The cyber threat is no longer limited to your office network and work persona. Adversaries realize that targets are typically more vulnerable when operating from their home network since there is less rigor associated with the
protection, monitoring, and maintenance of most home networks. Home users need to maintain a basic level of network defense and hygiene for both themselves and their family members when accessing the Internet.

Host-Based Recommendations

Windows Host OS

1. Migrate to a Modern OS and Hardware Platform
Both Windows 7 and Vista provide substantial security enhancements over earlier Windows workstation operating systems such as XP. Many of these security features are enabled by default and help prevent many common attack
vectors. In addition, implementing the 64-bit mode of the OS on a 64-bit hardware platform substantially increases the effort of an adversary to attain a system or root compromise. For any Windows-based OS, verify that Windows Update is configured to provide updates automatically.

2. Install a Comprehensive Host-Based Security Suite
A comprehensive host-based security suite provides support for anti-virus, anti-phishing, safe browsing, Host-based Intrusion Prevention System (HIPS), and firewall capabilities. These services work collaboratively to provide a layered defense against most common threats. Several security suites today provide access to a cloud-based reputation service for leveraging corporate knowledge and history of malware and domains. Remember to enable any
automated update service within the suite to keep signatures up-to-date.

3. Limit Use of the Administrator Account
The first account that is typically created when configuring a Windows host for the first time is the local administrator account. A nonprivileged “user” account should be created and used for the bulk of activities conducted on the host to include web browsing, email access, and document creation/editing. The privileged administrator account should only be used to install updates or software, and reconfigure the host as needed. Browsing the web or reading email as an administrator provides an effective means for an adversary to gain persistence on your host. Within Vista or Windows 7, administrative credentials can be easily accessed by right clicking on any application, selecting the “Run as Administrator” option, then providing the appropriate administrator password. Furthermore, all passwords associated with accounts on the host should be at least 10 characters long and be complex (include upper case, lower case, numbers, special characters).

4. Use a Web Browser with Sandboxing Capabilities
Several currently available third party web browsers now provide a sandboxing capability that can contain malware during execution thereby insulating the host operating system from exploitation. Most of these web browsers also provide a feature to auto-update or at least notify you when updates are available for download. Also, promising approaches that move the web browser into a virtual machine (VM) are starting to appear on the market but are not yet ready for mass consumer use.
5. Update to a PDF Reader with Sandboxing Capabilities
A sandbox provides protection from malicious code that may be contained in a PDF file. PDF files have become a popular technique for delivering malicious executables. Several commercial and open source PDF readers now provide sandboxing capabilities as well as block execution of embedded URLs (website links) by default.
6. Migrate to Microsoft Office 2007 or Later
If using Microsoft Office products for email, word processing, spreadsheets, presentations, or database applications, upgrade to Office 2007 or later and its XML format for storing documents. By default, the XML file formats do not execute embedded code when opened within Office 2007 or later products thereby protecting the user from malicious code delivered via Office documents. The Office 2010 suite also provides “Protected View” mode which opens documents in read-only mode thereby potentially minimizing the impact of a malicious file.
7. Keep Application Software Up-to-Date
Most home users do not have the time or patience to verify that all applications installed on their workstation are fully patched and upto- date. Since many applications do not have an automated update feature, attackers frequently
target these applications as a means to exploit a targeted host. Several products exist in the market which will quickly survey the software installed on your workstation and indicate which applications have reached end-of-life,
require a patch, or need updating. For some products, a link is conveniently provided in the report to download the latest update or patch.
8. Implement Full Disk Encryption (FDE) on Laptops
Windows 7 Ultimate as well as Vista Enterprise and Ultimate provide support for Bitlocker Full Disk Encryption (FDE) natively within the OS. For other versions of Windows, third party FDE products are available that will help prevent data disclosure in the event that a laptop is lost or stolen.
Apple Host OS
1. Maintain an Up-to-Date OS
Configure any Mac OS X system to automatically check for updates. When notified of an available update, provide privileged credentials in order to install the update. The Apple iPad should be kept up-to-date as well and requires a physical connection (e.g., USB) to a host running iTunes in order to receive its updates. A good practice is to connect the iPad to an iTunes host at least once a month or just prior to any travel where the iPad will be used.
2. Keep Third Party Application Software Up-to-Date
Periodically check key applications for updates. Several of these third party applications may have options to automatically check for updates. Legacy applications may require some research to determine their status.
3. Limit Use of the Privileged (Administrator Account)
The first account that is typically created when configuring a Mac host for the first time is the local administrator account. A non-privileged “user” account should be created and used for the bulk of activities conducted on the host
to include web browsing, email access, and document creation/editing. The privileged administrator account should only be used to install updates or software, and reconfigure the host as needed. Browsing the web or reading email as an administrator provides an effective means for an adversary to gain persistence on your host.
4. Enable Data Protection on the iPad
The data protection feature on the iPad enhances hardware encryption by protecting the hardware encryption keys with a pass code. The pass code can be enabled by selecting “Settings,” then “General”, and finally “Pass
code.” After the pass code is set, the “Data protection is enabled” icon should be visible at the bottom of the screen. For iPads that have been upgraded from iOS 3, follow the instructions at: http://support.apple.com/kb/HT4175.
5. Implement FileVault on Mac OS Laptops
In the event that a Mac laptop is lost or stolen, FileVault (available in Mac OS X, v10.3 and later) can be used to encrypt the contents of a user’s home directory to prevent data loss.
Network Recommendations
1. Home Network Design
The Internet Service Provider (ISP) may provide a cable modem with routing and wireless capabilities as part of the consumer contract. To maximize the home user’s administration control over the routing and wireless device, deploy a separate personally-owned routing device (a) that connects to the ISP provided router/cable modem. Figure 1 depicts a typical home network configuration that provides the home user with the network infrastructure to
support multiple systems as well as wireless networking and IP telephony services (b).

figure 1

2. Implement WPA2 on Wireless Network
The wireless network should be protected using Wi-Fi Protected Access 2 (WPA2) instead of
WEP (Wired Equivalent Privacy). Using current technology, WEP encryption can be broken in minutes (if not seconds) by an attacker, which afterwards allows the attacker to view all traffic passed on the wireless network. It is important to note that older client systems and access points may not support WPA2 and will require a software or hardware upgrade. When researching for suitable replacement devices, ensure that the device is WPA2-Personal certified.
3. Limit Administration to Internal Network
Administration of home networking devicesshould be from the internal-facing network. When given the option, external remote administration should be disabled for network devices. Disabling remote administration
prevents an attacker from changing and possibly compromising the home network.
4. Implement an Alternate DNS Provider
The Domain Name Servers (DNS) provided by the ISP typically don’t provide enhanced security services such as the blocking and blacklisting of dangerous and infected web sites. Consider using either open source or commercial DNS providers to enhance web browsing security.
5. Implement Strong Passwords on all Network Devices
In addition to a strong and complex password on the wireless access point, a strong password
needs to be implemented on any network device that can be managed via a web interface. For instance, many network printers on the market today can be managed via a web interface to configure services, determine job status, and enable features such as email alerts and logging.
Operational Security (OPSEC)/Internet Behavior Recommendations
1. Traveling with Personal Mobile Devices
Many establishments (e.g., coffee shops, hotels, airports, etc.) offer wireless hotspots or kiosks for customers to access the Internet. Since the underlying infrastructure is unknown and security is often lax, these hotspots and
kiosks are susceptible to adversarial activity. The following options are recommended for those with a need to access the Internet while traveling:

a. Mobile devices (e.g., laptops, smart phones) should
utilize the cellular network (e.g., mobile Wi-Fi, 3G or 4G
services) to connect to the Internet instead of wireless
hotspots. This option often requires a service plan with a
cellular provider.
b. Regardless of the underlying network, users can setup
tunnels to a trusted VPN service provider. This option can
protect all traffic between the mobile device and the VPN
gateway from most malicious activities such as monitoring.
c. If using a hotspot is the only option for accessing
the Internet, then limit activities to web browsing. Avoid
accessing services that require user credentials or entering
personal information.
Whenever possible, maintain physical control over mobile devices while traveling. All portable devices are subject to physical attack given access and sufficient time. If a laptop must be left behind in a hotel room, the laptop should be powered down and have Full Disk Encryption enabled as discussed above.

