Networking for dummies

Networking for Dummies

Or at least, networking for people that don’t understand a great deal about networks, to the extent of what is a network, what is a firewall, what is a vpn, where am I, what am I doing here and other such questions which are fairly mundane.

Introduction

The first question involved in any protracted discussion of a topic is how to present the concepts involved within in such a way as that they might be understood by people who are not already aware of the ins and outs of the problem, this is a common flaw with many discussions of a technical nature, documentation often serving more as an aide memoire to the developer or author than as a serious attempt at conveying knowledge.

For the purpose of this discussion we are going to deal with pretty much all of the concepts of networking via a humble medieval fellow called “Harold”, All other aspects will be shown to relate to Harold, his family, household and medieval world, it also allows for us to sit around and contemplate a simpler time, a time before keyboards and office jobs.

Simple Networking

Harold currently owns a farmstead, so he’s quite possibly a Knight of some description. Most people own farmsteads and these are generally connected via a variety of means to other farmsteads. They can be reached from another farmstead via one of two methods, walking happily overland (which is essentially along a local network or switch) or they can traverse the big wide oceans that are the Internet.

Basic Protections

Harold, being a rather cautious fellow, as well he might be in these perillous times has decided to protect himself from the outside world. Granted that the “Internet” is already patrolled by the local authorities, (his ISP) but he doesn’t particually trust his neighbours. So, he builds a nice large wall around his farmstead. This is a Firewall. It keeps people out, it also potentially keeps people in, but in it’s current state you can just jump over the wall if you live with Harold.

Now, This is all fine and dandy, but not being a gibbering idiot Harold has taken the sensible precaution of fitting a door to his wall. This “Door” is actually an overly complicated affair which resembles a waterside dock than it does a traditional “door”, and so it might be best to assume that Harold’s property overlooks a small lake and that he’s chosen to open the docks to the outside world. This lake is in turn connected via a canal to the Ocean, this is the ISP’s connection to the internet. This may be monitored in some way, or not…

This dock has a particular address (harolds house) and has a number of docking points along it, these are in terms of networking synonymous with an “IP address”, and a “port”. To deliver anything to Harold, you would need to travel to a particular “port” at his address. Note that these ports can be temporarily (or deliberately) out of service, presumably by putting a bag over the top of the pole you need to tie yourself onto.

Outbound traffic is unrestricted at the moment, that is that Harold (or anyone within his household) can merrily wander down to the docks, choose a boat and launch it from a particular port. Their return journey is accepted because they were seen to leave.

Hardware or Software Firewalls

There is a lot of discussion in the world about the nature of a “hardware” or a “software” firewall, which is quite ironic when you consider that any and every firewall is both. In the case of Harold, his wall is neither brick, nor is it mortar exclusively. This discussion is actually about the placement of the software that produces the “wall” within the system.

This is best described as being one of two things.

  • A dedicated piece of hardware which provides firewalling capabilities as a “black box”
  • A piece of software that runs on a computer and provides firewalling locally to the one machine.

Sadly the arguments as to how these work are very complicated, however the dockyard that Harold runs is basically the “TCP/IP” stack, that is the bit of software that controls how the computer communicates with the outside world. In a hardware firewall the wall sits immediately up the road from the docks, the farmstead itself is connected to the docks only by going through the wall. In a software firewall, since the docks are now part of the farmstead the “wall” is erected around the farmstead itself. A minor distinction perhaps, however should a barbarian or similar overrun the docks entirely they would then be able to run around the land outside the wall, raping, pillaging, stealing cattle and the things that barbarians are want to do.

Network Address Translation (NAT)

So far Harold has set up his little dockyard, and has built his wall, he’s even go so far as to start to decorate the inside with an array of pleasing tapestries. He’s also just built a little granny flat to accomodate his mother in law.

currently the dockyard hasn’t got many ports open, and those that are are just delivered to a similarly numbered pidgeon hole at Harold’s house. Now however, he has two addresses within his farmstead… hmm, what to do.

Harold’s solution is ingenious, well, it isn’t… he hires a harbour master. The harbour master sits at the docks and when someone arrives (connects) at a particular “port” he asks them for the address and port they were trying to get to, “Flat 25 Harold’s House”, the harbour master then recognises that anyone arriving for Flat 25 actually means the granny flat, and therefor writes the “new” address on the top of the sailors map, and lets him past the firewall.

