A Level Computing - COMP3 Communications and Networking
Blog Posts
Communication Methods
Data Transmission
We use this term to refer to the exchange of data between sending and receiving devices across a transmission medium.
Serial Data Transmission
In serial data communication data is sent via an interface one bit at a time over a single wire from the source to the destination.
Serial data communication is used for long distance communication. All transmission methods are affected by distance - it is more straightforward to regenerate a single signal to prevent signal strength dropping too far for successful communication. It also reduces the requirement for cabling.
Parallel Data Transmission
In the days before USB, printers were connected to PCs via the parallel port. The connecting cable consists of a group of wires in order to transmit several bits simulataneously.
Small differences in the electrical resistance of the wires mean that each bit might arrive at a slightly different time. This is called skew and makes parallel data communication reliable over short distances but not over longer distances.
Baud Rate
The term baud rate refers to the rate at which the signal changes. The unit of measure, 1 baud is equivalent to one signal change per second.
Bit Rate
The bit rate is the number of bits transmitted each second. When a single signal is sent at a time, the baud rate and bit rate are the same.
Bandwidth
The term bandwidth is used to refer to the range of frequencies that can be transmitted over the medium. This is measured in hertz (Hz). The term is misused by ISPs - even the wrong units are used.
There is a relationship between bandwidth and bit rate. The higher the bandwidth, the higher the bit rate.
Bit Rate = Baud Rate * Number of bits per signal
Latency
This term is used to refer to the delay that occurs between initiating something and the first effects beginning. In communication over wide distances, the effect is increased.
Asynchronous Data Transmission
In many situations, the receiving device does not know exactly when a message is going to be received. You don't, for example, type on a keyboard with a precise interval between each keypress and therefore each byte sent to the keyboard controller. The data transmission in this case is asynchronous since the transmitting system is not synchronised with the receiving system. A method for ensuring that the receiving system can correctly identify which digit in the communication belongs needs to be used.
Most systems for asynchronous data transmission involve the use of start and stop bits. The start bit is used to synchronize a clock in the receiving device. Once that has been received, timed periods will be used to receive the remaining bits in the transmission. A stop bit indicates the end of the data.
Parity Checking
Computers rely on the fact that data is transmitted correctly. This is normally achieved through methods which aim to reduce the number of errors.
In odd parity, the first/leftmost bit (Most Significant Bit) or the last/rightmost bit (Least Significant Bit) is altered to ensure that the total number of on bits is an odd number.
In even parity, the first/leftmost bit (Most Significant Bit) or the last/rightmost bit (Least Significant Bit) is altered to ensure that the total number of on bits is an even number.
By examining the bits in each byte received, the receiving device can check that the data has been transmitted correctly. The parity bit is ignored thereafter. If an error is received, the message can be re-transmitted.
Handshaking
In order to communicate succesfully, devices need to know that the other device is ready to transmit or receive data. They also need prior knowledge of the type of parity checking used and on which bits. The value and number of start and stop bits also needs to be agreed.
Handshaking is where devices exchange information about the communication methods they use. A protocol is an agreed set of rules for communication between devices that are needed to ensure successful communication.
This is required to allow communication between devices built by different manufacturers.
Baseband
In this mode of operation, the whole of the bandwidth of the cable is dedicated to a single data channel. Bit values of 1 or 0 are represented by the presence or absence of voltage in the cable. The signals are relatively quick but can only be sent over distances up to 300m without booster equipment. Baseband tends to be used over short distances since it can provide speedy communication without a large cost.
Broadband
The medium of transmission (such as a wire or fibre-optic cable) carries multiple messages at a time, each message modulated on its own carrier frequency. The bit values of 1 or 0 are represented by variations in the fixed carrier wave. Broadband is used for longer distances.
Networks
Local Area Networks
A Local Area Network (LAN) is a collection of computers and peripherals confined to one building or site, connected together by a common electrical connection.
