uCertify Chapter 0

Having a firm understanding of the basics of how computers communicate with each
other is an important aspect of networking foundations. This introductory module
covers basic concepts that will be addressed throughout this course.

These are foundational skills that will help you complete this course as well as build
an essential baseline of information that is needed to successfully understand
networks, network protocols and design concepts, and security issues that all
managers and network technicians must understand as part of their day to day
management and support of a network in any organization.

Here is when you would use computer networks in healthcare:

 Networks are used to transmit patient data, pharmacy data, and other
important data from the doctor to the hospital, the health insurer, and in
some cases through the Internet directly to the patient.

 When a patient is in surgery the anesthesiologist uses a computer to monitor

the telemetry from the patient to ensure that the patient does not aspirate or
have a negative patient outcome from the use of anesthesia.

 The doctor uses tools and instruments that generate data and that data is
stored on the network, such as the data generated from an MRI or CAT scan.
The scanning data is generated at the patient, travels across a network to a
server, and is then used by the radiologist (who could be anywhere in the
world) to determine what is happening with the patient.

 Patient medication is wholly computerized to ensure that medication

accidents of patients are reduced. This can be in the filling of the
pharmaceutical orders, creation of compound drugs, or inside the hospital
with nurses administering drugs to patients.

Without networks, modern medicine would not exist as we know it. Understanding
the role and use of networks from how they are designed to how they are operated
is critical to medical managers to understand how the hospital operates, and the role
of IT in patient management.

Medical information systems managers also must comply with HIPAA 1 for data
protection and privacy and the Food and Drug Administration (FDA) 2 regulations in
the operation, update, and support of all controlled medical devices from
pacemakers to MRI machines. Understanding how many of these regulations work
to influence how a network is built and maintained is also important for Health

1 http://www.hhs.gov/ocr/privacy/hipaa/faq/securityrule/
2 http://www.fda.gov/MedicalDevices/DeviceRegulationandGuidance/Overview/
Informatics Managers and Technologists to understand throughout the health
information lifecycle. Patients generate a large amount of data per visit. This
includes general intake paperwork, diagnosis, payment, treatment, procedure, and
other information including in some cases genomic information. You will learn more
about these processes in C259 if you are taking the CompTIA Health Informatics
Technician course.

Figure 1 From CMU.edu

Imaging PACS - (picture archiving and communication system) is a healthcare

technology for the short- and long-term storage, retrieval, management, distribution
and presentation of medical images.

EHR – Electronic Health Records

CPOE – Computerized Physician Order Entry for Medication

All of this requires a network to interconnect all the various devices, records,
payment information, billing information, and other information together into a
coherent process that allows for the efficient running of a medical organization.

What is a network?

A network is a way for more than one computer to talk to each other and share
information. Some computers are designed to serve data and are called a server,
while the majority of computers are regular Personal Computers (PC’s) that access
services that the server provides to a PC. Computers like these that connect to each
other and to servers are called workstations or hosts. Software like e-mail or web
browsing is a connection between a host and a server; hosts can also share
information amongst themselves in an ad-hoc network. Networks come in three
sizes.

The SOHO network (Small Office Home Office) is a small group of computers
without a server that generally connects to the Internet via business class or
consumer-class broadband Internet. Services such as e-mail and web sites are
provided by an Internet Service Provider (ISP) and are generally unmanaged. The
computers can be wired to a small switch that connects to the cable router, or
wireless that connects to a cable router. This is the common type of network that is
be found in a Doctor’s office who is in independent practice.

The LAN, Local Area Network, is a group of computers that might be an entire
office floor, or a building or campus building in an organization. There should be a
server to provide basic services for an office, or access to a server to provide e-mail,
access and authorizing login to the network and computers to provide file sharing
services. These servers should be located in a secure location or in a closed locked
room so that they are not accessible by anyone but the server administrators. A LAN
can be wired or wireless and will connect to a larger ISP on a commercial class
connection. These are the kinds of networks that will be found in hospitals or large
inpatient clinics.

