TCP/IP For Dummies
As a network administrator, you know that TCP/IP is the glue that holds the Internet and the Web together. As well as being familiar with security terms and general definitions, you need to pay attention to RFCs (Requests for Comment) published by the Internet Engineering Task Force. You can comment on, learn from, and submit RFCs yourself.
Knowing your way around TCP/IP is key if you want to manage a network successfully. The definitions in the following list explain the basics, such as what an IP address is, and they also clarify the various nets you deal with — extranets, intranet, and subnetting — as well other key terms.
CIDR (Classless InterDomain Routing): A way to conserve on IP addresses. An IP addressing design that replaces the traditional Class A, B, C structure, CIDR allows one IP address to represent many IP addresses. A CIDR address looks like a regular IP address with a suffix on the end, such as 184.108.40.206/12. The suffix is an IP prefix.
extranet: A private/public hybrid network that uses TCP/IP to share part of an intranet with an outside organization. An extranet is the part of an intranet that outsiders can access over the Internet. Be sure to have good security practices if you have an extranet.
intranet: An organization’s private network. If your intranet is built on TCP/IP protocols, applications, and services, it’s also an Internet.
IP address: The 32-bit (IPv4) or 128-bit (IPv6) numeric address for a computer. You must have an IP address to be connected to the Internet. An IP address consists of two parts: the network piece and the host piece. An IPv4 example: 127.0.0.1; an IPv6 example: 0:0:0:0:0:0:0:1 (::1 for short).
loopback address: IP shorthand for you — actually, your computer. The loopback is a special IP address (127.0.0.1) that isn’t physically connected to any network hardware. You use it to test TCP/IP services and applications without worrying about hardware problems.
Network Address Translation (NAT): Helps the Internet not run out of IP addresses by translating an IP address (perhaps not unique) on one network to another IP address on a different network — usually, the Internet. IPv6 does away with the need for NAT address help, but NAT, unintentionally, also provides firewall security.
subnetting: Dividing one large Internet into smaller networks (subnets) in which they all share the same network portion of an IP address.
TCP/IP (Transmission Control Protocol/Internet Protocol): The guts and the rules of the Internet and World Wide Web. A set of protocols, services, and applications for linking computers of all kinds.
Virtual private network (VPN): A private network that runs over the public Internet. You can build a VPN at low cost by using the Internet (rather than your own system of private — and expensive — lines) with special security checks and a tunneling protocol. Companies are beginning to use a private virtual network for both extranets and wide-area intranets.
Voice over Internet Protocol (VoIP): Are you spending too much on phone calls? Get rid of your phone service. You can make phone calls from anywhere to anywhere that has a computer, free VoIP software, and a fast Internet connection. Even better, it’s free. You can call from Buenos Aires to Nairobi for free with VoIP. It doesn’t have to be computer to computer, either. You can also use VoIP to call a regular telephone number.
Are you acronym challenged? If you don’t know what a particular acronym means, visit WhatIs? where you can find thousands of definitions for Internet and security acronyms.
Internet Security Terms and Tips to Use with TCP/IP
You’re a network administrator, so you know that keeping your Web site secure is an ongoing challenge. You don’t have to know that TCP/IP stands for Transmission Control Protocol/Internet Protocol to use it effectively, but knowing the terms in the following list can make you better able to deal with security issues.
Advanced Encryption Standard: A secret key cipher used for encryption.
authentication: Proving you are who you say you are. The simplest form of authentication, an unencrypted username-and-password challenge (Who are you? James Bond. Okay, I believe you), often isn’t reliable enough for the Internet. On the Internet, where hackers and crackers can fake or steal more than your username and password, trust no one. Require authentication for users, computers, and IP addresses to be secure.
cipher: A means used to encrypt data. A cipher transforms plain text into scrambled cipher text. You can’t decipher the coded cipher text back into plain text without using some kind of key. For example, AES and DES are examples of secret key block ciphers. The complete encryption algorithm is the cipher plus the technique.
Computer Security Resource Center: A Web site that contains security publications, alerts, and news, including documents from the U.S. Department of Defense on security architecture and trusted systems. Located at the U.S. National Institute of Standards and Technology Computer Security Resource Clearinghouse.
digital certificate: A special, secure file that guarantees your online identity. A digital certificate contains security information, including your name and e-mail address, your encryption key, the name of the Certificate Authority, and the length of the certificate’s validity. (Who are you? James Bond. Can you prove your ID?). A digital certificate is a popular way to perform authentication on the Internet.
encryption: Scrambling your data by applying a secret code so that no one can read it without using a key.
IP Security (IPSec): A set of TCP/IP protocols that provide authentication and encryption services, but on a lower layer than TLS.
public key/private key: A key exchange encryption scheme that uses two keys to encrypt and decrypt data. Anyone can use a public key to encrypt data before it goes across the Internet. Only the receiver has the private key needed to read the data. Pretty Good Privacy (PGP) uses public key/private key encryption methods.
Transport Layer Security (TLS), Secure Socket Layer (SSL): TCP/IP protocols that guarantee privacy on a network by providing authentication and encryption. TLS and its nonstandard companion SSL ensure that your credit card information is safe when you bank or shop. TLS is newer and standard. SSL is still used more.
Notable Requests for Comments of Interest to TCP/IP Users
As a network administrator, you’re familiar with certain things — TCP/IP, security threats, and Requests for Comments, or RFCs. Published by the Internet Engineering Task Force, RFCs offer a chance for professionals to share information, present papers for review, and generally communicate amongst themselves. Some RFCs eventually get adopted as Internet standards.
The following list contains RFCs that are especially interesting and/or useful:
RFC 3271, The Internet is for Everyone, by V. Cerf
RFC 2664, FYI on Questions and Answers — Answers to Commonly Asked New Internet User Questions, by R. Plzak, A. Wells, E. Krol
RFC 2151, A Primer on Internet and TCP/IP Tools and Utilities, by G. Kessler, S. Shepard
RFC 2504, Users' Security Handbook, by E. Guttman, L. Leong, G. Malkin
RFC 1244, Site Security Handbook (still useful after many years), by J.P. Holbrook, J.K. Reynolds
RFC 5485, Digital Signatures on Internet-Draft Documents
For laughs, scan these April Fool’s Day RFCs:
RFC 3251, Electricity over IP, by B. Rajagopalan
RFC 1925, The Twelve Networking Truths, R. Callon, Editor
RFC 2100, The Naming of Hosts (love the poetry!), by J. Ashworth
RFC 2549, IP over Avian Carriers with Quality of Service, by D. Waitzman