In order for computers to be connected together as a LAN, each computer will require a network adapter or network interface card. The network card converts computer data into a form that can be transmitted over the network. Data that is received needs to be converted into a form that can be understood by the receiving computer.
Benefits Of Networking
- Users can communicate (email, chat, message) with other users of the network.
- Different types of computers can be connected to the network to perform different tasks.
- Adding users to the network can be easier than on stand-alone machines. An account can be created on the server with the required permissions and access rights for the new user. New equipment an be connected to the network and a disk image copied from the network with all of the correct settings already prepared.•Data can be shared, this may also avoid duplication. Users can be given access to hard drives shared across the network or connected directly to the server.
- Resources (printers, scanners) can be shared on the network. This reduces the number of such devices that are required within an organisation.
- Routine maintenance tasks like back-up and virus-checking can be taken out of the hands of users. By performing these from the server across the network as a whole, administrators can ensure that such tasks are completed.
- Applications can be stored on and run from the server, reducing the need for multiple copies.
Disadvantages of Networks
- People depend on routines or maintenance being done by network managers. Any shortfall in the ability or competence of the network administrator will be felt by all users of the network.
- Resources are interdependent. Some networks are set up in such a way as to render the machines unusable when the network is not available. Some peripherals (eg printers) are unavailable if the network printing service is not up.
- As traffic increases on the network, performance can degrade. This can be particularly noticeable at key login times where many requests are being passed to the server to authenticate users.
- Security can become more of an issue. Some of the information available to some users on the network may be confidential (eg payroll and personnel data) for the vast majority of users.
- Access rights have to be set carefully to avoid problems within the organisation. A network has more points of access for someone attempting to access data that they are not entitled to access.
Wide Area Networks
A Wide Area Network connects geographically remote computers or networks. Connections between computers connected to a WAN may involve some of the following,
- Public switched telphone network
- Leased line
- Fibre optic
- Microwave
- Satellites
- Radio waves
Internetworking
An inter-network is a collection of connected networks which function separately. The Internet is obviously the largest example of such a thing. TCP/IP is the protocol used to connect networks.
LAN Topologies
A computer or device connected to a network is usually referred to as a node. The physical layout of a network is called its topology. The topology chosen for a network will depend on the number of users, the number of nodes and the use being made of the network.
Star
In the star topology, nodes are connected to a central host computer or switch that controls communication between devices. The hub or host computer regenerates any signal that it receives and passes it on. Only the intended recipient computer acts on the message.
In the star network, all nodes have independent connections to the host. A cable failure on one branch of the network will therefore only affect that branch. The rest of the network will continue to function normally and the failure will be easy to isolate. Adding or removing workstations from the network is easy and will require no disruption to the rest of the network. Different nodes can be connected and transmit at different speeds to the host computer. Workstations cannot intercept messages between the host and other nodes. The network should perform consistently as traffic increases, since the connections to the host are independent. There is no possibility of data collisions (2 nodes attempting to transmit data at the same time along the same medium) because of the independent connections to the host computer.
The star uses the most cable of the topologies explained here. That may make it the most expensive to set up, particularly if there are a large number of nodes. Cabling can be a substantial cost in networking, particularly when it needs to be placed out of sight or out of the way of the furniture.
A distributed star is a variation on this topology where a number of stars are connected via switches. Each star or segment of this network would operate independently until a message needs to be sent to a node on another star. Only then would a message leave the star to which it is directly connected.
Bus
The bus topology is the most commonly used and the basis for modern ethernet networks. All devices share a common cable for connection.
The bus topology requires the least cable and allows for easy addition and removal of nodes without affecting the network as a whole.
Performance on the bus network degrades as traffic increases. Any failure of the main cable will cause the entire network to failure and the length of this cable will make it difficult to locate and isolate the failure. There are limits to the geographical distance that the main cable can span, signal boosters will be required for large distances (300m +) which are possible in large organisations.