The WAN, Wide Area Network is based on a geographical region, for example
Dallas or Washington State. These are networks that carry data between LANs so
that sites can share data or telecommute. When you access Amazon.com from your
house you will travel over a WAN to get there so you can go shopping online. These
are the kinds of networks that tie hospitals to medical insurers or multi-system
multi-state medical organizations.

As long as two or more computers need to share information they will travel over a
network of some sort.

For more information on this topic, please watch this Lynda.com video on basic
networking:

http://www.lynda.com/IT-IT-Help-Desk-tutorials/Basic-networking-
concepts/184173/187593-4.html

Topologies

The way a network is designed can be very important to how that network behaves
with other computers. There are a number of basic network shapes called
topologies that are used every day to send information back and forth between
servers and workstations.

Token Ring

Token ring is one of the older topologies that you might encounter at work. The
token is like a baton that is passed among runners during a relay race. Every
computer gets a chance to talk on the network when it has the token. When it is
done talking or its time slot is used up, the computer passes the token to the next
computer in the list. Computers keep on passing the token until all the
communications are finished or the computer is turned off. This is a very polite way
of allowing every computer time to be on the network without the risk of collision of
data. However, it is possible for the token to be corrupted during transmission,
which will cause the network to stop operating correctly.

Bus
The bus network is a network design where the computers all share the same
network line to talk to each other. This kind of network is prone to collisions
between different pieces of information because all the computers can attempt to
talk to each other at the same time. Usually this kind of network is built upon a
coaxial cable called “ThinNet”, but you might run into some very old installations on
“ThickNet”. It is possible for a single computer to “hog the network” or use up a
disproportionate amount of network resources so that other computers cannot use
the network. Generally these kinds of networks are no longer used, but you might
find them in some older companies or on specialized networks.

Star
The star topology is the most common topology in use today. It requires that a
switch be used to connect computers to each other. The switch manages the
network and ensures that computers on the network all work together with few if
any collisions and no resource hogging. The switch controls all the communications
between servers, printers and computers. The switch is also the gateway to other
networks and other computer systems making the network modular and easily
upgradable. One way that computers can share information on this kind of network
is by using a broadcast message. When you are logging in for the first time your
workstation might not know where the login server is. The login server broadcasts
its network address to the entire network so that computers know what service it is
offering to other computers on the network. This behavior is common on a Windows
network and on an Apple Talk network, but Linux computers need to know where
computer services are before they can be accessed.

These kinds of networks can be expensive to install, but once they are installed are
low-maintenance and easy to upgrade because you are only upgrading end points,
not the entire network. Capacity is easily added by installing a new switch. The star
topology also helps with network management by segregating networks into smaller
sections that can be easily monitored for errors.
Mesh

This is the last topology that is common in networking. In a mesh network every
device is connected to every other device. You will see this kind of configuration on
WAN networks for failover and redundancy. You will also see this in data centers so
that every computer has a way to communicate with every other computer in case a
device or computer fails.

For more information on this please watch this Lynda.com video on Networking
Topologies:

http://www.lynda.com/Windows-Server-tutorials/Foundations-Networking-
Networking-Basics/408231-2.html

Cables

For computers to talk to each other they have to work through a medium. The
current media are copper wire, fiber optic cables, and wireless networks that use
radio frequencies to pass data from a computer to another computer. Cables work at
the physical layer of the OSI model and the TCP/IP model (see below) so these are
important to know what they are and how they work.

