Networks & Security

LAN (Local Area Network)

Like your school’s internal network — all computers in one building connected together, owned by the school. Uses Ethernet cables or WiFi.

WAN (Wide Area Network)

Like the internet connecting your school to schools across the country. Uses third-party infrastructure (BT, Virgin, etc.). The internet is the biggest WAN.

Star Topology

Like a classroom where every student talks through the teacher (central switch/server). If one student is absent, others still work. If the teacher is absent, nobody communicates.

Bus Topology

Like a single road where all houses share the same road. Cheap to set up, but if the road is blocked, nobody can travel. Data collisions happen when two devices transmit at once.

Mesh Topology

Like a group chat where everyone has everyone else’s phone number. If one person’s phone dies, everyone else can still message each other.

Client-Server → Netflix

You (client) request a film from Netflix’s servers. The server stores everything centrally, manages security, and handles all requests.

• Advantages: Centrally managed, backed up, secure
• Disadvantages: Expensive server hardware, single point of failure if the server goes down

Peer-to-Peer → Bluetooth File Sharing

Like sharing music files directly between friends’ phones via Bluetooth. Each device is equal — both client and server.

• Advantages: No central server needed, cheap to set up
• Disadvantages: Hard to manage security, each device must be powerful enough to share resources

Sending data over a network is like posting a long letter that’s been split into numbered postcards (packets):

1. Each postcard has: the destination address (IP), the return address, and a sequence number.
2. The postcards might take different routes through the postal system (routers decide the best path based on traffic).
3. At the destination, the postcards are put back in correct order using the sequence numbers.
4. If any postcard is lost, the receiver asks for it to be resent.

Advantages:

• If one cable fails, only that device is affected — the rest of the network continues working.
• Easy to add or remove devices without disrupting the network.
• Each device has a dedicated connection, so there are no data collisions.
• Better performance under heavy traffic than bus topology.

Disadvantages:

• If the central switch/hub fails, the entire network goes down.
• Requires more cable than bus topology (one cable per device to the switch).
• More expensive to install due to the switch and extra cabling.

Advantages:

• High redundancy — if one connection fails, data can take an alternative route.
• Very reliable; ideal for critical systems (e.g., military, banking).
• No single point of failure in a full mesh.
• Data can be transmitted simultaneously from multiple devices.

Disadvantages:

• Most expensive topology to install — requires many cables and ports.
• Complex to set up and manage.
• Full mesh requires n(n-1)/2 connections, which grows rapidly.

Advantages:

• Cheap to install — requires less cable than star or mesh.
• Simple to set up for small networks.
• Easy to extend by adding devices to the backbone cable.

Disadvantages:

• If the backbone cable fails, the entire network goes down.
• Performance degrades as more devices are added (shared bandwidth).
• Data collisions can occur as all devices share the same cable.
• Difficult to troubleshoot faults.

Client-Server:

• Central server manages files, security and user accounts.
• Easier to back up data centrally.
• Better security — access rights controlled from the server.
• More expensive — requires dedicated server hardware and software.
• If the server fails, clients cannot access shared resources.

Peer-to-Peer:

• No central server needed — cheaper to set up.
• Each device is responsible for its own security and backups.
• Easy to set up for small networks (e.g., home networks).
• Less secure — no centralised control over access.
• Difficult to manage as the network grows.

Follow an email from sender to recipient to see how protocols work together:

1. You compose an email in Gmail (application layer)
2. SMTP protocol packages your message and sends it to your email server
3. TCP breaks the email into packets, adds sequence numbers for reassembly
4. IP adds source and destination IP addresses to each packet
5. Packets travel across the internet via routers (each router reads the IP and forwards the packet along the best route)
6. At the destination, TCP reassembles packets in the correct order
7. The recipient’s email server receives the email via SMTP
8. When they open their inbox, POP3 or IMAP retrieves the email

Layer 4 — Application: Provides network services to the user (e.g., HTTP, FTP, SMTP, POP/IMAP). This is where data is created.

Layer 3 — Transport: TCP breaks data into packets and ensures reliable delivery. Adds port numbers and manages flow control. Requests re-sends of missing packets.

Layer 2 — Internet: IP adds source and destination IP addresses. Routers use this layer to direct packets across the network.

Layer 1 — Network Interface: Handles the physical transmission of data using Ethernet, Wi-Fi, etc. Adds MAC addresses for local delivery.

Walkthrough — Loading a Webpage (www.bbc.co.uk):

• Application Layer: Your browser sends an HTTP GET request for www.bbc.co.uk
• Transport Layer: TCP breaks the request into packets, assigns port 80 (HTTP) or 443 (HTTPS)
• Internet Layer: IP addresses are added (your IP → BBC server IP), routers forward packets across networks
• Network Interface Layer: Data is converted to electrical signals on Ethernet cable or WiFi radio waves. MAC addresses used for local delivery.

The BBC server processes the request, and the webpage data travels back through the same 4 layers in reverse.

Threats:

• Malware — Viruses, worms, trojans, ransomware, spyware. Can delete files, spy on users, or lock systems for ransom.
• Phishing — Fake emails/websites that trick users into revealing passwords or financial information.
• SQL Injection — Malicious code entered into web forms to access or manipulate databases.
• Brute Force — Automated tools try every password combination until the correct one is found.
• Social Engineering — Manipulating people into revealing confidential information through deception.

Protection Methods:

• Firewall — Monitors traffic and blocks suspicious activity.
• Encryption — Scrambles data so intercepted information cannot be read.
• Strong passwords — Long, complex passwords with mixed characters are harder to crack.
• Two-factor authentication (2FA) — Requires a second form of verification (e.g., SMS code).
• Regular updates — Patches fix known security vulnerabilities in software.
• Anti-malware software — Scans for and removes malicious software.
• Input validation — Checking user input to prevent SQL injection attacks.

Real-World Cyber Attack Examples:

• Phishing: In 2020, Twitter employees were tricked by phone phishing, leading to hackers accessing celebrity accounts (Barack Obama, Elon Musk) and posting Bitcoin scam tweets.
• SQL Injection: Hackers insert code like ' OR 1=1 -- into a login form to bypass authentication and access the entire database.
• Brute Force: Trying every possible password combination. A 4-digit PIN has 10,000 combinations — a computer can try all of them in seconds.
• DDoS (Distributed Denial of Service): Thousands of compromised computers (a botnet) flood a website with requests until it crashes and becomes unavailable.
• Malware types: Virus (attaches to files, spreads when run), Worm (self-replicates across networks without user action), Trojan (disguised as legitimate software), Ransomware (encrypts files, demands payment to unlock).

Protection Methods — Explained with Analogies:

• Firewall: Monitors all incoming/outgoing traffic, blocks suspicious connections — like a security guard checking IDs at the door.
• Encryption: Scrambles data so intercepted messages are unreadable — like writing in a secret code only the recipient knows.
• Anti-malware: Scans files for known virus signatures and suspicious behaviour, quarantines threats.
• Access controls: Usernames, passwords, and biometrics limit who can access what resources.
• Penetration testing: Hiring ethical hackers to find vulnerabilities before criminals do.
• Network policies: Rules about password length, software installation, USB device usage, and acceptable use.