controls should be directly informed by threat and designed
to support your wider risk management approach.
Principle 2: Use services to protect your data,
don’t rely on the network
- Although modern security products offer a wide range of
options, these should not be enabled indiscriminately.
- Controls can have a negative impact on performance and
create unnecessary bottlenecks.
- There should be a clear reason for enabling or disabling
each option.
Principle 2: Use services to protect your data,
don’t rely on the network
● Design protection of services as near to the service as
possible
- The use of routing as a mechanism for security has
greatly increased the complexity of government
networks and significantly reduced flexibility.
Principle 2: Use services to protect your data,
don’t rely on the network
● Design protection of services as near to the service as
possible
- Instead, use access control mechanisms as close to the
service boundary as possible; clear technical mechanisms
and business processes for those that may wish to access
your services; and access control tools that are
straightforward to review and change, such as firewall
rules and access control lists, without impacting the
characteristics of the network
Principle 2: Use services to protect your data,
don’t rely on the network
● Publish routes by default
- Secure your devices and services using the cloud security
principles. Where your networks face external networks
such as PSN, publish the widest set of network routing
information possible, while also ensuring that related
resources are grouped together so that they can all be
reached by making simple configuration changes.
- This will ensure that other departments can easily
connect to services that are made available.
Principle 2: Use services to protect your data,
don’t rely on the network
● Encrypt without compromising performance
- Implement encryption at the most optimal point for
performance and cost.
- Application encryption is better optimised, needs less
infrastructure and is easier for the user to verify than
network encryption.
Principle 2: Use services to protect your data,
don’t rely on the network
● Encrypt without compromising performance
- This is particularly true for bandwidth-intensive peer-to-
peer communications such as voice and video.
- Application encryption could also be extended to protect
communications with individual citizens on public
networks if needed.
Principle 2: Use services to protect your data,
don’t rely on the network
● Protect your networks
- Have the skills and tools to know what your networks are
doing, so that you can spot when activity on the network
changes without a reasonable explanation.
Check:
- how each of the networks you use protects itself
- what threats are addressed
- how your networks defend against them
Principle 2: Use services to protect your data,
don’t rely on the network
- When connecting to a network, implement controls in your
own environment to protect the networks you use.
- Apply any controls that are required by your network
providers. Connections to PSN should be PSN compliant.
Principle 2: Use services to protect your data,
don’t rely on the network
● Layer your security
Ensure that you:
- don’t rely on any single component to protect your data
- use security tools as well as native functionality
- consider where logging and alerting can offer a more
effective (or complementary) mitigation over rigid or
inhibitive controls
Principle 3: Design for Interworking & Flexibility
● Use open standards
- Data networks carry a wide variety of network traffic.
- When choosing services, ensure that they use published
standards.
- There are a number of proprietary standards and
approaches in the network layer and unless you have a
specific specialist requirement an industry standard
should be used.
Principle 3: Design for Interworking & Flexibility
● Maximise use of commoditized services
You should:
- make it easy to change to meet your changing needs
- buy what you need, when you need it
- choose networks separately from other services, using
providers’ standard commercial terms and conditions
- minimise your own WAN estate - share infrastructure
where you can
Principle 3: Design for Interworking & Flexibility
● Consolidate use of data networks and migrate to IP based
technologies
- Almost all current technologies rely on data networking.
- Where possible, all services should be reachable from
different networks and so use the same network services,
as opposed to specific networks for specific purposes.
- This significantly reduces costs and makes it much easier
to share services with others.
Principle 3: Design for Interworking & Flexibility
● Consolidate use of data networks and migrate to IP based
technologies
- Where non IP-based technologies such as PBX telephony
services are used, migrate to a more modern alternative
based on IP networking as soon as is practical.
- Designing for resilience aside, you should avoid solutions
that force your organisation to maintain direct
connections to more than one network.
Principle 3: Design for Interworking & Flexibility
● Publish DNS names
- Publish DNS records as widely as possible.
- This enables the widest range of people find a service and
avoids restrictions based on knowledge of its name.
- Avoid restricting access to DNS records as a security
mechanism.
- Knowledge of a service’s domain name or IP address is
not the same as being able to access the service.
Principle 3: Design for Interworking & Flexibility
● Remove technical barriers to cross-government access
- There is an increasing demand for access from across
government to physical assets (for example environmental
monitoring equipment) originally deployed by individual
government organisations.
- While access control should be enforced, work to
eliminate any unnecessary technical constraints that
hinder the sharing of such assets.
Principle 3: Design for Interworking & Flexibility
● Remove technical barriers to cross-government access
You should:
- consider the wider access of devices that you own by
other government organisations
- use IPv6 in specifications and deployments where possible
- restrict the use of NAT as a security tool and instead use
alternative access control mechanisms where at all
possible
Principle 3: Design for Interworking & Flexibility
● Remove technical barriers to cross-government access
- Tools such as NAT have been used historically due to a
limit of address spaces and to enable private IP
networks to be created.
- While this is common practice, it significantly increases
complexity when connecting services together.
Reference:
1. Computer Communications and Networks.Retrieved from:
https://learn.saylor.org/course/view.php?id=84&sectionid=81
3
Retrieved date: November 14, 2019

1. Network Topology
Retrieved from:
https://en.wikipedia.org/wiki/Network_topology link to open
resource.
Retrieved date: November 14, 2019
Reference:
3. Guidance Network Principles (2015)
Retrieved from: https://www.gov.uk/government/publications/network-
principles/network-principles
Retrieved date: November 15, 2019
3. Ellingwood, Justin (2014). An Introduction to Networking Terminology,
Interfaces, and Protocols
Retrieved from: https://www.digitalocean.com/community/tutorials/an-
introduction-to-networking-terminology-interfaces-and-protocols
Retrieved date: November 15, 2019