2. Exchanging Home and Work Content Government maintained hosts are generally configured more securely and also have an enterprise infrastructure in place (email filtering, web content filtering, IDS, etc. ) for preventing
and detecting malicious content. Since many users do not exercise the same level of security on their home systems (e.g., limiting the use of administrative credentials), home systems are generally easier to compromise. The forwarding of content (e.g., emails or documents) from home systems to work systems either via email or removable media may put work systems at an increased risk of compromise. For those interactions that are solicited and expected, have the contact send any work-related correspondence to your work email account.
3. Storage of Personal Information on the Internet
Personal information which has traditionally been stored on a local computing device is steadily moving to the Internet cloud. Examples of information typically stored in the cloud include webmail, financial information, and personal information posted to social networking sites. Information in the cloud is difficult to remove and governed by the privacy policies and security of the hosting site. Individuals who post information to these webbased services should ask themselves “Who will have access to the information I am posting?” and “What controls do I have over how this information is stored and displayed?” before proceeding. Internet users should also be aware of personal information already published online by periodically searching for their personal information using popular Internet
search engines.
4. Use of Social Networking Sites
Social networking sites are an incredibly convenient and efficient means for sharing personal information with family and friends. This convenience also brings some level of risk; therefore, social network users should be cognizant of what personal data is shared and who has access to this data. Users should think twice about posting information such as address, phone number, place of employment, and other personal information that can be used to target or harass you. If available, consider limiting access to posted personal data to “friends only” and attempt to verify any new sharing requests either by phone or in person. When receiving content (such as third-party applications) from friends or new acquaintances, be wary that many recent attacks have leveraged the ease with which content is generally accepted within the social network community. This content appears to provide a new capability, when in fact there is some malicious component that is rarely apparent to the typical user. Also, several social networking
sites now provide a feature to opt-out of exposing your personal information to Internet search engines. A good recommendation is to periodically review the security policies and settings available from your social network
provider to determine if new features are available to protect your personal information.
5. Enable the Use of SSL Encryption
Application encryption (also called SSL or TLS) over the Internet protects the confidentiality of sensitive information while in transit. SSL also prevents people who can see your traffic (for example at a public WiFi hotspot) from being able to impersonate you when logging into web based applications (webmail, social networking sites, etc.). Whenever possible, web-based applications such as browsers should be set to force the use of SSL. Financial institutions rely heavily on the use of SSL to protect financial transactions while in transit. Many popular applications such as Facebook and Gmail have options to force all communication to use SSL by default. Most web browsers provide some indication that SSL is enabled, typically a lock symbol either next to the URL for the web page or within the status bar
along the bottom of the browser.
6. Email Best Practices
Personal email accounts, either web-based or local to your host, are common attack targets. The following recommendations will help reduce your exposure to email-based threats:
a. In order to limit exposure both at work and home,
consider using different usernames for home and work
email addresses. Unique usernames make it more difficult
for someone targeting your work account to also target you
via your personal accounts.
b. Setting out-of-office messages on personal email
accounts is not recommended, as this can confirm to
spammers that your email address is legitimate and also
provide awareness to unknown parties as to your activities.
c. Always use secure email protocols if possible when
accessing email, particularly if using a wireless network.
Secure email protocols include Secure IMAP and Secure
POP3. These protocols, or “always use SSL” for web-based
email, can be configured in the options for most email
clients. Secure email prevents others from reading email
while in transit between your computer and the mail server.
d. Unsolicited emails containing attachments or links
should be considered suspicious. If the identity of the
sender can’t be verified, consider deleting the email without
opening. For those emails with embedded links, open your
browser and navigate to the web site either by its wellknown
web address or search for the site using a common
search engine. Be wary of an email requesting personal
information such as a password or social security number.
Any web service that you currently conduct business with
should already have this information.

7. Password Management
Ensure that passwords and challenge responses are properly protected since they provide access to large amounts of personal and financial information. Passwords should be strong, unique for each account, and difficult to guess. A strong password should be at least 10 characters long and contain multiple character types (lowercase, uppercase, numbers, and special characters). A unique password should be used for each account to prevent an attacker from gaining access to multiple accounts if any one password is compromised. Disable the feature that allows programs to remember passwords and automatically enter them when required. Additionally, many online sites make use of password recovery or challenge questions. The answers to these questions should be something that no one else would know or find from Internet searches or public records. To prevent an attacker from leveraging personal information about yourself to answer challenge questions, consider providing a false answer to a fact-based question, assuming the response is unique and memorable.
8. Photo/GPS Integration
Many phones and some new point-and-shoot cameras embed the GPS coordinates for a particular location within a photo when taken. Care should be taken to limit exposure of these photos on the Internet, ensure these photos can only be seen by a trusted audience, or use a third-party tool to remove the coordinates before uploading to the Internet. These coordinates can be used to profile the habits and places frequented for a particular individual, as well as provide near-real time notifications of an individual’s location when uploaded directly from a smart phone. Some
services such as Facebook automatically strip out the GPS coordinates in order to protect the privacy of their users.

Enhanced ProtectionRecommendations
The following recommendations require a higher level of administrative skills to implement and maintain on home networks than the previous recommendations. These recommendations provide additional layers of security but may impact your web browsing experience or require some iteration to adjust settings to the appropriate thresholds.
1. Enhanced Wireless Router Configuration Settings
Additional protections can be applied to the wireless network to limit access. The following security mechanisms do not protect against the experienced attacker, but are very effective against a less experienced attacker.
a. MAC address or hardware address filtering enables the
wireless access point to only allow authorized systems to
associate with the wireless network. The hardware address
for all authorized hosts must be configured on the wireless
access point.
b. Limiting the transmit power of the wireless access
point will reduce the area of operation (signal strength)
of the wireless network. This capability curtails the home
wireless network from extending beyond the borders of a
home (e.g., parking lot or adjacent building).
c. SSID cloaking is a means to hide the SSID, the
name of a wireless network, from the wireless medium.
This technique is often used to prevent the detection of
wireless networks by war drivers. It is important to note
that enabling this capability prevents client systems from
finding the wireless network. Instead, the wireless settings
must be manually configured on all client systems.
d. Reducing the dynamic IP address pool or configuring
static IP addresses is another mechanism to limit access
to the wireless network. This provides an additional layer
of protection to MAC address filtering and prevents rogue
systems from connecting to the wireless network.
2. Disable Scripting Within the Web Browser
If using third party web browsers such as Firefox or Chrome, use NoScript (Firefox) or NotScript
(Chrome) to prevent the execution of scripts from untrusted domains. Disabling scripting can cause usability issues, but is an effective technique to reduce web bourne attacks.
3. Enable Data Execution Prevention (DEP) for all Programs
By default, DEP is only enabled for essential Windows programs and services. Some third party or legacy applications may not be compatible with DEP, and could possibly crash when run with DEP enabled. Any program that requires DEP to execute can be manually added to the DEP exemption list, but this requires some technical expertise.

See the full article from zdnet here>>

Computing and the Internet is full of terms that novices of the web may find confusing. This is a glossary with a basic description of some terms relating to the computer and internet world.

Bandwidth

Bandwidth is measured in bits per second and is the amount of data that can be sent through a network or modem connection. The higher than bandwidth, the more data that can be transferred. If the bandwidth is high it can cope with more visitors and more downloads. It also affects the speed at which the site loads.

Dashboard

A dashboard is a user interface used on many different types of software. From the dashboard you may get the options and see basic information about your account. The word is taken from a dashboard on a car, where you will see basic information like speed and mileage and reach option such as the gears and radio.

Desktop Publishing

Desktop publishing is where a computer is used to create a document. If words and images are created and combined in designing something, it is called desktop publishing. The creation of a poster using a computer is a good example of desktop publishing.

Encryption

When data is scrambled so it can only be decoded and understood by someone who it should be, it is called encryption. It is effectively a way of enhancing the security of confidential information so if someone who shouldn’t manages to access it, they won’t be able to understand it.

Facebook

Facebook is the name of a social networking website (see below for social networking) where users can create a profile of themselves and share information and photographs with other users who they have specified as a friend. Friends being able to post messages to each other is a popular feature of Facebook.

Firewall

This is software that prevents viruses (see below for virus) and other malicious programs from accessing a computer system. Its job is to spot programs and websites that could be dangerous, and they can prevent traffic from certain IP addresses.

Hard Disk

A hard disk is the internal memory (see below for memory) of a computer and somewhere you can save documents and other files to.

JavaScript

This is a programming language. It is used in the creation of web pages and is used for the dynamic and interactive parts of sites, such as rollovers and image rotation.

LAN

LAN stands for local area network, a computer network that is limited to a small area, such as an office or school. With a LAN, users (who will usually have a user name and password) will be able to access the same files and information from shared areas of the network. It also means users can access the same files from different computers.

Memory

Computers need memory to store data. A hard drive is an example. Memory can also come in the form of external devices plugged into a computer, such as the almost obsolete floppy disk, CD’s and USB drives.

Open Source

If a piece of software’s code is open for the use of any member of the public, it is called open source software. The code can be modified where necessary, so users are effectively taking a program created by someone else and modifying it how they please. Examples include some web development software. This can be used by different web development companies who can modify it to suit their needs.

Page Views

The number of times a webpage has been viewed is called the number of page views. It is a statistic that is regularly used by website owners to see how many times each page has been viewed. This can help them to establish visitor behaviour, and is one metric of measuring the success or failure of a webpage, and a website in general.