Unshielded Twisted Pair (UTP)

Figure 2 RJ45 ends connected to Twisted Pair Cables

Unshielded twisted-pair (UTP) cable plays an important role in computer

networking. It is called twisted-pair because pairs of wires are twisted around each
other to form the cable. This is done because wires that are twisted around each
other reduce electromagnetic interference (EMI) compared to wires that simply
travel next to each other. There are many standards that twisted-pair cables can
conform to. The most common twisted-pair standards used for computer
networking today are category 6 (CAT6), category 6a (CAT6a), and category 5e
(CAT5e). CAT6 cable is tested to provide the transmission of data rates up to
1000Mbps for a maximum length of 100 meters. CAT6a is an improved version of
CAT6 and will support 10GB Ethernet.
CAT5e cable is an enhanced version of CAT5 and provides improved performance of
the cable. CAT6 provides further improved performance and a bandwidth of
250MHz. CAT5/5e twisted-pair cable contains four color-coded pairs of 24-gauge
wires terminated with an RJ-45 (8P8C) connector. The image below provides an
example of a CAT5e cable terminated with an RJ-45 (8P8C) modular plug. CAT6
twisted-pair cable also contains four color-coded wires, but the wire gauge is
23AWG, a slightly thicker wire. CAT6 cable therefore has a stiffer feel compared to
CAT5e.

You should know how much data can be transmitted by what category of cable. This
will help you later on by allowing you to plan the capacity of the network you are in
charge of or building.

Fiber Optic
Figure 3 Fiber Optic Cable

Recent advances in the development and manufacture of fiber-optic systems have

made them the latest frontier in the field of optical networking. They are being used
extensively for both private and commercial data links and have replaced a lot of
copper wire. The latest networking technologies to benefit from the development in
optical networking are gigabit Ethernet and 10-gigabit Ethernet.

A fiber-optic network is surprisingly simple and is comprised of the following

elements:

 A fiber-optic transmission strand can carry the signal (in the form of a
modulated light beam) a few feet or even hundreds or thousands of miles. A
cable may contain three or four hair-like fibers or a bundle of hundreds of
such fibers.
 A source of invisible infrared radiation—usually a light-emitting diode (LED)
or a solid-state laser—that can be modulated to impress digital data or an
analog signal on the light beam.
 A photosensitive detector to convert the optical signal back into an electrical
signal at the receiver.
  Efficient optical connectors at the light source-to-cable interface and at the
cable-to-photo detector interface. These connectors are also critical when
splicing the optical cable due to excessive loss that can occur at connections.

The advantages of optical communication links compared to copper conductors are

enormous and include the following:

 Extremely wide system bandwidth: The data is impressed on the light by

varying the light's intensity. Because the best LEDs have a response time of 5
billionths of a second (5 ns), they provide a maximum bandwidth of about
100MHz. With laser light sources, however, data rates over 10Gbps are
possible with a single-mode fiber.
 Immunity to electromagnetic interference (EMI): External electrical noise
and lightning do not affect energy in a fiber-optic strand. However, this is true
only for the optical strands, not the metallic cable components or connecting
electronics. EMI can be a serious issue in hospitals, as consumer electronics
can disrupt data transmission from patients who are in an ICU with many
patient status monitors.
 Elimination of crosstalk: The light in one glass fiber does not interfere with,
nor is it susceptible to, the light in an adjacent fiber. Recall that crosstalk
results from the electromagnetic coupling between two adjacent copper
wires. MRI machines or CAT scanners will often connect to a server using
fiber-optic connections to ensure that the data from the scan is not corrupted
by the influence of the magnet, which can be both an EMI and crosstalk
concern when it is in operation.
 Lower signal attenuation than other propagation systems. Attenuation is
the loss of signal strength as a signal moves down a medium. This is much
like radio or TV when you are out of range - your signal has attenuated to the
point where the reception of that channel is no longer possible. Typical
attenuation of a 1GHz bandwidth signal for optical fibers is 0.03 dB per 100
ft., compared to 4.0 dB for RG-58U coaxial
 Lower costs: Optical fiber costs are continuing to decline. The costs of many
systems are declining with the use of fiber, and that trend is accelerating.
 Safety: In many wired systems, the potential hazard of short circuits requires
precautionary designs. Additionally, the dielectric nature of optic fibers
eliminates the spark hazard.
 Corrosion: Given that glass is basically inert, the corrosive effects of certain
environments are not a problem.
 Security: Due to its immunity to and from electromagnetic coupling and
radiation, optical fiber can be used in most secure environments. Although it
can be intercepted or tapped, it is very difficult to do so.