CSMA/CD (carrier-sense multiple access with collision detection) is the name given to the collision system used in bus and ethernet networks. It enables workstations to recognise when a collision has occurred and wait a random amount of time (so that collisions do not recur) before transmitting the message again.
Network Adapter
A connection to a network depends on each node having a network adapter. The Media Access Control address or MAC address is written to memory on the network card. The MAC address is a 48-bit address expressed in hexadecimal and separated into 6 bytes.
Switched Ethernet
Ethernet is a network architecture that can be implemented in a number of different ways, using a variety of cable types. Ethernet devices are connected to a common medium providing the path for signals to travel along. A collection of devices attached to the same medium forms a segment. Messages sent between devices are called frames. Frames can vary in size but have maximum and minimum sizes defined in the ethernet protocol.
Bridges & Segments
Each shared medium can only accept one message at a time. It is therefore referred to as a collision domain. The more nodes connected to a segment, the more congestion problems created. Dividing segments into multiple segments creates multiple collision domains and should therefore reduce the problem. The bridge is the device which connects together two or more network segments, echoing the signals it receives and routing them to the appropriate segment of the network using the MAC address (hard-coded into NIC).
Segments can also be connected using routers. Routers use IP addresses for routing rather than MAC addresses.
Switched Ethernet
A switch is often described as an 'intelligent hub'. When devices connect to a hub, they share the same bandwidth. This is because the hub repeats the signal it receives and broadcasts it to all connected devices. The switch allows each node to use the full bandwidth since it routes to the node either directly (on the same segment) or via another switch to which the receiving node is connected.
Thin & Thick Clients
A network where most applications are run on the client computer is called a thick-client or rich-client network. In such cases, the specification of the client will affect performance.
In a thin-client network all processing takes place on the central server. The server will be a more powerful machine than the clients. The client machines in such a network would normally not be very powerful - the factor that often leads to a thin-client solution. Thin-client machines do not require local backing storage since all applications and data are stored on the server.
Peer-To-Peer Networks
A peer-to-peer network has no dedicated server. The workstations are equal and perform the functions of both client and server in the network. The user of each computer determines the resources which can be shared. Where passwords are used, they are specific to each machine.
Peer-to-peer networks work best with small numbers of users. They are not the most secure networks so would not be used in scenarios that require high security. Since they are less flexible than client-server networks, this type of network would not be best to use when there is a chance that more workstations will need to be added as time passes.
P2P Networks
Peer-to-peer protocols are used on the Internet for file sharing. When a file is shared, the source breaks the file into small chunks and shares these out among the peers requesting the file. The peer then becomes the source for the chunk that they have received. In this way, the original source file is sent out only once from the peer which stores it. As a result, the bandwidth requirement for the source is reduced.
Client-Server Networks
In client-server networks, client devices make requests for network services to servers. Multiple servers may be used for different services. A large network may have a file server, print server, email server and other servers dedicated to functions such as back-up and recovery.
In a client-server network, files are stored on the server which provides the client with access to the relevant portion of the backing store based on the user currently logged onto the network. All of the files can be stored on one array of hard drives and clients usually have a drive letter mapped to their portion of the backing store. Back-up can be carried out centrally for all users.
Users typically use the same password to access any network resource, meaning they can use different workstations and still have access to the same software and files.
Web 2.0
This term gets thrown around quite a bit. Generally, the term refers to the approach to using the WWW that has arisen over recent years. Blogging tools, search engines and social networks are all examples of Web 2.0.
Web Services
Software as a service (SaaS) is an approach to software deployment that characterises Web 2.0.
Web services are applications that are hosted as a service and accessible via the Internet. This can include simple applications and gadgets for the desktop or complete suites of applications. Cloud computing, where a PC's software and data are held online depends on this approach.