Screenshot

A screenshot is effectively an image taken of what is seen on a computer screen, using the computer. It is also sometimes called a screen grab.

Script

A computer script is a set of commands. These are instructions to a computer. They are used to run processes on computers and computer systems.

SEO

SEO stands for Search Engine Optimisation and refers to optimising a website for the search engines to give it the best chance possible of appearing towards the top of the search engines. On-page and off-page techniques can be used. On-page SEO are things carried out on the website itself. Off-page SEO is generating links from other websites to yours.

Social Networking

Social networking websites are sites where people can share information about themselves with others. Basically, they are online networks of people or online communities.

WAN

WAN stands for Wide Area Network, as opposed to a local area network (see above). It essentially does the same thing but over a larger distance. Whereas a LAN may be only within an office, a WAN can connect people from different towns, or even different countries.

Web Host

For a website to be viewed by others, it needs to be hosted on a server. Web hosts (or web hosting companies) lease servers to website owners, where their sites can be uploaded for the world to see.

Virus

A computer virus is a malicious script or piece of software that can infect a computer. This can cause havoc by destroying the computer. Some viruses will allow the virus’s creator to view confidential information contained on a computer.

source: http://ezinearticles.com/?Computer-and-Internet-Glossary&id=5903819

A software modem is a low-cost alternative to a standard hardware-based modem. While hardware modems contain all the parts necessary to connect to the internet, the software modem transfers some of that work to the computer’s processor.

Modems have two main components. The controller configures and dials the modem, and the datapump sends and receives data. Depending on the type of software modem, either the controller or the datapump or both might be replaced by software.

Because it has fewer parts, a software modem is typically much less expensive than a hardware modem. Most modern personal computers have built-in software modems. A software modem also requires less power than a standard modem, which can be a benefit for someone using a laptop computer that runs on a battery. They can also be easily upgraded simply by upgrading your software driver. And in the past, software modems could only be used for dial-up connections, but a DSL software modem is now an option.

The software modem has often been criticized for its drawbacks, though. Because it relies on the computer to perform many of its processes, a software modem can be a drag on a computer’s processor, leading to sluggish performance or disconnections. This can be particularly troubling for people who play games online, because the computer’s resources can be spread too thin between the game and the internet connection through a software modem. And because of its reliance on software, a software modem can become corrupt or can conflict with other software. On older computers or on non-Windows computers, there can also be issues with compatibility.

A software modem is generally not too difficult to identify. If a modem specifically requires a certain operating system or processor, it’s probably a software modem. And software modems typically can only run with Windows, so modem names containing the word “Win” can be a red flag.

source: http://www.wisegeek.com/what-is-a-software-modem.htm

Bandwidth, data and speed are closely related terms and are sometimes used interchangeably. The amount of bandwidth that a computer connection is allotted determines how much data can be downloaded per second, or transferred from the Internet to the computer. More bandwidth equals more data per second, which translates to more speed. In some cases a bandwidth limit refers to a speed limit, and in other cases it refers to a data limit.

For example, broadband Internet services sell access plans based on speed, limiting bandwidth according to each plan. Plans with higher bandwidth limits are more expensive, but faster.

Luckily plans usually include unlimited access, so you don’t have to worry about a bandwidth limit in terms of data download. Every time you visit a webpage, after all, the page must be transferred to your computer, constituting a download. This says nothing of files, programs, videos and music you might download. Who then, has to worry about bandwidth limits?

Actually, many online services impose caps on the amount of data that can be downloaded over a set period of time. Depending on the service, data limits might apply to surfing as well as to downloading files or programs. A bandwidth limit might also apply to personal domains. Let’s take a closer look at a few examples of services that might impose a bandwidth limit.

Subscribers of mobile broadband (Internet access supplied over cellular towers), commonly apply bandwidth limits. Typically an account is allotted a large block of “free” data with charges applying for every Megabyte downloaded past the allotted amount. If the account is contractual, the allotted amount refreshes or starts over every month. If the account is pay as you go, the bandwidth limit applies to the segment of time purchased.

More commonly, we have bandwidth limits associated with domains. If you have a personal domain, the website host service likely imposes a monthly bandwidth limit on your account. Every time someone visits your website, your account racks up a download deficit that counts against your monthly allowance. The more pages visited, the more your allowance is whittled away. If you have a very low bandwidth limit and a very popular website, you might find yourself paying extra charges or having to upgrade the plan to increase the site’s allotment.

Another example where you might encounter a bandwidth limit is when subscribing to a USENET newsgroup service. Services that sell access to binary newsgroups where people can share large files typically cap accounts with a bandwidth limit that prevents downloading more data from the news server than has been allotted for the month. Some newsgroup services offer plans that charge a flat monthly fee for unlimited downloads, eliminating the limit.

If you have to watch your bandwidth, consider installing a bandwidth monitor. Many of these little programs are free and will keep a running tally of downloads along with displaying real-time connection speeds. Some programs will also sound an alert at user-configurable points to announce and approaching threshold, allowing you to make better decisions about how to spend the rest of your bandwidth allotment.

If you’re only concerned about your website’s bandwidth limit, most host services feature a built-in monitor accessible through the site’s administration interface. In addition to seeing how much bandwidth your account has left for the month, the host might also provide traffic analysis, information that can help you improve site content.

source: http://www.wisegeek.com/what-is-a-bandwidth-limit.htm

Internet

The Internet was started in 1969. It started from local area network. Let me explain what is a local area network. Computers connected with each other in a house or company makes a local area network. On the other hand wide area network is the combination of countless LANs, wide area networks and individual machine around the world. All computers in the world when connected together make a network, which is known as Internet. These computers are connected through different ways via ISPs. Let me explain what is an ISP. Those companies who provide Internet service to computer users are called Internet service providers. These ISPs offer two types of connections. One is called slow speed or dialup and the other is known as high speed. Dialup gives a maximum speed of 56 kbps. High speed connections starts from 56kps and go behind 13mps (mega bit per second). ISPs provide different monthly packages for this service. Every package is priced according to the speed.

Suppose you have Internet service setup on your computer and you turn on it on, you are already on Internet. Just like in real world everybody has a name, on Internet every computer has a unique number, which is called IP (Internet Protocol) address. This number can be used to identify a computer. So if a computer in one part of the world wants to talk to another computer in the other part of the world, that machine will be using this number to talk to the other computer. That is how these computers and computer users can communicate with each other. If someone knows a computer number i.e. the IP address then he or she can connect to any computer (using the right tools) specially if that computer has a week security.

Hackers

Those computer users who gain unauthorized access to other people computers are called hackers. This is possible if the target computer is weak on security and the IP for the said computer is available. The question is how they get a computer’s number, i.e. IP address. Here are different possible ways of stealing or gaining access to IP address of a machine. Generally talking if someone has access to a computer then they can easily get it by punching a few simple commands. The IP address can be found during a chatting session. That’s why Internet security is the greatest challenge for IT professionals. Spamming is another way of hacking a computer. In the Spam emails users are instructed to click on fake links and as soon as they click, scripts and spyware are download into their computer resulting in hacking.

Hackers use different programs to scan other people computers to get the computer number. In that case they never know whose computer number they are getting. In such cases the target computers are used for advertisements or identity theft. Let me explain how identity theft happens. A computer is a powerful tool in our life. We use it for checking emails, buy or sell items online; do our banking, schoolwork and many other daily life activities. All these activities are done through user id and password and that is what hackers usually search for. After they get the unique IP number, they download programs in other people computers. One bad fact about hacking is, location, they can be local or they may be sitting in other part of the world. Hackers can be blocked through different types of technologies i.e. hardware and software. In both cases there is one main idea behind it and that idea is called firewall. A firewall is like a security guard on the entrance of a building. It stops all unauthorized access to computer. Rules are setup on fire walled computers to allow or deny access through local and wide area network.

Internet is a great tool. Let’s hope everybody use it for a better life. To me Internet is power. Long live Internet.

source: http://ezinearticles.com/?Internet-and-Hackers&id=4132580

If you’ve been in an airport, coffee shop, library or hotel recently, chances are you’ve been right in the middle of a wireless network. Many people also use wireless networking, also called WiFi or 802.11 networking, to connect their computers at home, and some cities are trying to use the technology to provide free or low-cost Internet access to residents. In the near future, wireless networking may become so widespread that you can access the Internet just about anywhere at any time, without using wires.

WiFi has a lot of advantages. Wireless networks are easy to set up and inexpensive. They’re also unobtrusive — unless you’re on the lookout for a place to use your laptop, you may not even notice when you’re in a hotspot. In this article, we’ll look at the technology that allows information to travel over the air. We’ll also review what it takes to create a wireless network in your home.

What Is WiFi?

