This is a continuation of a series of articles in which I briefly cover the main points of a specific topic in system architecture design. The first article can be read and the full guide you can find on my . here github Any complex system is a mosaic of numerous components, each with its specific function. These components don't operate in isolation; they constantly interact over a network, exchanging data and commands. Understanding the basics of these interactions is crucial. One must understand how components communicate over the network to comprehend the system's overall performance and resilience truly. Types Networks can be divided into four types based on size, architecture, range, and function: : Designed for personal use, usually within a person's range. It might connect devices like a computer, smartphone, and smartwatch, often Bluetooth. Personal Area Network (PAN) ): Connects devices within a limited area, such as a home, office, or school. It's typically used for connecting computers and sharing resources like printers or internet connections within a confined geographical area. Local Area Network (LAN Covers a larger area than a LAN but is smaller than a WAN, typically spanning a city or a large campus. Local service providers often use it to offer connections to businesses and homes in a town. Metropolitan Area Network (MAN): : Spans a larger geographical area, often connecting multiple LANs. The internet is the most prominent example of a WAN, linking computers and networks worldwide. Wide Area Network (WAN) Components Building and maintaining networks would be impossible without specialized hardware devices: : Physical cables (like Ethernet) provide a wired connection between devices, while wireless access points allow devices to connect to the network without physical cables, using Wi-Fi or other wireless technologies. Cable & Wireless Access Point : These are hardware components, often cards inserted into computers or other devices, that allow them to connect to a network. Network Interface Card (NIC) : A network device that amplifies or regenerates a signal, allowing it to travel longer distances without degradation. It's primarily used in wired and wireless networks to extend the range of communication and ensure data integrity over extended distances. Repeater A bridge operates at the data link layer. A bridge is a repeater, adding the functionality of filtering content by reading the MAC addresses of the source and destination. It is also used for interconnecting two LANs working on the same protocol. Bridge: : These basic networking devices connect multiple devices in a LAN, acting as a single network segment. Hub cannot filter data, so data packets are sent to all connected devices. Hub : Devices in a network that connect other devices. Unlike hubs, which broadcast the same data to all devices, switches are more intelligent, directing data only to the device that needs it. Switches : Devices that forward data packets between computer networks. They determine the best path for data transfer. Routers typically connect LANs and WANs and have a dynamically updating routing table based on which they make decisions on routing the data packets. Routers Topologies Network topology is a structural layout that dictates how different network devices and components are connected and how data is transmitted. The choice of topology significantly impacts the network's performance, scalability, and fault tolerance. It is categorized into two main types: : Describes the physical layout of devices, cables, and other network components. It represents how network devices are physically connected. Physical : Describes the data flow within the network, regardless of its physical design. It represents how data is transmitted between network devices. Logical The following types of topologies are distinguished: Point-to-Point A direct connection between two nodes or endpoints. This is the simplest form of network topology. : Advantages The direct and dedicated link ensures high-speed data transfer. Simple configuration and setup. Reliable communication since there are only two nodes involved. : Disadvantages It is not scalable for larger networks as it would require a dedicated line for every pair of devices. It can be more expensive in scenarios where multiple connections are needed due to the need for individual links. Bus All devices share a single communication line. Data sent by a device is available to all other devices, but only the intended recipient accepts and processes that data. : Advantages Easy to implement for small networks. Cost-effective due to minimal cabling. : Disadvantages Performance degrades as more devices are added or network traffic increases. A single cable failure can bring down the entire network. Ring Each device is connected to two other devices, forming a ring. Data travels in one or sometimes two directions. : Advantages It can handle larger data loads than bus topology. : Disadvantages A failure in one cable or device can take down the entire network. More difficult to install and reconfigure. Star All devices are connected to a central device (e.g., a switch or hub). : Advantages Easy to install and manage. Failure in one cable doesn't affect other devices. : Disadvantages If the central device fails, the whole network is inoperable. Requires more cable than bus topology. Tree Hybrid topology that combines characteristics of star and bus topologies. Groups of star-configured networks are connected to a linear bus backbone. : Advantages Hierarchical and scalable. Grouping of devices makes it easy to manage. : Disadvantages Failure in the backbone will cause division in the network. More cabling is required than other topologies. Mesh Devices are interconnected. Every device is connected to every other device. : Advantages Provides high redundancy and reliability. Data can be transmitted from multiple devices simultaneously. : Disadvantages It requires more cabling, making it expensive. Complex to install and configure. Hybrid Combination of two or more topologies. : Advantages Flexible and reliable as it inherits the advantages of its component topologies. Scalable. : Disadvantages Complex design. It can be more expensive due to multiple configurations. Protocols Network protocols are rules or standards that define how data is transmitted and received over a network. These protocols ensure that devices on a network (or across multiple networks) can communicate with each other in a standardized way. Common Protocols : The fundamental suite of protocols that powers the Internet. TCP ensures data is sent correctly, and IP provides data is sent to the correct place. TCP/IP : A connectionless protocol that, unlike TCP, doesn't establish a connection before sending data and doesn't guarantee the order of data packets. UDP Protocols used for transferring web pages