-


A primary function of computer security risk management is the identification of appropriate controls. In designing (or reviewing) the security of a system, it may
be obvious that some controls should be added (e.g., because they are required by law or because they are clearly costeffective). It may also be just as obvious that other controls may be too expensive (considering both monetary and nonmonetary factors). For example, it may be immediately apparent to a manager that closing and locking the door to a particular room that contains local area network equipment is a needed control, while posting a guard at the door would be too expensive and not user-friendly. In every assessment of risk, there will be many areas for which it will not be obvious what kind of controls are appropriate. Even considering only monetary issues, such as whether a control would cost more than the loss it is supposed to prevent, the selection of controls is not simple. However, in selecting appropriate controls, managers need to consider many factors, including: organizational policy, legislation, and regulation; safety, reliability, and quality requirements; system performance requirements; timeliness, accuracy, and completeness requirements; the life cycle costs of security measures; technical requirements; and cultural constraints. One method of selecting safeguards uses a "what if" analysis. With this method, the effect of adding various safeguards (and, therefore, reducing vulnerabilities) is tested to see what difference each makes with regard to cost, effectiveness, and other relevant factors, such as those listed above. Trade-offs among the factors can be seen. The analysis of trade-offs also supports the acceptance of residual risk, discussed below. This method typically involves multiple iterations of the risk analysis to see how the proposed changes affect the risk analysis result.Another method is to categorize types of safeguards and recommend implementing them for various levels of risk. For example, stronger controls would be implemented on high-risk systems than on low-risk systems. This method normally does not require multiple iterations of the risk analysis.
As with other aspects of risk management, screening can be used to concentrate on the highestrisk areas. For example once could focus on risks with very severe consequences, such as a very high dollar loss or loss of life or on the threats that are most likely to occur.

The following briefly describes the seven layers of the OSI model:
------------------------------------------------------------------


1. Physical layer :
============
The physical layer provides the interface with physical media. The interface itself is a mechanical connection from the device to the physical medium used to transmit the digital bit stream. The mechanical specifications do not specify the electrical characteristics of the interface, which will depend on the medium being used and the type of interface. This layer is responsible for converting the digital data into a bit stream for transmission over the network. The physical layer includes the method of connection used between the network cable and the network adapter, as well as the basic communication stream of data bits over the network cable. The physical layer is responsible for the conversion of the digital data into a bit stream for transmission when using a device such as a modem, and even light, as in fibre optics. For example, when using a modem, digital signals are converted into analogue audible tones which are then transmitted at varying frequencies over the telephone line. The OSI model does not specify the medium, only the operative functionality for a standardised communication protocol. The transmission media layer specifies the physical medium used in constructing the network, including size, thickness and other characteristics.


2. Data link layer :
=============
The data link layer represents the basic communication link that exists between computers and is responsible for sending frames or packets of data without errors. The software in this layer manages transmissions, error acknowledgement and recovery. The transceivers are mapped data units to data units to provide physical error detection and notification and link activation/deactivation of a logical communication connection. Error control refers to mechanisms to detect and correct errors that occur in the transmission of data frames. Therefore, this layer includes error correction, so when a packet of data is received incorrectly, the data link layer makes system send the data again. The data link layer is also defined in the IEEE 802.2 logical link control specifications. Data link control protocols are designed to satisfy a wide variety of data link requirements :

– High-level Data Link Control (HDLC) developed by the International Organisation for Standardisation (ISO 3309, ISO 4335);
– Advanced Data Communication Control Procedures (ADCCP) developed by the American National Standards Institute (ANSI X3.66);
– Link Access Procedure, Balanced (LAP-B) adopted by the CCITT as part of its X.25 packet-switched network standard;
– Synchronous Data Link Control (SDLC) is not a standard, but is in widespread use. There is practically no difference between HDLC and ADCCP. Both LAP-B and SDLC are subsets of HDLC, but they include several additional features.