Ajax is one technology used in Web 2.0. It is a technology which allows pages to update sections of their content using programs or data held on a web server but without reloading the entire page. This makes the experience of using the software more similar to that of the thick-client and reduces the delay between operations.
Wireless Networking
Wireless networks use radio signals to connect to Wireless Access Points (WAPs). The standard is called Wi-Fi.
Wireless networks are typically slower than wired networks and, because of the danger of interception, have different security issues to wired networks.
Bluetooth
Bluetooth is a wireless protocol for exchanging data over short distances. It was designed for mobile devices like telephones and as an alternative to cables for connecting devices.
Routers
The information used to get packets to their destinations is contained in routing tables kept by each router connected to the Internet. Routers are packet switches. A router is usually connected between networks to route packets between them. Each router knows about it's sub-networks and which IP addresses they use. The router usually doesn't know what IP addresses are 'above' it.
The black boxes connecting the backbones are routers. The larger NSP backbones at the top are connected at a NAP. Under them are several sub-networks, and under them, more sub-networks.
When a packet arrives at a router, the router checks the destination address that wit was given when it was created. Then the router checks its routing table. If it has the address of the network that contains the destination address, the packet is sent to that network. If it doesn't have the address of the network that contains the IP address in the packet, it sends the packet on a predefined default route, usually up the hierarchy to the next router.
The next router may know the address of the network the packet is heading for. If it does not, it routes the packet up the hierarchy again until either the packet gets sent towards its destination or reaches an NSP.
The routers connected to the NSP backbones hold the largest routing tables. The packet will now be routed towards the correct backbone and will find its way back down the hierarchy to its destination.
Routable & Non-Routable IP Addresses
The allocation of IP addresses is controlled globally by The Internet Assigned Numbers Authority (IANA). The IANA allocates addresses to National or Regional Internet Registries (NIR, RIR). ISPs obtain their allocation of IP addresses from the NIR and allocate them to users.
Such addresses are public or routable.
Private or non-routable addresses are reserved for home, office and school networks. The following IP addresses are used for non-routable addressing,
10.0.0.0 to 10.255.255.255
172.16.0.0 to 172.31.255.255
192.168.0.0 to 192.168.255.255
Gateways
A gateway is needed to connect together two networks using different protocols. The gateway reforms LAN frames into WAN frames before sending.
Networks 1 - Online Lesson
Networks 2 - Online Lesson
IP Addressing - Online Lesson
Networking - June 10.pdf
Networking - June 11.pdf
Networking - June 12.pdf
Bus Networks A2.ppt
6.2 Networks (AQA).ppt
Server-side Scripting
Server & Client-Side Scripting
When your browser requests a web page from a web server using HTTP, the server responds by sending a copy of the file to your browser. This file is interpreted and rendered by the browser.
The instructions used to render the page are all executed on the client machine. HTML, CSS and Javascript instructions contained within the text file describe the content and formatting of the web page that the browser will display. This is called client-side scripting.
Server-side scripting is where the script is interpreted by software running on the server. The script will usually alter the content of the requested web page based on selections made by the user, possibly even using a server-based store of data - a database, XML or text file containing data that is queried before display on the web page.
When browsing, you may come across the acronym CGI which stands for Common Gateway Interface. CGI is the interface between the HTTP server and the extension that will execute the script. Server extensions are programs that generate the web page code from the scripts that are sent to the server. CGI, then, in principle is concerned with a request from a browser and the response from the web server extension.
Technologies
ASP
Active Server Pages are web pages contain VBScript. It requires a Windows platform on the server and that pages containing ASP have the extension .asp (MyHighcliffe etc is all written in ASP). The newer version is ASP.net.
PHP
PHP stands for Hypertext Preprocessor. It is open source and widely used on the WWW. There are many extensions to PHP itself making it possible to connect PHP scripts to a range of tools like databases as well as construct images and PDF files from server-side scripts.
PHP is often used in conjunction with MySQL, an open source online database management system.