A wireless network uses radio waves, just like cell phones, televisions and radios do. In fact, communication across a wireless network is a lot like two-way radio communication. Here’s what happens:

1. A computer’s wireless adapter translates data into a radio signal and transmits it using an antenna.
2. A wireless router receives the signal and decodes it. The router sends the information to the Internet using a physical, wired Ethernet connection.

The process also works in reverse, with the router receiving information from the Internet, translating it into a radio signal and sending it to the computer’s wireless adapter.

The radios used for WiFi communication are very similar to the radios used for walkie-talkies, cell phones and other devices. They can transmit and receive radio waves, and they can convert 1s and 0s into radio waves and convert the radio waves back into 1s and 0s. But WiFi radios have a few notable differences from other radios:

* They transmit at frequencies of 2.4 GHz or 5 GHz. This frequency is considerably higher than the frequencies used for cell phones, walkie-talkies and televisions. The higher frequency allows the signal to carry more data.
* They use 802.11 networking standards, which come in several flavors:
o 802.11a transmits at 5 GHz and can move up to 54 megabits of data per second. It also uses orthogonal frequency-division multiplexing (OFDM), a more efficient coding technique that splits that radio signal into several sub-signals before they reach a receiver. This greatly reduces interference.
o 802.11b is the slowest and least expensive standard. For a while, its cost made it popular, but now it’s becoming less common as faster standards become less expensive. 802.11b transmits in the 2.4 GHz frequency band of the radio spectrum. It can handle up to 11 megabits of data per second, and it uses complementary code keying (CCK) modulation to improve speeds.
o 802.11g transmits at 2.4 GHz like 802.11b, but it’s a lot faster — it can handle up to 54 megabits of data per second. 802.11g is faster because it uses the same OFDM coding as 802.11a.
o 802.11n is the newest standard that is widely available. This standard significantly improves speed and range. For instance, although 802.11g theoretically moves 54 megabits of data per second, it only achieves real-world speeds of about 24 megabits of data per second because of network congestion. 802.11n, however, reportedly can achieve speeds as high as 140 megabits per second. The standard is currently in draft form — the Institute of Electrical and Electronics Engineers (IEEE) plans to formally ratify 802.11n by the end of 2009.
* Other 802.11 standards focus on specific applications of wireless networks, like wide area networks (WANs) inside vehicles or technology that lets you move from one wireless network to another seamlessly.
* WiFi radios can transmit on any of three frequency bands. Or, they can “frequency hop” rapidly between the different bands. Frequency hopping helps reduce interference and lets multiple devices use the same wireless connection simultaneously.

­As long as they all have wireless adapters, several devices can use one router to connect to the Internet. This connection is convenient, virtually invisible and fairly reliable; however, if the router fails or if too many people try to use high-bandwidth applications at the same time, users can experience interference or lose their connections.

WiFi Hotspots

If you want to take advantage of public WiFi hotspots or start a wireless network in your home, the first thing you’ll need to do is make sure your computer has the right gear. Most new laptops and many new desktop computers come with built-in wireless transmitters. If your laptop doesn’t, you can buy a wireless adapter that plugs into the PC card slot or USB port. Desktop computers can use USB adapters, or you can buy an adapter that plugs into the PCI slot inside the computer’s case. Many of these adapters can use more than one 802.11 standard.

Once you’ve installed your wireless adapter and the drivers that allow it to operate, your computer should be able to automatically discover existing networks. This means that when you turn your computer on in a WiFi hotspot, the computer will inform you that the network exists and ask whether you want to connect to it. If you have an older computer, you may need to use a software program to detect and connect to a wireless network.

Being able to connect to the Internet in public hotspots is extremely convenient. Wireless home networks are convenient as well. They allow you to easily connect multiple computers and to move them from place to place without disconnecting and reconnecting wires. In the next section, we’ll look at how to create a wireless network in your home.

Building a Wireless Network

If you already have several computers networked in your home, you can create a wireless network with a wireless access point. If you have several computers that are not networked, or if you want to replace your Ethernet network, you’ll need a wireless router. This is a single unit that contains:

1. A port to connect to your cable or DSL modem
2. A router
3. An Ethernet hub
4. A firewall
5. A wireless access point

A wireless router allows you to use wireless signals or Ethernet cables to connect your computers to one another, to a printer and to the Internet. Most routers provide coverage for about 100 feet (30.5 meters) in all directions, although walls and doors can block the signal. If your home is very large, you can buy inexpensive range extenders or repeaters to increase your router’s range.

As with wireless adapters, many routers can use more than one 802.11 standard. 802.11b routers are slightly less expensive, but because the standard is older, they’re slower than 802.11a, 802.11g and 802.11n routers. Most people select the 802.11g option for its speed and reliability.

Once you plug in your router, it should start working at its default settings. Most routers let you use a Web interface to change your settings. You can select:

* The name of the network, known as its service set identifier (SSID) — The default setting is usually the manufacturer’s name.
* The channel that the router uses — Most routers use channel 6 by default. If you live in an apartment and your neighbors are also using channel 6, you may experience interference. Switching to a different channel should eliminate the problem.
* Your router’s security options — Many routers use a standard, publicly available sign-on, so it’s a good idea to set your own username and password.

Security is an important part of a home wireless network, as well as public WiFi hotspots. If you set your router to create an open hotspot, anyone who has a wireless card will be able to use your signal. Most people would rather keep strangers out of their network, though. Doing so requires you to take a few security precautions.

It’s also important to make sure your security precautions are current. The Wired Equivalency Privacy (WEP) security measure was once the standard for WAN security. The idea behind WEP was to create a wireless security platform that would make any wireless network as secure as a traditional wired network. But hackers discovered vulnerabilities in the WEP approach, and today it’s easy to find applications and programs that can compromise a WAN running WEP security.

To keep your network private, you can use one of the following methods:

* WiFi Protected Access (WPA) is a step up from WEP and is now part of the 802.11i wireless network security protocol. It uses temporal key integrity protocol (TKIP) encryption. As with WEP, WPA security involves signing on with a password. Most public hotspots are either open or use WPA or 128-bit WEP technology, though some still use the vulnerable WEP approach.

* Media Access Control (MAC) address filtering is a little different from WEP or WPA. It doesn’t use a password to authenticate users — it uses a computer’s physical hardware. Each computer has its own unique MAC address. MAC address filtering allows only machines with specific MAC addresses to access the network. You must specify which addresses are allowed when you set up your router. This method is very secure, but if you buy a new computer or if visitors to your home want to use your network, you’ll need to add the new machines’ MAC addresses to the list of approved addresses. The system isn’t foolproof. A clever hacker can spoof a MAC address — that is, copy a known MAC address to fool the network that the computer he or she is using belongs on the network.

source:
http://computer.howstuffworks.com/wireless-network.htm

The word on just about every Internet user’s lips these days is “broadband.” We have so much more data to send and download today, including audio files, video files and photos, that it’s clogging our wimpy modems. Many Internet users are switching to cable modems and digital subscriber lines (DSLs) to increase their bandwidth. There’s also a new type of service being developed that will take broadband into the air.

At least three companies are planning to provide high-speed wireless Internet connection by placing aircraft in fixed patterns over hundreds of cities. Angel Technologies is planning an airborne Internet network, called High Altitude Long Operation (HALO), which would use lightweight planes to circle overhead and provide data delivery faster than a T1 line for businesses. Consumers would get a connection comparable to DSL. Also, AeroVironment has teamed up with NASA on a solar-powered, unmanned plane that would work like the HALO network, and Sky Station International is planning a similar venture using blimps instead of planes.

We’ve already seen satellites used for broadband Internet access. In this article, you’ll learn about the future of the airborne Internet. We’ll take a look at the networks in development, the aircraft and how consumers may use this technology in their homes.

The Net Takes Flight

The computer most people use comes with a standard 56K modem, which means that in an ideal situation your computer would downstream at a rate of 56 kilobits per second (Kbps). That speed is far too slow to handle the huge streaming-video and music files that more consumers are demanding today. That’s where the need for bigger bandwidth — broadband — comes in, allowing a greater amount of data to flow to and from your computer. Land-based lines are limited physically in how much data they can deliver because of the diameter of the cable or phone line. In an airborne Internet, there is no such physical limitation, enabling a broader capacity.

Several companies have already shown that satellite Internet access can work. The airborne Internet will function much like satellite-based Internet access, but without the time delay. Bandwidth of satellite and airborne Internet access are typically the same, but it will take less time for the airborne Internet to relay data because it is not as high up. Satellites orbit at several hundreds of miles above Earth. The airborne-Internet aircraft will circle overhead at an altitude of 52,000 to 69,000 feet (15,849 to 21,031 meters). At this altitude, the aircraft will be undisturbed by inclement weather and flying well above commercial air traffic.