3. Network layer :
=============
The network layer is responsible for data transmission across networks. This layer handles the routing of data between computers. Routing requires some complex and crucial techniques for a packet-switched network design. To accomplish the routing of packets sending from a source and delivering to a destination, a path or route through the network must be selected. This layer translates logical network addressing into physical addresses and manages issues such as frame fragmentation and traffic control. The network layer examines the destination address and determines the link to be used to reach that destination. It is the borderline between hardware and software. At this layer, protocol mechanisms activate data routing by providing network address resolution, flow control in terms of segmentation and blocking and collision control (Ethernet). The network layer also provides service selection, connection resets and expedited data transfers. The Internet Protocol (IP) runs at this layer.
The IP was originally designed simply to interconnect as many sites as possible without undue burdens on the type of hardware and software at different sites. To address the shortcomings of the IP and to provide more a reliable service, the Transmission Control Protocol (TCP) is stacked on top of the IP to provide end-to-end service. This combination is known as TCP/IP and is used by most Internet sites today to provide a reliable service.


4. Transport layer :
==============
The transport layer is responsible for ensuring that messages are delivered error-free and in the correct sequence. This layer splits messages into smaller segments if necessary and provides network traffic control of messages. Traffic control is a technique for ensuring that a source does not overwhelm a destination with data. When data is received, a certain amount of processing must take place before the buffer is clear and ready to receive more data. In the absence of flow control, the receiver’s buffer may overflow while it is processing old data. The transport layer,
therefore, controls data transfer and transmission. This software is called Transmission
Control Protocol (TCP), common on most Ethernet networks, or System Packet Exchange (SPE), a corresponding Novell specification for data exchange. Today most Internet sites use the TCP/IP protocol along with ICMP to provide a reliable service.


5. Session layer :
============
The session layer controls the network connections between the computers in the network. The session layer recognises nodes on the LAN and sets up tables of source and destination addresses. It establishes a handshake for each session between different nodes. Technically, this layer is responsible for session connection (i.e. for creating, terminating and maintaining network sessions), exception reporting, coordination of send/receive modes and data exchange.
6. Presentation layer. The presentation layer is responsible for the data format, which includes the task of hashing the data to reduce the number of bits (hash code) that will be transferred. This layer transfers information from the application software to the network session layer to the operating system. The interface at this layer performs data transformations, data compression, data encryption, data formatting, syntax selection (i.e. ASCII, EBCDIC or other numeric or graphic formats), and device selection and control. It actually translates data from the application layer into the format used when transmitting across the network. On the receiving end, this layer translates the data back into a format that the application layer can understand.


7. Application layer :
==============
The application layer is the highest layer defined in the OSI model and is responsible for providing user-layer applications and network management functions. This layer supports identification of communicating partners, establishes authority to communicate, transfers information and applies privacy mechanisms and cost allocations. It is usually a complex layer with a client/server, a distributed database, data replication and synchronisation. The application layer supports file services, print services, remote login and e-mail. The application layer is the network system software that supports user-layer applications, such as word or data processing, CAD/CAM, document storage and retrieval and image scanning.


This is all about the information and description of all the Layers of OSI-Model. How they are working and all that.
----------------------------------------------------------------------------------------

A protocol is a set of rules governing the way data will be transmitted and received over data communication networks. Protocols are then the rules that determine everything about the way a network operates. Protocols must provide reliable, error-free communication of user data as well as a network management function. Therefore, protocols govern how applications access the network, the way that data from an application is divided into packets for transmission through cable, and which electrical signals represent data on a network cable.

The OSI model, defined by a seven-layer architecture, is partitioned into a vertical set of layers, as illustrated in Figure 1.2. The OSI model is based on open systems and peer-to-peer communications. Each layer performs a related subset of the functions required to communicate with another system. Each system contains seven layers. If a user or application entity A wishes to send a message to another user or application entity B, it invokes the application layer (layer7). Layer 7 (corresponding to application A) establishes a peer relationship with layer 7 of the target machine (application B), using a layer 7 protocol. In an effort to standardise a way of looking at network protocols, the TCP/IP four-layer model is created with reference to the seven-layer OSI model, as shown in Figure 1.3. The protocol suite is designed in distinct layers to make it easier to substitute one protocol for another. The protocol suite governs how data is exchanged above and below each protocol layer. When protocols are desiged, specifications se out how a protocol exchanges data with a protocol layered above it.