LEARN PHP here : http://www.codecademy.com/tracks/php
Perl
Perl can be used in much the same way as PHP. It was initially designed as a UNIX scripting language and is still widely used today.
Others
It is also possible with CGI to use compiled files, written in high-level languages like Delphi.
Some PHP Examples
In order to play around with PHP and MySQL, you will need to install a WAMP server. A quick google search will allow you to download.
Simple Test
First we will start by seeing if you have managed to get a web server and PHP installed on your machine. Once you have done this, copy the following code into a text editor,
<html>
< head>
< title>PHP Test</title>
< /head>
< body>
<?php
echo "<h1>Hello World</h1>";
?>
< /body>
< /html>
The bold section is the PHP. Notice that we use the PHP tags to escape from HTML. The remainder of the file (that not enclosed in the PHP tags) is plain old HTML. This file needs to be saved in your WWW directory - call it test.php. If your web server is running, you should be able to see this file in your browser by entering the URL, http://127.0.0.1/test.php in the address bar.
Now look at the source code that was delivered to the browser - click on View, Source Code. You should see that there is no trace of the PHP, all that you can see is the web page that was delivered once the PHP statement that we wrote was interpreted. This is handy too - we hide the complexity of our work from the user and deliver what we need to them - they don't need to know how it was done.
Using A GET Request
There are 2 main ways to pass information from the browser (and therefore, more often than not, from the user) to the server extension. The first of these methods is by using a GET request. A GET request is passed in the URL - it is a query string which appears after a question mark, directly after the URL. The URL of this web page contains a query string. Notice that the same script is used to produce all of the pages in this section of the site. The query string appended to the URL determines which page is sent to the browser.
The following script should be copied to a new file in your text editor and saved with the name get.php.
<html>
< head>
< title>PHP Test</title>
< /head>
< body>
< ?php
$thename= $_GET['name'];
echo "<h1>Hello ".$thename."</h1>";
?>
< /body>
< /html>
Load up the page in your browser - remember to type in the URL so that the request is made to the web server. Add ?name=Bob to the URL and press enter. The name, Bob should be displayed on the web page. Change the name in the query string, enter something rude and generally enjoy the experience.
Notice how variables are used in PHP. They must start with a dollar and are case sensitive. They are not typed. This means that, unlike in C#, you don't decide on a data type for your variables.
The following example uses a simple HTML form to allow the request to be made from a web page. The isset function is a very handy function that checks to see if a GET variable exists. The response to the request is delivered using the same script. This allows you to create dynamic web pages. Again - the HTML that goes to the browser is all that is needed.
<html>
< head>
< title>PHP Test</title>
< /head>
< body>
< ?php
if (isset($_GET['name']))
{
$thename= $_GET['name'];
echo "<h1>Hello ".$thename."</h1>";
}
else
{
echo "<form action='get.php' method='GET'>
Enter your name: <input type='text' name='name' size='50'><br>
< input type='reset' value='Clear'> <input type='submit' value='Submit'>
< /form>";
}
?>
< /body>
< /html>
Look carefully at the action attribute of the form tag. This is a path to the script that handles the request. The method attribute determines how the form data should be passed to the server. The GET method puts the information into the URL.
Adapt this script to display two pieces of information, both entered by the user, in the resulting web page.
Using A POST Request
The GET request can make URLs quite long if you want to pass quite a bit of information. The POST method buries the data in the body of the request message. It does not appear in the URL and no information is visible to the user. Apart from the security issues involved, it is also a more user-friendly way of presenting the page to the user.
The following script should be copied to a new file in your text editor and saved with the name post.php. This script performs the same task as the previous example except that the POST method is used. The user data is passed to the server in the body of the message. The result is the same.