Networks using high-altitude aircraft will also have a cost advantage over satellites because the aircraft can be deployed easily — they don’t have to be launched into space. However, the airborne Internet will actually be used to compliment the satellite and ground-based networks, not replace them. These airborne networks will overcome the last-mile barriers facing conventional Internet access options. The “last mile” refers to the fact that access to high-speed cables still depends on physical proximity, and that for this reason, not everyone who wants access can have it. It would take a lot of time to provide universal access using cable or phone lines, just because of the time it takes to install the wires. An airborne network will immediately overcome the last mile as soon as the aircraft takes off.

The airborne Internet won’t be completely wireless. There will be ground-based components to any type of airborne Internet network. The consumers will have to install an antenna on their home or business in order to receive signals from the network hub overhead. The networks will also work with established Internet Service Providers (ISPs), who will provide their high-capacity terminals for use by the network. These ISPs have a fiber point of presence — their fiber optics are already set up. What the airborne Internet will do is provide an infrastructure that can reach areas that don’t have broadband cables and wires.

Airborne-Internet systems will require that an antenna be attached to the side of your house or work place.

A HALO Over Head

One the three companies developing an airborne Internet network is Angel Technologies. Its HALO Network may be ready for deployment at the end of 2003 and in place over 10 cities by 2006. The centerpiece of this network is the Proteus plane, which will carry wireless networking equipment into the air.

The Proteus plane was developed by Scaled Composites. It is designed with long wings and the low wing loading needed for extended high-altitude flight. Wing loading is equal to the entire mass of the plane divided by its wing area. Proteus will fly at heights of 9.5 and 11.4 miles (15.3 and 18.3 km) and cover an area up to 75 miles (120.7 km) in diameter. The plane still needs to receive approval from the Federal Aviation Administration.

At the heart of Angel’s Proteus planes is the one-ton airborne-network hub, which is what allows the plane to relay data signals from ground stations to your workplace and home computer. The airborne-network hub consists of an antenna array and electronics for wireless communication. The antenna array creates hundreds of virtual cells, like mobile-phone cells, on the ground to serve thousands of users. The payload is liquid-cooled and operates off of about 20 kilowatts of DC power. An 18-foot dish underneath the plane is responsible for reflecting high-speed data signals from a ground station to your computer.

Each city in the HALO Network will be allotted three piloted Proteus planes. Each plane will fly for eight hours before the next plane takes off. Angel CEO Marc Arnold says his company has identified 3,500 airports in the United States that can meet HALO’s operational needs. After takeoff, the Proteus plane will climb to a safe altitude, above any bad weather or commercial traffic, and begin an 8-mile loop around the city. Each plane will accommodate two pilots, who will split flying duties during their eight-hour flight.

Floating On Air

Sky Station International is counting on its blimps to beat Angel to the punch in the race to deliver high-speed Internet access from high altitudes. Sky Station calls its blimps lighter-than-air platforms, and plans to station these airships over at least 250 cities worldwide, one over each city. Each station would fly at an altitude of 13 miles (21 km) and provide wireless service to an area of approximately 7,500 square miles (19,000 square km).

Each blimp will be equipped with a telecommunications payload to provide wireless broadband connections. The blimps will be able to carrying payloads of up to about 2,200 pounds (1,000 kg). Sky Station believes it can have its first blimp deployed by 2002. Each blimp will have a life span of about five to 10 years. Sky Station says that its user terminals will enable broadband connections of between 2 and 10 megabits per second (Mbps).

NASA’s Sub-space Plans

Not to be left out of the high-flying Internet industry, NASA is also playing a role in a potential airborne Internet system being developed by AeroVironment. NASA and AeroVironment are working on a solar-powered, lightweight plane that could fly over a city for six months or more, at 60,000 feet, without landing. AeroVironment plans to use these unmanned planes as the carrier to provide broadband Internet access.

Helios is currently in the prototype stage, and there is still a lot of testing to be done to achieve the endurance levels needed for AeroVironment’s telecommunications system. AeroVironment plans to launch its system within three years of receiving funding for the project. When it does, a single Helios airplane flying at 60,000 feet will cover a service area approximately 40 miles in diameter.

The Helios prototype is constructed out of materials such as carbon fiber, graphite epoxy, Kevlar and Styrofoam, covered with a thin, transparent skin. The main pole supporting the wing is made out of carbon fiber, and is thicker on the top than on the bottom in order to absorb the constant bending during flight. The wing’s ribs are made of epoxy and carbon fiber. Styrofoam comprises the wing’s front edge, and a clear, plastic film is wrapped around the entire wing body.

The all-wing plane is divided into six sections, each 41 ft (12.5 m) long. A pod carrying the landing gear is attached under the wing portion of each section. These pods also house the batteries, flight-control computers and data instrumentation. Network hubs for AeroVironment’s telecommunications system would likely be placed here as well.

It seems that airborne Internet could take off in the very near future. If and when those planes and blimps start circling to supplement our current modes of connection, downloading the massive files we’ve come to crave for entertainment or depend on for business purposes will be a snap — even if we live somewhere in that “last mile.”

source:
http://computer.howstuffworks.com/airborne-internet.htm

The Internet has become so ubiquitous it’s hard to imagine life without it. It’s equally hard to imagine a world where “www” isn’t the prefix of many of our online activities. But just because the Internet and the World Wide Web are firmly intertwined with each other, it doesn’t mean they’re synonymous.

Let’s go back to when it all began. President Dwight D. Eisenhower started the Advanced Research Projects Agency (ARPA) in 1958 to increase U.S. technological advancements in the shadow of Sputnik’s launch. By October 29, 1969, the first ARPANET network connection between two computers was launched — and promptly crashed. But happily, the second time around was much more successful and the Internet was born. More and more computers were added to this ever-increasing network and the megalith we know today as the Internet began to form. Further information about ARPA can be discovered by reading How ARPANET Works.

But the creation of the World Wide Web didn’t come until decades later, with the help of a man named Tim Berners-Lee. In 1990, he developed the backbone of the World Wide Web — the hypertext transfer protocol (HTTP). People quickly developed browsers which supported the use of HTTP and with that the popularity of computers skyrocketed. In the 20 years during which ARPANET ruled the Internet, the worldwide network grew from four computers to more than 300,000. By 1992, more than a million computers were connected — only two years after HTTP was developed [source: Computer History Museum].

You might be wondering at this point what exactly HTTP is — it’s simply the widely used set of rules for how files and other information are transferred between computers. So what Berners-Lee did, in essence, was determine how computers would communicate with one another. For instance, HTTP would’ve come into play if you clicked the source link in the last paragraph or if you typed the http://www.howstuffworks.com URL (uniform resource locator) into your browser to get to our home page. But don’t get this confused with Web page programming languages like HTML and XHTML. We use those to describe what’s on a page, not to communicate between sites or identify a Web page’s location.

Internet vs. World Wide Web

To answer this question, let’s look at each element. And since the Internet seems to be the more easily understood component, let’s start there.

Simply, the Internet is a network of networks — and there are all kinds of networks in all kinds of sizes. You may have a computer network at your work, at your school or even one at your house. These networks are often connected to each other in different configurations, which is how you get groupings such as local area networks (LANs) and regional networks. Your cell phone is also on a network that is considered part of the Internet, as are many of your other electronic devices. And all these separate networks — added together — are what constitute the Internet. Even satellites are connected to the Internet. To learn more about how this interwoven mega-network operates, check out How Internet Infrastructure Works.

The World Wide Web, on the other hand, is the system we use to access the Internet. The Web isn’t the only system out there, but it’s the most popular and widely used. (Examples of ways to access the Internet without using HTTP include e-mail and instant messaging.) As mentioned on the previous page, the World Wide Web makes use of hypertext to access the various forms of information available on the world’s different networks. This allows people all over the world to share knowledge and opinions. We typically access the Web through browsers, like Internet Explorer and Mozilla Firefox. By using browsers like these, you can visit various Web sites and view other online content.

So another way to think about it is to say the Internet is composed of the machines, hardware and data; and the World Wide Web is what brings this technology to life.

source:
http://computer.howstuffworks.com/internet-versus-world-wide-web.htm

One of the greatest things about the Internet is that nobody really owns it. It is a global collection of networks, both big and small. These networks connect together in many different ways to form the single entity that we know as the Internet. In fact, the very name comes from this idea of interconnected networks.

Since its beginning in 1969, the Internet has grown from four host computer systems to tens of millions. However, just because nobody owns the Internet, it doesn’t mean it is not monitored and maintained in different ways. The Internet Society, a non-profit group established in 1992, oversees the formation of the policies and protocols that define how we use and interact with the Internet.

The Internet: Computer Network Hierarchy
Every computer that is connected to the Internet is part of a network, even the one in your home. For example, you may use a modem and dial a local number to connect to an Internet Service Provider (ISP). At work, you may be part of a local area network (LAN), but you most likely still connect to the Internet using an ISP that your company has contracted with. When you connect to your ISP, you become part of their network. The ISP may then connect to a larger network and become part of their network. The Internet is simply a network of networks.