Both the OSI model and the TCP/IP layered model are based on many similarities, but there are philosophical and practical differences between the two models. However, they both deal with communications among heterogeneous computers.

Since TCP was developed before the OSI model, the layers in the TCP/IP protocol model do not exactly match those in the OSI model. The important fact is the hierarchical ordering of protocols. The TCP/IP model is made up of four layers : application layer, transport layer, Internet layer and network access layer. These will be discussed in the next post.

The Ethernet, originally called the Alto Aloha network, was designed by the Xerox Palo Alto Reasearch Center in 1973 to provide communication for reasearch and development CP/M computers. When in 1976 Xerox started to develop the Ethernet as a 20Mbps product, the network prototype was called the Xerox Wire. In 1980, when the Digital, Intel and Xerox standard was published to make it a LAN standard at Mbps, Xerox Wire changed its name back to Ethernet. Ehternet become a commercial product in 1980 at 10 Mbps. The IEEE called its Ethernet 802.3 standard CSMA/CD (or carrier sense multiple access with collision detection). As the 802.3 standard evolved, it has acquired such name as Thicknet (IEEE 10Base-5), Thinnet or Cheapernet (10Base-2), Twisted Ethernet (10Base-T) and Fast Ethernet (100Base-T).

The design of Ehternet preceded the developement of the seven- layer OSI model. The Open System Interconnect (OSI) model was developed and published in 1982 by the Inernational Organisation for Standardisation (OSI) as generic model for data communication. The OSI model is useful because it is a broadly based document, widely available and often referenced. Since modularity of communication functions is a key design criterion in the OSI model, vendors who adhere to the standards and guidelines of this model can supply Ethernet-compatible devices, alternative Ethernet channels, higher-performance Ethernet networks and bridging protocols that easily and reliably connect other types of data network to Ethernet.

Since the OSI model was developed after Ethernet and Signaling System #7 (ss7), there are obviously some discrepancies between these three protocols. Yet the functions and processes outlined in the OSI model were already in practice when Ehternet or SS7 was developed. In fact, SS7 networks use point-to-point configurations between signalling points. Due to the point-to-point configurations and the nature of the transmissions, the simple data link layer does not require much complexity.

The OSI reference model specifies the seven layers of functionality. It defines the seven layers from the physical layer (which includes the network adapters), up to the application layer, where application programs can access network services. However, the OSI model does not define the protocols that implement the functions at each layer. The OSI model is still important for compatibility, protocol independence and the future growth of network technology. Implementations of the OSI model stipulate communication between layers on two processors and an interface for interlayer communication on one processor. Physical communication occures only at layer 1. All other layers communicate downward (or upward) to lower (or higher) levels in steps through protocol stacks.

1.4.1 Network Access Layer :
=====================
The network access layer contains protocols that provide access to a communication network. At this layer, systems are interfaced to a variety of networks. One function of this layer is to route data between hosts attached to the same network. The services to be provided are flow control and error control between hosts. The network access layer is invoked either by the Internet layer or the application layer. This layer provides the device drivers that support interactions with communications hardware such as the token ring or Ethernet. The IEEE token ring, referred to as the Newhall ring, is probably the oldest ring control technique and has become the most popular ring access technique in the USA. The Fiber Distributed Data Interface (FDDI) is a standard for a high-speed ring LAN. Like the IEEE 802 standard, FDDI employs the token ring algorithm.

2 Internet Layer :
=============
The Internet layer provides a routing function. Therefore, this layer consists of the procedures required within hosts and gateways to allow data to traverse multiple networks. A gateway onnecting two networks relays data between networks using an internetwork protocol. This layer consists of the Internet Protocol (IP) and the Internet Control Message Protocol (ICMP).