<html>
< head>
< title>PHP Test</title>
< /head>
< body>
< ?php
if (isset($_POST['name']))
{
$thename= $_POST['name'];
echo "<h1>Hello ".$thename."</h1>";
}
else
{
echo "<form action='post.php' method='POST'>
Enter your name: <input type='text' name='name' size='50'><br>
< input type='reset' value='Clear'> <input type='submit' value='Submit'>
< /form>";
}
?>
< /body>
< /html>
MySQL Example
When you combine a script with an online DBMS you get quite a powerful set of technologies. Go to the SQL section of the site and create the seeds database, seeds table and import the sample data (SQL Section).
In order to extract information from the database, we need to do a little more than we had to do for the simple GET and POST requests.
The first step is to make a connection to the database, then pass a query to the DBMS. The results, if there are any, can be used in the web page response. Then the connection is closed. Notice that the connection statement requires a host, user and password. If you didn't set a password, then you should leave these statements as they are shown - otherwise replace them with your username and password.
The following script produces an HTML table of the contents of the tblseeds table in the database, seeds.
<?php
$h = "localhost";
$u = "root";
$p = "";
$connection = mysql_connect($h,$u,$p);
if (!$connection)
{
die("Could not connect to the database");
}
mysql_select_db("seeds");
$query = "SELECT * FROM tblseeds";
$result = mysql_query($query);
echo "<table>
< tr>
< th>Name</th><th>Type</th><th>Seed</th><th>Price</th>
< /tr>";
while ($row = mysql_fetch_array($result))
{
extract($row);
echo "<tr><td>".$name."</td><td>".$type."</td><td>".$seed."</td><td>".$price."</td> </tr>";
}
echo "</tr>\n</table>";
mysql_close($connection);
?>
The die() statement is a lovely addition in PHP - you don't need it but it feels good. Normally passwords would be placed in files outside of the WWW directory on a web server and permissions for that file restricted so that it can only be accessed by a script on the local machine and not from another source. This used a select query and results were returned.
Try Some More
PHP is quite flexible and easy to use. It has a modular structure and, using the manual, you can easily find functions grouped by purpose. Have a look online to see what kinds of projects are suited to PHP. Then dive in, use the manual when you get stuck and you can't go too wrong.
Server Side Scripting - Online Lesson
6.3 Server-side scripting (AQA).pptx
Internet Security
Security Issues
In the early days of home computing, the main risk to security was from viruses transferred from machine to machine on floppy disks. Viruses are programs attached to files. When the files are executed or opened, the virus program executes. During execution, the virus attaches itself to other files and documents. Some viruses, like logic bombs, do their damage when a specific date or set of circumstances occurs. Some viruses render the machine inoperable by using its resources, some destroy data.
The growth of the Internet and the development of higher speed connections have made the Internet the main source of viruses. Viruses can be attached to files or email messages that are downloaded. Once downloaded, some viruses use the address book of the computer's email client to replicate itself to more computers.
Spam is unwanted, unsollicited email. The economics of spam are biased towards the sender. Only a very small proportion of recipients need to reply for profit to be made. Tracing the source of spam is difficult. Spam is often sent by hacking a third party's SMTP server.
Worms are virus programs that self-replicate across networks. Whether or not the virus damages individual computers, the replication of the virus uses up network resources and increase network traffic considerably. Trojans are viruses which are hidden within programs that appear to be something else. Sometimes the trojan appears to be a file that the user would want to execute - when they do, the virus does its thing. Sometimes the trojan attaches itself to key operating system files or utilities to achieve the same effect.
Phishing is the term given to the technique of sending people requests for information that appear to be legitimate. For example, an email that appears to be from your bank requests that you confirm or enter some of your personal details.The aim of phishing is to persuade people to hand over key personal details like bank accounts and PINs. A phishing web site uses the appearance and name of a legitimate web site, extracting personal details by using key loggers or screen capture programs. Pharming is the technique of changing DNS entries to ensure that a web address takes a user to a phishing site rather than the site that they intended to visit.
The overwhelming majority of infected computers taken for repair are found to have visited sites with adult content or to have used file sharing sites.