Most large communications companies have their own dedicated backbones connecting various regions. In each region, the company has a Point of Presence (POP). The POP is a place for local users to access the company’s network, often through a local phone number or dedicated line. The amazing thing here is that there is no overall controlling network. Instead, there are several high-level networks connecting to each other through Network Access Points or NAPs.

Internet Network Example
Here’s an example. Imagine that Company A is a large ISP. In each major city, Company A has a POP. The POP in each city is a rack full of modems that the ISP’s customers dial into. Company A leases fiber optic lines from the phone company to connect the POPs together (see, for example, this UUNET Data Center Connectivity Map).

Imagine that Company B is a corporate ISP. Company B builds large buildings in major cities and corporations locate their Internet server machines in these buildings. Company B is such a large company that it runs its own fiber optic lines between its buildings so that they are all interconnected.

In this arrangement, all of Company A’s customers can talk to each other, and all of Company B’s customers can talk to each other, but there is no way for Company A’s customers and Company B’s customers to intercommunicate. Therefore, Company A and Company B both agree to connect to NAPs in various cities, and traffic between the two companies flows between the networks at the NAPs.

In the real Internet, dozens of large Internet providers interconnect at NAPs in various cities, and trillions of bytes of data flow between the individual networks at these points. The Internet is a collection of huge corporate networks that agree to all intercommunicate with each other at the NAPs. In this way, every computer on the Internet connects to every other.

The Function of an Internet Router
All of these networks rely on NAPs, backbones and routers to talk to each other. What is incredible about this process is that a message can leave one computer and travel halfway across the world through several different networks and arrive at another computer in a fraction of a second!

The routers determine where to send information from one computer to another. Routers are specialized computers that send your messages and those of every other Internet user speeding to their destinations along thousands of pathways. A router has two separate, but related, jobs:

* It ensures that information doesn’t go where it’s not needed. This is crucial for keeping large volumes of data from clogging the connections of “innocent bystanders.”
* It makes sure that information does make it to the intended destination.

In performing these two jobs, a router is extremely useful in dealing with two separate computer networks. It joins the two networks, passing information from one to the other. It also protects the networks from one another, preventing the traffic on one from unnecessarily spilling over to the other. Regardless of how many networks are attached, the basic operation and function of the router remains the same. Since the Internet is one huge network made up of tens of thousands of smaller networks, its use of routers is an absolute necessity. For more information, read How Routers Work.

Internet Backbone
The National Science Foundation (NSF) created the first high-speed backbone in 1987. Called NSFNET, it was a T1 line that connected 170 smaller networks together and operated at 1.544 Mbps (million bits per second). IBM, MCI and Merit worked with NSF to create the backbone and developed a T3 (45 Mbps) backbone the following year.

Backbones are typically fiber optic trunk lines. The trunk line has multiple fiber optic cables combined together to increase the capacity. Fiber optic cables are designated OC for optical carrier, such as OC-3, OC-12 or OC-48. An OC-3 line is capable of transmitting 155 Mbps while an OC-48 can transmit 2,488 Mbps (2.488 Gbps). Compare that to a typical 56K modem transmitting 56,000 bps and you see just how fast a modern backbone is.

Today there are many companies that operate their own high-capacity backbones, and all of them interconnect at various NAPs around the world. In this way, everyone on the Internet, no matter where they are and what company they use, is able to talk to everyone else on the planet. The entire Internet is a gigantic, sprawling agreement between companies to intercommunicate freely.

Internet Protocol: IP Addresses
Every machine on the Internet has a unique identifying number, called an IP Address. The IP stands for Internet Protocol, which is the language that computers use to communicate over the Internet. A protocol is the pre-defined way that someone who wants to use a service talks with that service. The “someone” could be a person, but more often it is a computer program like a Web browser.

A typical IP address looks like this: 216.27.61.137

To make it easier for us humans to remember, IP addresses are normally expressed in decimal format as a dotted decimal number like the one above. But computers communicate in binary form. Look at the same IP address in binary: 11011000.00011011.00111101.10001001

The four numbers in an IP address are called octets, because they each have eight positions when viewed in binary form. If you add all the positions together, you get 32, which is why IP addresses are considered 32-bit numbers. Since each of the eight positions can have two different states (1 or zero), the total number of possible combinations per octet is 28 or 256. So each octet can contain any value between zero and 255. Combine the four octets and you get 232 or a possible 4,294,967,296 unique values!

Out of the almost 4.3 billion possible combinations, certain values are restricted from use as typical IP addresses. For example, the IP address 0.0.0.0 is reserved for the default network and the address 255.255.255.255 is used for broadcasts.

The octets serve a purpose other than simply separating the numbers. They are used to create classes of IP addresses that can be assigned to a particular business, government or other entity based on size and need. The octets are split into two sections: Net and Host. The Net section always contains the first octet. It is used to identify the network that a computer belongs to. Host (sometimes referred to as Node) identifies the actual computer on the network. The Host section always contains the last octet. There are five IP classes plus certain special addresses. You can learn more about IP classes at What is an IP address?.

Internet Protocol: Domain Name System
When the Internet was in its infancy, it consisted of a small number of computers hooked together with modems and telephone lines. You could only make connections by providing the IP address of the computer you wanted to establish a link with. For example, a typical IP address might be 216.27.22.162. This was fine when there were only a few hosts out there, but it became unwieldy as more and more systems came online.

The first solution to the problem was a simple text file maintained by the Network Information Center that mapped names to IP addresses. Soon this text file became so large it was too cumbersome to manage. In 1983, the University of Wisconsin created the Domain Name System (DNS), which maps text names to IP addresses automatically. This way you only need to remember www.howstuffworks.com, for example, instead of HowStuffWorks.com’s IP address.

URL: Uniform Resource Locator
When you use the Web or send an e-mail message, you use a domain name to do it. For example, the Uniform Resource Locator (URL) “http://www.howstuffworks.com” contains the domain name howstuffworks.com. So does this e-mail address: example@howstuffworks.com. Every time you use a domain name, you use the Internet’s DNS servers to translate the human-readable domain name into the machine-readable IP address. Check out How Domain Name Servers Work for more in-depth information on DNS.

Top-level domain names, also called first-level domain names, include .COM, .ORG, .NET, .EDU and .GOV. Within every top-level domain there is a huge list of second-level domains. For example, in the .COM first-level domain there is:

* HowStuffWorks
* Yahoo
* Microsoft

Every name in the .COM top-level domain must be unique. The left-most word, like www, is the host name. It specifies the name of a specific machine (with a specific IP address) in a domain. A given domain can, potentially, contain millions of host names as long as they are all unique within that domain.

DNS servers accept requests from programs and other name servers to convert domain names into IP addresses. When a request comes in, the DNS server can do one of four things with it:

1. It can answer the request with an IP address because it already knows the IP address for the requested domain.
2. It can contact another DNS server and try to find the IP address for the name requested. It may have to do this multiple times.
3. It can say, “I don’t know the IP address for the domain you requested, but here’s the IP address for a DNS server that knows more than I do.”
4. It can return an error message because the requested domain name is invalid or does not exist.

A DNS Example
Let’s say that you type the URL www.howstuffworks.com into your browser. The browser contacts a DNS server to get the IP address. A DNS server would start its search for an IP address by contacting one of the root DNS servers. The root servers know the IP addresses for all of the DNS servers that handle the top-level domains (.COM, .NET, .ORG, etc.). Your DNS server would ask the root for www.howstuffworks.com, and the root would say, “I don’t know the IP address for www.howstuffworks.com, but here’s the IP address for the .COM DNS server.”

Your name server then sends a query to the .COM DNS server asking it if it knows the IP address for www.howstuffworks.com. The DNS server for the COM domain knows the IP addresses for the name servers handling the www.howstuffworks.com domain, so it returns those.

Your name server then contacts the DNS server for www.howstuffworks.com and asks if it knows the IP address for www.howstuffworks.com. It actually does, so it returns the IP address to your DNS server, which returns it to the browser, which can then contact the server for www.howstuffworks.com to get a Web page.

One of the keys to making this work is redundancy. There are multiple DNS servers at every level, so that if one fails, there are others to handle the requests. The other key is caching. Once a DNS server resolves a request, it caches the IP address it receives. Once it has made a request to a root DNS server for any .COM domain, it knows the IP address for a DNS server handling the .COM domain, so it doesn’t have to bug the root DNS servers again for that information. DNS servers can do this for every request, and this caching helps to keep things from bogging down.

Even though it is totally invisible, DNS servers handle billions of requests every day and they are essential to the Internet’s smooth functioning. The fact that this distributed database works so well and so invisibly day in and day out is a testimony to the design. Be sure to read How Domain Name Servers Work for more information on DNS.