This is “Network Address Translation”, and provides the simplest form of network security. That is “Security by Obscurity”, there has been little validation of the sailor at this point, only that he arrived at a known port at a known address. He could still be harbouring any number of nasties, drugs, rock and roll, syphilys, the plague, a large wooden horse with adequate room for a complete army and toilet facilities, the harbour master being a bit daft, doesn’t check any of these things.

Aliasing

Harold, being an enterprising sort has now decided that he wants to branch out a little, and has set up his own buisness (Harold’s dairies) where he will sell the wares of his farm (with the unmutilated cattle, thanks to his firewall). Now, he doesn’t want to do this via the Address “Harold’s House”, since, well, he’d rather keep that private.

He therefore sets up a “PO Box” address on the lake, and instructs his harbour master to redirect traffic accordingly. This doesn’t even have to be using the same set of rules for Harold’s house, so that’s nice.

DeMilitarized Zones (DMZ)

As has already been explained, Harold is a cautious fellow, and he’s not entirely keen on people rampaging around his farmstead merely because they are visiting the farm shop. Hence he builds another wall inside his farmstead, and updates the harbour master with this information. Ergo, people going to his house may do so, people going to the shop are likewise free to do as they wish, however, people who pretend to go to the shop and are intending on looking around the farm will find themselves on the buisness end of an impressive array of brickwork.

Egress Control

Harold has had enough, his son keeps taking one of the boats out and playing chicken with some of the other lads from around the lake, he’s also been known to wander out to foreign docks on the internet and contracting who knows what (he drank the water, silly lad).

So, Harold instructs the harbour master that anyone coming from his sons house is only allowed to go to various places and ports at those addresses. This is egress management.

Intrusion Detection

As said before, the harbour master is a bit of a daft sort, but he’s at least cheap. Whilst he provides a moderate amount of security, and he’s certainly burly enough to dissuade anyone who tries to get past him, anyone who knows where they are going is free to pass where they want.

Harold then installs a CCTV system in the harbour masters office. Where a medieval knight gets a CCTV system from is perhaps a better question, but we shall just assume that CCTV stands for “Cute Cousin Taking notes Vigourously” and we should get away with it.

The Cousin (who actually looks a bit like a pig) will take notes about everyone that wanders through the office and study them for anything that looks suspicious, such as the afformentioned equine sculpture. When she sees something that doesn’t look quite right she notes it in her journal so that should anything untoward occur they know where the likely suspects came from, and were going.

Intrusion Prevention

The Cousin has, sadly, or perhaps glady, found the local truffle collection and is therefore the size of an olympic shot putter, she can therefor start to offer a level of security to the harbour masters office. Rather than meekly taking notes about what’s going on, she now stands in the doorway (blocking most of it) and gives any travellers the once over before either letting them past, or telling them to sling their respective hooks.

Virtual Private Networks

Harold’s buisness is doing well, so well infact that he has to hire an accountant. Now, being a farming chap Harold doesn’t have an accountant living with him, and quite often takes comfort in the knowledge that the nearest one is actually several hundred miles away down the coast.

However, this presents a problem. How do you actually get letters to and from the accountant ?

Well, there is an obvious solution, which is just to put them on a boat and let them make their own way there, but this is fraught with danger. The letters could be intercepted, modified, spied upon, used by his competitors and who knows what else.

So, what to do¬†? There are two real solutions which present themselves, the first is to build a huge canal directly from Harold to his accountant, over the mountains etc. This would be a direct line (or leased line) and would be immune to pirates on the Internet doing things that Harold would rather they didn’t do with his trade secrets. This however is a logistical nightmare, and financially out of Harold’s league.

So, Harold invests in a pair of decoder rings he found in a packet of cornflakes, these are some form of preshared information, either a preshared key, or complicated certificate based scheme, either way they allow Harold to encode his message in a way that makes it undecipherable to anyone without that information. This message is then sent in it’s encoded form (he wrote it in welsh) to the accountant who then translates it back to it’s original form. Thus all communication can be done via the Internet, without fear of the messages being intercepted, as they wouldn’t make sense.

Leave a Reply

Your email address will not be published. Required fields are marked *

*