3 Transport Layer :
==============
The transport layer delivers data between two processes on different host computers. A protocol entity at this level provides a logical connection between higher-level entities. Possible services include error and flow controls and the ability to deal with control signals not associated with a logical data connection. This layer contains the Transmission Control Protocol (TCP) and the User Datagram Protocol (UDP).
4 Application Layer :
===============
This layer contains protocols for resource sharing and remote access. The application layer actually represents the higher-level protocols that are used to provide a direct interface with users or applications. Some of the important application protocols are File Transfer Protocol (FTP) for file transfers, HyperText Transfer Protocol (HTTP) for the World Wide Web, and Simple Network Management Protocol (SNMP) for controlling network devices. The Domain Naming Service (DNS) is also useful because it is responsible for converting numeric IP addresses into names that can be more easily remembered by users. Many other protocols dealing with the finer details of applications are included in this application layer. These include Simple Mail Transport Protocol (SMTP), Post Office Protocol (POP), Internet Mail Access Protocol (IMAP), Internet Control Message Protocol (ICMP) for email, Privacy Enhanced Mail (PEM), Pretty Good Privacy (PGP) and Secure Multimedia Internet Mail Extensions (S/MIME) for e-mail security.

Here its all about the working of each layer of TCP/IP model.
How it passes the information to each other.

Gateways operate over the entire range in all seven layers of the OSI model. Internet routing devices have traditionaly been called gateways. A gateway is a protocol converter which connects two or more heterogeneous systems and translates among them. The gateway thus refers to a device that performs protocol and convert it to a packet formatted for another protocol before forwarding it. The gateway understands the protocol used by each network linked into the router and is therefore able to translate from one to another.



Example :
=======

1 person from usa calling his/her friend in the uk, both the person uses different phone operator service. So both working on the different protocol. When usa person speaks, the signal will be transmitted to the uk. uk phone operator service dont know the protocol formatting and all that.
At the mean time, both need gatway between them. So gatway converts the signals in each others formate. And two person can talk.

Routers operate in the physical, data link and network layers of the OSI model. The Internet is a combination of networks connected by routers. When a datagram goes from a source to a destination, it will probably pass thougth many routers untill it reaches the router atteched to the destination network. Routers determine the path a packet should take. Routers relay packets among multiple inter connected networks. In particular, an IP router forwards IP datagrams amont the networks to which it connects. A router uses the destination address on a datagram to choose a next-hop to which it forwards the datagram. A packet sent from a station on one network to a station on a neighbouring network goes easiest way to build the Internet is to connect two or more networks with a router. Routers provide connections to many different types of physical networks: Ethernet, token ring, point-to-point links, FDDI and so on.

Example :
=======

• The routing module receives an IP packet from the processing module. If the packet is to be forwarede, it should be passed to the routing module. It finds the IP address be sent. It then sends the packet with information to the fragmentation module. The fragmentation module consults the MTU table to find the maximum transfer unit (MTU) for the specific interface number.
• The routing table is used by the routing module to determine the next-hop address of network. The every router keeps a routing table that has one entry for each destination network. The every consists of the destination network IP address, the shortest distance to reach the destination in hop count, and the next router (next hop) to which the packet should be deliverd to reach its final destination. The hop count is the number of networks a packet enters to reach its final desination. A router should have a routing table to consult when a packet is ready to be forwarded. The routing table should specify the optimum path for the packet. The table can be either static or dynamic. A static table is one that is not changed frequently, but a dynamic table is one that is updated automatically when there is a change somewhere in the Internet. Today, the internet needs dynamic routing tables.
• A metric is a cost assigned for passing through a network. The total metric of a particular router is equal to the sum of the metrics of networks that comprise the route. A router chooses the route with the shortest (smallest value) metric. The metric assigned to each network depends on the type of protocol. The Routing Information Protocol (RIP) treats each network as one hop count. So if a packet passes through 10 networks to reach the destination, the total cost is 10 hop counts. The Open Shortest Path First Protocol (OSPF) allows the administrator to assign a cost for passing through a network based on the type of service required. A route through a network can have different metrics (costs). OSPF allows each router to have several routing tables based on the required type of service. The Border Gateway Protocol (BGP) defines the metric totally differently. The policy criterion in BGP is set by the administrator. The policy defines the paths that should be chosen.
  