Internet Servers and Clients
Internet servers make the Internet possible. All of the machines on the Internet are either servers or clients. The machines that provide services to other machines are servers. And the machines that are used to connect to those services are clients. There are Web servers, e-mail servers, FTP servers and so on serving the needs of Internet users all over the world.

When you connect to www.howstuffworks.com to read a page, you are a user sitting at a client’s machine. You are accessing the HowStuffWorks Web server. The server machine finds the page you requested and sends it to you. Clients that come to a server machine do so with a specific intent, so clients direct their requests to a specific software server running on the server machine. For example, if you are running a Web browser on your machine, it will want to talk to the Web server on the server machine, not the e-mail server.

A server has a static IP address that does not change very often. A home machine that is dialing up through a modem, on the other hand, typically has an IP address assigned by the ISP every time you dial in. That IP address is unique for your session — it may be different the next time you dial in. This way, an ISP only needs one IP address for each modem it supports, rather than one for each customer.

Ports and HTTP
Any server machine makes its services available using numbered ports — one for each service that is available on the server. For example, if a server machine is running a Web server and a file transfer protocol (FTP) server, the Web server would typically be available on port 80, and the FTP server would be available on port 21. Clients connect to a service at a specific IP address and on a specific port number.

Once a client has connected to a service on a particular port, it accesses the service using a specific protocol. Protocols are often text and simply describe how the client and server will have their conversation. Every Web server on the Internet conforms to the hypertext transfer protocol (HTTP). You can learn more about Internet servers, ports and protocols by reading How Web Servers Work.

Networks, routers, NAPs, ISPs, DNS and powerful servers all make the Internet possible. It is truly amazing when you realize that all this information is sent around the world in a matter of milliseconds! The components are extremely important in modern life — without them, there would be no Internet. And without the Internet, life would be very different indeed for many of us.

source:
http://computer.howstuffworks.com/internet-infrastructure.htm

If you spend any time on the Internet sending e-mail or browsing the Web, then you use domain name servers without even realizing it. Domain name servers, or DNS, are an incredibly important but completely hidden part of the Internet, and they are fascinating. The DNS system forms one of the largest and most active distributed databases on the planet. Without DNS, the Internet would shut down very quickly.

When you use the Web or send an e-mail message, you use a domain name to do it. For example, the URL “http://www.howstuffworks.com” contains the domain name howstuffworks.com. So does the e-mail address “iknow@howstuffworks.com.”

Human-readable names like “howstuffworks.com” are easy for people to remember, but they don’t do machines any good. All of the machines use names called IP addresses to refer to one another. For example, the machine that humans refer to as “www.howstuffworks.com” has the IP address 70.42.251.42. Every time you use a domain name, you use the Internet’s domain name servers (DNS) to translate the human-readable domain name into the machine-readable IP address. During a day of browsing and e-mailing, you might access the domain name servers hundreds of times!

DNS Servers and IP Addresses

Domain name servers translate domain names to IP addresses. That sounds like a simple task, and it would be — except for five things:

* There are billions of IP addresses currently in use, and most machines have a human-readable name as well.
* There are many billions of DNS requests made every day. A single person can easily make a hundred or more DNS requests a day, and there are hundreds of millions of people and machines using the Internet daily.
* Domain names and IP addresses change daily.
* New domain names get created daily.
* Millions of people do the work to change and add domain names and IP addresses every day.

The DNS system is a database, and no other database on the planet gets this many requests. No other database on the planet has millions of people changing it every day, either. That is what makes the DNS system so unique.

IP Addresses

To keep all of the machines on the Internet straight, each machine is assigned a unique address called an IP address. IP stands for Internet protocol, and these addresses are 32-bit numbers normally expressed as four “octets” in a “dotted decimal number.” A typical IP address looks like this: 70.42.251.42

The four numbers in an IP address are called octets because they can have values between 0 and 255 (28 possibilities per octet).

Every machine on the Internet has its own IP address. A server has a static IP address that does not change very often. A home machine that is dialing up through a modem often has an IP address that is assigned by the ISP when you dial in. That IP address is unique for your session and may be different the next time you dial in. In this way, an ISP only needs one IP address for each modem it supports, rather than for every customer.

If you are working on a Windows machine, you can view your current IP address with the command WINIPCFG.EXE (IPCONFIG.EXE for Windows 2000/XP). On a UNIX machine, type nslookup along with a machine name (such as “nslookup www.howstuffworks.com”) to display the IP address of the machine (use the command hostname to learn the name of your machine).

As far as the Internet’s machines are concerned, an IP address is all that you need to talk to a server. For example, you can type in your browser the URL http://70.42.251.42 and you will arrive at the machine that contains the Web server for HowStuffWorks. Domain names are strictly a human convenience.

Domain Names

If we had to remember the IP addresses of all of the Web sites we visit every day, we would all go nuts. Human beings just are not that good at remembering strings of numbers. We are good at remembering words, however, and that is where domain names come in. You probably have hundreds of domain names stored in your head. For example:

* www.howstuffworks.com – a typical name
* www.yahoo.com – the world’s best-known name
* www.mit.edu – a popular EDU name
* encarta.msn.com – a Web server that does not start with www
* www.bbc.co.uk – a name using four parts rather than three
* ftp.microsoft.com – an FTP server rather than a Web server

The COM, EDU and UK portions of these domain names are called the top-level domain or first-level domain. There are several hundred top-level domain names, including COM, EDU, GOV, MIL, NET, ORG and INT, as well as unique two-letter combinations for every country.

Within every top-level domain there is a huge list of second-level domains. For example, in the COM first-level domain, you’ve got:

* howstuffworks
* yahoo
* msn
* microsoft
* plus millions of others…

Every name in the COM top-level domain must be unique, but there can be duplication across domains. For example, howstuffworks.com and howstuffworks.org are completely different machines.

In the case of bbc.co.uk, it is a third-level domain. Up to 127 levels are possible, although more than four is rare.

The left-most word, such as www or encarta, is the host name. It specifies the name of a specific machine (with a specific IP address) in a domain. A given domain can potentially contain millions of host names as long as they are all unique within that domain.

Because all of the names in a given domain need to be unique, there has to be a single entity that controls the list and makes sure no duplicates arise. For example, the COM domain cannot contain any duplicate names, and a company called Network Solutions is in charge of maintaining this list. When you register a domain name, it goes through one of several dozen registrars who work with Network Solutions to add names to the list. Network Solutions, in turn, keeps a central database known as the whois database that contains information about the owner and name servers for each domain. If you go to the whois form, you can find information about any domain currently in existence.

While it is important to have a central authority keeping track of the database of names in the COM (and other) top-level domain, you would not want to centralize the database of all of the information in the COM domain. For example, Microsoft has hundreds of thousands of IP addresses and host names. Microsoft wants to maintain its own domain name server for the microsoft.com domain. Similarly, Great Britain probably wants to administrate the uk top-level domain, and Australia probably wants to administrate the au domain, and so on. For this reason, the DNS system is a distributed database. Microsoft is completely responsible for dealing with the name server for microsoft.com — it maintains the machines that implement its part of the DNS system, and Microsoft can change the database for its domain whenever it wants to because it owns its domain name servers.

Every domain has a domain name server somewhere that handles its requests, and there is a person maintaining the records in that DNS. This is one of the most amazing parts of the DNS system — it is completely distributed throughout the world on millions of machines administered by millions of people, yet it behaves like a single, integrated database!

The Distributed System

Name servers do two things all day long:

* They accept requests from programs to convert domain names into IP addresses.
* They accept requests from other name servers to convert domain names into IP addresses.

When a request comes in, the name server can do one of four things with it:

* It can answer the request with an IP address because it already knows the IP address for the domain.
* It can contact another name server and try to find the IP address for the name requested. It may have to do this multiple times.
* It can say, “I don’t know the IP address for the domain you requested, but here’s the IP address for a name server that knows more than I do.”
* It can return an error message because the requested domain name is invalid or does not exist.

When you type a URL into your browser, the browser’s first step is to convert the domain name and host name into an IP address so that the browser can go request a Web page from the machine at that IP address (see How Web Servers Work for details on the whole process). To do this conversion, the browser has a conversation with a name server.

When you set up your machine on the Internet, you (or the software that you installed to connect to your ISP) had to tell your machine what name server it should use for converting domain names to IP addresses. On some systems, the DNS is dynamically fed to the machine when you connect to the ISP, and on other machines it is hard-wired. If you are working on a Windows 95/98/ME machine, you can view your current name server with the command WINIPCFG.EXE (IPCONFIG for Windows 2000/XP). On a UNIX machine, type nslookup along with your machine name. Any program on your machine that needs to talk to a name server to resolve a domain name knows what name server to talk to because it can get the IP address of your machine’s name server from the operating system.

The browser therefore contacts its name server and says, “I need for you to convert a domain name to an IP address for me.” For example, if you type “www.howstuffworks.com” into your browser, the browser needs to convert that URL into an IP address. The browser will hand “www.howstuffworks.com” to its default name server and ask it to convert it.