on the Internet. HTTPS includes security measures to encrypt data. HTTP, HTTPS: : A protocol designed to transfer files over a network. FTP : Used for email transmission. SMTP : Used for retrieving and storing emails from a mail server. IMAP : Used for retrieving emails from a mail server. POP3 : Used for error reporting and diagnostics related to IP processing. ICMP : Translates domain names to IP addresses, allowing users to access websites using human-readable names. DNS : Assigns IP addresses dynamically to devices on a network. DHCP : Cryptographic protocols are designed to provide secure communication over a computer network. SSL/TLS : Point-to-Point Protocol (PPP) is basically an asymmetric protocol suite for various connections or links without framing. PPP : Defines how devices on a local area network (LAN) communicate. It operates at both the physical layer and the data link layer of the OSI model. Ethernet OSI and TCP/IP Models The OSI and TCP/IP are two primary models that serve as guiding frameworks that describe the processes involved in data communication over a network. OSI Model Protocol Data Format TCP/IP Model 7 Application HTTP, DNS, SMTP, FTP Data Application 6 Presentation TLS, SSL Data Application 5 Session Sockets Data Application 4 Transport TCP, UDP Segment, Packet Transport 3 Network IP, ICMP, IPsec IP Datagram Internet 2 Data Link PPP, Ethernet Frame Network Interface 1 Physical Fiber, Wireless Bit Network Interface The (Open Systems Interconnection) model is a conceptual framework for understanding network interactions in seven layers. Each layer serves a specific function: OSI : Deals with the physical connection between devices. It defines the hardware elements, such as cables, switches, and NICs. Physical : Responsible for creating a reliable link between two directly connected nodes, handling errors, and regulating data flow. Data Link : Determines the best path to transfer data from the source to the destination across the network. Network : Ensures end-to-end communication, data flow control, and error correction. Transport : Establishes, maintains, and terminates application connections at both ends. Session : Translates data between the application and transport layers, ensuring data is readable. Presentation : Directly interacts with end-user applications, ensuring effective communication between software and lower layers of the OSI model. Application The is a more concise model used predominantly in the modern internet, which simplifies the OSI layers into four categories: TCP/IP : Combines the functions of OSI's Physical and Data Link layers, focusing on how data is sent/received on a network medium. Network Interface : Corresponds to the Network layer in OSI, handling data routing, IP addressing, and packet forwarding. Internet : Similar to OSI's Transport layer, ensuring data reaches the correct application and is transmitted reliably (TCP) or quickly (UDP). Transport : Merges the functions of OSI's Session, Presentation, and Application layers, dealing with end-user application processes. Application Security In system design, ensuring robust network security is paramount to protect sensitive data and maintain the trust of users and stakeholders, ensure business continuity, and meet regulatory requirements. Common Threats and Vulnerabilities : Malicious attempts to disrupt the normal traffic of a targeted server, service, or network by overwhelming it with a flood of internet traffic. DDoS Attacks : Software designed to disrupt, damage, or gain unauthorized access to a computer system. This includes viruses, worms, spyware, and ransomware. Malware : Attackers secretly intercept and relay communication between two parties. They can eavesdrop or impersonate one of the parties, deceiving the other. Man-in-the-Middle Attacks : Threats originating from within the organization, such as employees, former employees, or partners with inside information concerning security practices. Insider Threats : Bugs or weaknesses in software can be exploited to gain unauthorized access or disrupt services. Examples include buffer overflows and unhandled exceptions. Software Flaws : Physical components can have vulnerabilities, like firmware that can be tampered with or backdoors installed by manufacturers. Hardware Weaknesses : Devices like routers, switches, or firewalls that are not correctly configured can expose the network to various threats. Misconfigured Network Devices : Insufficient password policies, lack of multi-factor authentication, or lax access controls can allow unauthorized access. Weak Authentication and Authorization : Data that isn't encrypted can be easily intercepted and read as it travels across a network. Unencrypted Data : Systems that are no longer supported or haven't been updated can have known vulnerabilities that are easy to exploit. Outdated Systems : This refers to physical access points where an attacker could plug into the network or access servers directly. Physical Vulnerabilities Best Practices for Ensuring Network Security : Deploy hardware and software firewalls to monitor and control incoming and outgoing network traffic based on security policies. Firewalls : Use encryption protocols, especially for sensitive data, both in transit (like SSL/TLS for web traffic) and at rest (like database encryption). Encryption : Keep all systems, software, and applications updated to patch vulnerabilities. Regular Updates : Implement MFA to add a layer of security, ensuring that users provide two or more verification factors to gain access. Multi-Factor Authentication (MFA) : Use network monitoring tools to monitor the network for unusual activities or unauthorized access continuously. Network Monitoring : Educate employees and users about the importance of security and how to recognize potential threats. Security Awareness Training : Limits the spread of threats within the network and provides better control over data access. Network Segmentation : Ensures data availability and business continuity in case of breaches or failures. Backup and Disaster Recovery : Physical access to network devices can lead to breaches. Physical Security Conclusion Grasping the fundamentals of networking, from the intricacies of topologies to the nuances of basic protocols, is not merely an academic exercise—it's crucial for creating robust and efficient systems. A solid grounding in network principles ensures systems communicate seamlessly, adapt resiliently, and scale efficiently.

Too Long; Didn't Read

Making security fun one episode at a time

The System Design Cheat Sheet: Networks

Too Long; Didn't Read

Aleksandr Gavrilenko

About Author

TOPICS

Languages

THIS ARTICLE WAS FEATURED IN...

The System Design Cheat Sheet: Networks

Too Long; Didn't Read

Aleksandr Gavrilenko

About Author

TOPICS

Languages

THIS ARTICLE WAS FEATURED IN...

RELATED STORIES