Bridges operate in both the physical and the data link layers of the OSI model. A single bridge connects different types of networks together and promotes interconnectivity between networks together and promotes interconnectivily between networks. Bridges divide a large network into smaller segments. Unlike repeaters, bridges contain logic that allows them to keep separate the traffic for each segment. Bridges are smart enough to relay a frame towards the intended recipient so that traffic can be filtered. In fact, this filtering operation makes bridges useful for controlling congestion, isolating problem links and promoting security through this partitioning of traffic.

A bridge can access the physical addresses of all stations connected to it. When a frame enters a bridge, the bridge not only regenrates the signal but also checks the address belongs. When a bridge ecounters a packet, it reads the address contained in the frame and compares that address with a table of all the stations on both segments. When it finds a match, it discovers to which segment the station belongs and relays the packet to that segment only.


Example :
========

When you want to connect the two or more MAN ( metropolytent Area Network), you need bridge. Bridge has decision making logic programs and circuit. It also regenerates the signals and make them strong as the repeater do.

A Repeaters is an electronic device that operates on the physical layer only of the OSI model. A repeater boosts the transmission signal from one segment and continues the signal to another segment. Thus, a repeater allows us to extend the physical length of a network. Signals that carry information can travel a limited distance within a network before degradation of the data integrity due to noise. A repeater receives the signal before attenuation, regenerates the original bit pattern and puts the restored copy back on to the link.

Repeater regenerates the weak signals and make them strong enough so that they can travel its path and reaches to the destination computer or hardware device. Repeater can not make decision, about where to send signals or data. Its work is make weak signals strong.

For example.
==========

If your cable length is 17 meter between two device. Now your signal strength is only 10 meter. If you want to transmit data between two device without repeater, the signal may become week and receiver will get wrong data. So you need to do is that use the Repeater beteen them.
You can use repeater at 10 meter and 7 meter from both the device. But my point of view you use the repeater at the 8.5 meter from the both device. That will give better perfomance.

A switched network consists of a series of interlinked switches. Switches are hardware/software devices capable of creating temporary connections between two or more devices to the switch but not to each other. Switching mechanisms are generally classified into three methods: circuit switching , packet switching and message switching.





1. Circuit Switching.
==============
It creates a direct physical connection between two devices such as telephones or computers. Once a connection is made between two systems, circuit switching creates a dedicated path between two end users. The end users can use the path for as long as they want.


2. Packet Switching.
===============
It is one way to provide a reasonable solution for data transmission. In a packet-switched network, data are transmitted in discrete units of variable-length blocks called packets. Each packet contains not only data, but also a header with control information. The packets are sent over the network node to node. At each node, the packet is stored briefly before being routed according to the information in its header.
In datagram approach to packet switching, each packet is treated independently of all others as though it exists alone. In the virtual circuit approach to packet switching, if a single route is chosen between sender and receiver at the beginning of the session, all packets travel one after another along that route. Although these two approaches seem the same, there exists a fundamental difference between them. In circuit switching, the path between the two end users consists of only one channel. In the virtual circuit, the line is not dedicated to two users. The line is divided into channels and each channel can use one of the channels in a link.


3. Message Switching.
================
It is known as the store and forwarding method. In this approach, a computer (or a node) receives a message, stores it until the appropriate route is free, then sends it out. This method has now been phased out.

------------------------


To create an IP datagram, a host or a router needs to know its own IP address, which is independent of the physical address. The RARP is designed to resolve the address mapping of a machine in which its physical address is known, but its logical (IP) address is unknown. The machine can get its physical address, which is unique locally. It can then use the physical address to get the logical IP address using the RARP protocol. In reality, RARP is a protocol of dynamic mapping in which a given physical address is associated with a logical IP address. To get the IP address, a RARP request is broadcast to all systems on the network. Every host or router on the physical network will receive the RARP request packet, but the RARP server will only answer it as shown in Figure 2.6(b). The server sends a RARP reply packet including the IP address of the requestor.