The name server may already know the IP address for www.howstuffworks.com. That would be the case if another request to resolve www.howstuffworks.com came in recently (name servers cache IP addresses to speed things up). In that case, the name server can return the IP address immediately. Let’s assume, however, that the name server has to start from scratch.

A name server would start its search for an IP address by contacting one of the root name servers. The root servers know the IP address for all of the name servers that handle the top-level domains. Your name server would ask the root for www.howstuffworks.com, and the root would say (assuming no caching), “I don’t know the IP address for www.howstuffworks.com, but here’s the IP address for the COM name server.” Obviously, these root servers are vital to this whole process, so:

* There are many of them scattered all over the planet.
* Every name server has a list of all of the known root servers. It contacts the first root server in the list, and if that doesn’t work it contacts the next one in the list, and so on.

Here is a typical list of root servers held by a typical name server:

; This file holds the information on root name servers
; needed to initialize cache of Internet domain name
; servers (e.g. reference this file in the
; “cache . ” configuration file of BIND domain
: name servers).
;
; This file is made available by InterNIC registration
; services under anonymous FTP as
; file /domain/named.root
; on server FTP.RS.INTERNIC.NET
; -OR- under Gopher at RS.INTERNIC.NET
; under menu InterNIC Registration Services (NSI)
; submenu InterNIC Registration Archives
; file named.root
;
; last update: Aug 22, 1997
; related version of root zone: 1997082200
;
;
; formerly NS.INTERNIC.NET
;
. 3600000 IN NS A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4
;
; formerly NS1.ISI.EDU
;
. 3600000 NS B.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET. 3600000 A 128.9.0.107
;
; formerly C.PSI.NET
;
. 3600000 NS C.ROOT-SERVERS.NET.
C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12
;
; formerly TERP.UMD.EDU
;
. 3600000 NS D.ROOT-SERVERS.NET.
D.ROOT-SERVERS.NET. 3600000 A 128.8.10.90
;
; formerly NS.NASA.GOV
;
. 3600000 NS E.ROOT-SERVERS.NET.
E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10
;
; formerly NS.ISC.ORG
;
. 3600000 NS F.ROOT-SERVERS.NET.
F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241
;
; formerly NS.NIC.DDN.MIL
;
. 3600000 NS G.ROOT-SERVERS.NET.
G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4
;
; formerly AOS.ARL.ARMY.MIL
;
. 3600000 NS H.ROOT-SERVERS.NET.
H.ROOT-SERVERS.NET. 3600000 A 128.63.2.53
;
; formerly NIC.NORDU.NET
;
. 3600000 NS I.ROOT-SERVERS.NET.
I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17
;
; temporarily housed at NSI (InterNIC)
;
. 3600000 NS J.ROOT-SERVERS.NET.
J.ROOT-SERVERS.NET. 3600000 A 198.41.0.10
;
; housed in LINX, operated by RIPE NCC
;
. 3600000 NS K.ROOT-SERVERS.NET.
K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129
;
; temporarily housed at ISI (IANA)
;
. 3600000 NS L.ROOT-SERVERS.NET.
L.ROOT-SERVERS.NET. 3600000 A 198.32.64.12
;
; housed in Japan, operated by WIDE
;
. 3600000 NS M.ROOT-SERVERS.NET.
M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33
; End of File

The formatting is a little odd, but basically it shows you that the list contains the actual IP addresses of 13 different root servers.

The root server knows the IP addresses of the name servers handling the several hundred top-level domains. It returns to your name server the IP address for a name server for the COM domain. Your name server then sends a query to the COM name server asking it if it knows the IP address for www.howstuffworks.com. The name server for the COM domain knows the IP addresses for the name servers handling the HOWSTUFFWORKS.COM domain, so it returns those. Your name server then contacts the name server for HOWSTUFFWORKS.COM and asks if it knows the IP address for www.howstuffworks.com. It does, so it returns the IP address to your name server, which returns it to the browser, which can then contact the server for www.howstuffworks.com to get a Web page.

One of the keys to making this work is redundancy. There are multiple name servers at every level, so if one fails, there are others to handle the requests. There are, for example, three different machines running name servers for HOWSTUFFWORKS.COM requests. All three would have to fail for there to be a problem.

The other key is caching. Once a name server resolves a request, it caches all of the IP addresses it receives. Once it has made a request to a root server for any COM domain, it knows the IP address for a name server handling the COM domain, so it doesn’t have to bug the root servers again for that information. Name servers can do this for every request, and this caching helps to keep things from bogging down.

Name servers do not cache forever, though. The caching has a component, called the Time To Live (TTL), that controls how long a server will cache a piece of information. When the server receives an IP address, it receives the TTL with it. The name server will cache the IP address for that period of time (ranging from minutes to days) and then discard it. The TTL allows changes in name servers to propagate. Not all name servers respect the TTL they receive, however. When HowStuffWorks moved its machines over to new servers, it took three weeks for the transition to propagate throughout the Web. We put a little tag that said “new server” in the upper left corner of the home page so people could tell whether they were seeing the new or the old server during the transition.

Creating a New Domain Name

When someone wants to create a new domain, he or she has to do two things:

* Find a name server for the domain name to live on.
* Register the domain name.

Technically, there does not need to be a machine in the domain — there just needs to be a name server that can handle the requests for the domain name.

There are two ways to get a name server for a domain:

* You can create and administer it yourself.
* You can pay an ISP or hosting company to handle it for you.

Most larger companies have their own domain name servers. Most smaller companies pay someone.

The history of HowStuffWorks is typical. When howstuffworks.com was first created, it began as a parked domain. This domain lived with a company called www.webhosting.com. Webhosting.com maintained the name server and also maintained a machine that created the single “under construction” page for the domain.

To create a domain, you fill out a form with a company that does domain name registration (examples: register.com, verio.com, networksolutions.com). They create an “under construction page,” create an entry in their name server, and submit the form’s data into the whois database. Twice a day, the COM, ORG, NET, etc. name servers get updates with the newest IP address information. At that point, a domain exists and people can go see the “under construction” page.

HowStuffWorks then started publishing content under the domain www.howstuffworks.com. We set up a hosting account with Tabnet (now part of Verio, Inc.), and Tabnet ran the DNS for HowStuffWorks as well as the machine that hosted the HowStuffWorks Web pages. This type of machine is called a virtual Web hosting machine and is capable of hosting multiple domains simultaneously. Five-hundred or so different domains all shared the same processor.

As HowStuffWorks became more popular, it outgrew the virtual hosting machine and needed its own server. At that point, we started maintaining our own machines dedicated to HowStuffWorks, and began administering our own DNS. We currently have four servers:

* AUTH-NS1.HOWSTUFFWORKS.COM 70.42.150.19
* AUTH-NS2.HOWSTUFFWORKS.COM 70.42.150.20
* AUTH-NS3.HOWSTUFFWORKS.COM 70.42.251.19
* AUTH-NS4.HOWSTUFFWORKS.COM 70.42.251.20

Our primary DNS is auth-ns1.howstuffworks.com. Any changes we make to it propagate automatically to the secondary, which is also maintained by our ISP.

All of these machines run name server software called BIND. BIND knows about all of the machines in our domain through a text file on the main server that looks like this:

@ NS auth-ns1.howstuffworks.com.
@ NS auth-ns2.howstuffworks.com.
@ MX 10 mail

mail A 209.170.137.42

vip1 A 216.183.103.150
www CNAME vip1

Decoding this file from the top, you can see that:

* The first two lines point to the primary and secondary name servers.

* The next line is called the MX record. When you send e-mail to anyone at howstuffworks.com, the piece of software sending the e-mail contacts the name server to get the MX record so it knows where the SMTP server for HowStuffWorks is (see How E-mail Works for details). Many larger systems have multiple machines handling incoming e-mail, and therefore multiple MX records.

* The next line points to the machine that will handle a request to mail.howstuffworks.com.

* The next line points to the IP address that will handle a request to oak.howstuffworks.com.

* The next line points to the IP address that will handle a request to howstuffworks.com (no host name).

You can see from this file that there are several physical machines at separate IP addresses that make up the HowStuffWorks server infrastructure. There are aliases for hosts like mail and www. There can be aliases for anything. For example, there could be an entry in this file for scoobydoo.howstuffworks.com, and it could point to the physical machine called walnut. There could be an alias for yahoo.howstuffworks.com, and it could point to yahoo. There really is no limit to it. We could also create multiple name servers and segment our domain.

As you can see from this description, DNS is a rather amazing distributed database. It handles billions of requests for billions of names every day through a network of millions of name servers administered by millions of people. Every time you send an e-mail message or view a URL, you are making requests to multiple name servers scattered all over the globe. What’s amazing is that the process is usually completely invisible and extremely reliable!

source:
http://computer.howstuffworks.com/dns.htm