Virus Detection Software
Antivirus software detects viruses by comparing files against a dictionary or database of known viruses. When infected files are found, the user normally has the option to have the software remove the virus from the file, delete the file or, quarantine the file - place it in a secure location so that it cannot infect other files.
If virus definitions are not kept up-to-date, the risk of infection from new viruses increases. Most virus software can be updated daily using the WWW.
These days the term malware is used to reflect the complex nature of security threats. Antivirus software is often bundled with a range of additional tools including firewalls, virtual keyboards and tools for fixing operating system 'holes'. Such software is increasingly being designed to detect suspicious behaviour and warn the user. This potentially can avoid infection by a virus which is, as yet, undiscovered and not defined. For example, the software may notice that a program is attempting to send information across the Internet and warn the user. The user can then consider whether this action is expected from the software and configure rules to allow it to run or avoid the threat altogether.
Firewall
A firewall is a hardware device or software program that controls traffic between the Internet and a private network or PC. Firewalls can be customised to allow certain types of traffic through, but not others. IP addresses, domain names and port numbers are used to specify what traffic can and can't enter the network. Firewall programs can also be used to examine traffic leaving the network, detecting attempts by viruses to exploit network resources and connectivity to replicate themselves or send information to the originator of the virus.
Packet filtering is one of the techniques used in firewalls. The firewall examines each packet and checks it against a set of filtering rules. The result is that some packets are allowed to pass, those that do not conform to the rules are blocked.
A proxy server is another approach to firewall implementation. When such a server is used, all traffic between the network and the Internet is managed by the proxy server. The proxy server is configured with filtering rules.
Encryption
The purpose of encryption is to take a plain text message, convert it into cipher text using an encryption algorithm. This prevents the message, should it be intercepted, from being understood by the person intercepting it. The recipient decrypts the message to return it to a readable form.
The science of cipher systems is known as cryptography. Attempting to break the code behind a cipher is called cryptoanalysis.
Symmetric Key Encryption
Imagine a cipher where each letter is substituted by the one after it. The encryption algorithm is simple - each letter is substituted for another. The key to this cipher is 1+, meaning that the letters are substituted with the letter to the right. A different key could be used with the same algorithm.
In order to communicate successfully, both sender and recipient need to know both the algorithm and the key to the cipher. The fact that the same key is used to encrypt and decrypt the cipher makes this a symmetric form of encryption.
The danger with this is that the key must be communicated to the recipient, often within the message itself. This makes the cipher less secure.
Asymmetric Key Encryption
In this system, both parties each have two keys, a public key and a private key. The uses of these keys are as follows,
- A encrypts a message using A's private key. The message can be read by anyone using A's public key.
- A encrypts a message using A's public key. The message can only be read by A, using A's private key.
- A encrypts a message using B's public key. The message can only be read by B, using B's private key.
Digital Signatures & Certificates
Public and private keys are used to digitally sign messages to ensure that they have not been tampered with and indeed comes from the source it claims to. A hash or message digest is produced from the message using a standard algorithm. This digest is encrypted with the originator's private key. The recipient uses the sender's public key to decrypt the message digest. They reproduce the message digest from the message received and compare that with the decrypted message digest that they received. A match ensures that the message has not been tampered with en route.
Basic Computer Security
Authentication is the main tool in computer security. User names, passwords and biometric information can be used to confirm that the computer system is being used by a legitimate user. Authorisation is concerned with users having pre-established permission to use certain resources - often set up by a network administrator. Accounting is the keeping of logs of activity. This helps to detect the source of infection and the compromised parts of the system. Internet access in the school is recorded in an activity log. Each request for a file from the Internet results in a log entry of the time and date, user name, IP address of the machine used and the name of the requested resource.
Internet Security - Online Lesson
Internet Security - June 12.pdf
6.4 Internet Security (AQA).ppt