---------------------


IP (logical) addresses are assigned independently from physical (hardware) addresses. The logical address is called a 32-bit IP address, and the physical address is a 48-bit MAC address in Ethernet and token ring protocols. The delivery of a packet to a host or a router requires two levels of addressing, such as logical (IP) address and physical (MAC) addresses. When a host or a router has an IP datagram forwarding to another host or router, it must know the logical IP address of the receiver. Since the IP datagram is encapsulated in a form to be passed through the physical network (such as a LAN), the sender needs the physical MAC address of the receiver. Mapping of an IP address to a physical address can be done by either static or dynamic
mapping. Static mapping means creating a table that associates an IP address with a physical address. But static mapping has some limitations because table lookups are inefficient. As a consequence, static mapping creates a huge overhead on the network. Dynamic mapping can employ a protocol to find the other. Two protocols (ARP and RARP) have been designed to perform dynamic mapping. When a host needs to find the physical address of another host or router on its network, it sends an ARP query packet. The intended recipient recognises its IP address and sends back an ARP response which contains the recipient IP and physical addresses. An ARP request is broadcast to all devices on the network, while an ARP reply is unicast to the host requesting the mapping.


This all about the ARP - Address Resolution Protocol. How its formulation and all. Enjoy..........

------------------


In a connectionless packet delivery system, the basic unit of transfer is the IP datagram. The routing problem is characterised by describing how routers forward IP datagrams and deliver them to their destinations. In a packet switching system, ‘routing’ refers to the process of choosing a path over which to send packets. Unlike routing within a single network, the IP routing must choose the appropriate algorithm for how to send a datagram across multiple physical networks. In fact, routing over the Internet is generally difficult because many computers have multiple physical network connections. To understand IP routing, a TCP/IP architecture should be reviewed completely. The Internet is composed of multiple physical networks interconnected by routers. Each router has direct connections to two or more networks, while a host usually connects directly to one physical network. However, it is possible to have a multihomed host connected directly to multiple network. Packet delivery through a network can be managed at any layer in the OSI stack model. The physical layer is governed by the Media Access Control (MAC) address; the data link layer includes the Logical Link Control (LLC); and the network layer is where most routing takes place. Delivery The delivery of an IP packet to its final destination is accomplished by means of either direct or indirect delivery. Direct delivery occurs when the source and destination of the packet are located on the same physical network. The sender can easily determine whether the delivery is direct or not by extracting the network (IP) address of the destination packet and comparing this address with the addresses of the networks to which it is connected. If a match is found, the delivery is direct. In direct delivery, the sender uses the senders IP address to find the destination physical address. This mapping process can be done by Address Resolution Protocol (ARP). If the destination host is not on the same network as the source host, the packet will be delivered indirectly. In an indirect delivery, the packet goes from router to router through a number of networks until it reaches one that is connected to the same physical network as its final destination. Thus, the last delivery is always a direct delivery, which always occurs after zero or more indirect deliveries. In an indirect delivery, the sender uses the destination IP address and a routing table to find the IP address of the next router to which the packet should be delivered. The sender then uses the ARP to find the physical address of the next router.

This is all description about IP Routing. How it is working. Enjoy..............

-----------------------

Each IP address is made of two parts in such a way that the netid defines a network and the hostid identifies a host on that network. An IP address is usually written as four decimal integers separated by decimal points i.e. 239.247.135.93. If this IP address changes from decimal-point notation to binary form, it becomes 11101111 11110111 10000111 01011101. Thus, we see that each integer gives the value of one octet (byte) of the IP address. IP addresses are divided into five different classes: A, B, C, D and E. Classes A, B and C differ in the number of hosts allowed per network. Class D is used for multicasting and class E is reserved for future use. Table 2.3 shows the number of networks and hosts in five different IP address classes. Note that the binary numbers in brackets denote class prefixes.


The relationship between IP address classes and dotted decimal numbers is summarised in Table 2.4, which shows the range of values for each class. The use of leading bits as class prefixes means that the class of a computer’s network can be determined by the numerical value of its address. A number of IP addresses have specific meanings. The address 0.0.0.0 is reserved and 224.0.0.0 is left unused. Addresses in the range 10.0.0.0 through to 10.255.255.255 are available for use in private intranets. Addresses in the range 240.0.0.0 through to 255.255.255.255 are class E addresses and are reserved for future use when new protocols are eveloped. Address 255.255.255.255 is the broadcast address, used to reach all systems on a local link


This is the Addressing Schemes description. You please enjoy by taking this information.