Wireless
A typical computer network uses twisted-pair and fiber-optic cable to interconnect
LANs. Another media competing for use in higher data-rate LANs is wireless, based
on the IEEE 802.11 wireless standard. The advantages of wireless include:

 A cost-effective networking media for use in areas that are difficult or too
costly to wire
 User mobility in the workplace

Wireless networks have become more and more the network of choice in
environments such as home, small offices, and public places. Being able to connect to
the network without a wire is convenient for users, not to mention the cost is much
lower. In the age of laptops and mobile devices, wireless opens the door to user
mobility in the workplace. User mobility provides flexibility. Workers can potentially
access the network or wireless data services from virtually any location within the
workplace. Accessing information from the network is as easy as if the information
were on a disk.
The benefits of wireless networks in the workplace are numerous. To provide
wireless connectivity, the network administrator must be sure the network services
are reliable and secure. Providing reliable network services means the administrator
must have a good understanding of WLAN configurations and technologies. This and
the following sections examine the fundamentals of wireless networking; the 802.11
standard and its family, 802.11a, 802.11b, and 802.11g and 802.11n; and how
WLANs are configured.

The IEEE 802.11 WLAN standard defines the physical layer, the medium access
control (MAC) layer, and the MAC management protocols and services.

The physical layer defines the following:

 The method of transmitting the data, which can be either RF or infrared

(although infrared is rarely used)
 The MAC layer defined
 The reliability of the data service
 Access control to the shared wireless medium
 Protecting the privacy of the transmitted data

The wireless management protocols and services are authentication, association,

data delivery, and privacy.

A typical wireless network will look something similar to this to ensure that the
radio frequency is at the same strength all the way through the building.
It is important to verify that sufficient RF signal level is available for the users in the
WLAN. This is best accomplished by performing a site survey. Inside a building, a
site survey is performed to determine the best location(s) for placing the access
point(s) for providing maximum RF coverage for the wireless clients. Site surveys
are also done with outside installations to determine the coverage area.

For more on this please watch this Lynda.com video http://www.lynda.com/IT-IT-

Help-Desk-tutorials/Cables-connectors/184173/187576-4.html Cables and
Connectors

The OSI Model

The OSI Model is a seven layer model describing how networks will operate, all the
way from the physical connection of the PC to the network (physical layer) through
the user interface (application layer). The OSI model was developed to address how
data would move from one segment of the network to another segment of a network
and be used by a computer to present data to a user.

Layer Function
1 - Physical Layer The Physical Layer defines the electrical
and physical specifications of the data
connection
2 – Data Link Layer The Data Link Layer provides a node to
node (PC to Router, or Router to Router)
data transfer support. It detects and
sometimes corrects errors that may
happen at the physical layer (such as a
cable being cut, or a wireless network
being disconnected). The Data Link
Layer works with the MAC (Media Access
Control) hardware address of the
computer and the router or switch.
3 – Network Layer The Network Layer provides the
functional and procedural means of
transferring packets to other computers,
routers, or other network hardware or
computers. This is where network
establishes routes (say between your
computer and Google would be
determined) for data so that your
communications with the end computer
can be established on the network. This
is where ICMP and IGMP will be found
on the network.
4 – Transport Layer This is where data is transferred
between computers using TCP/IP. This is
where connections are set up (3-way
hand shake to establish
communications). Datagrams are
transmitted using either the TCP or UDP
protocol. Error correction and reliability
are at this layer of the network.
5 – Session Layer The Session Layer is where the session is
established and maintained between a
computer and a service. For example, if
sending e-mail this is where the e-mail is

6 – Presentation Layer
7 – Application Layer
packaged and sent when you click the
“send” button. Another example is when
your session with Google or other web
service is maintained between you
computer and the server regardless of
how many times you wait between
searches.
The Presentation Layers is where data is
prepared for use by the Application
Layer. Any special context or libraries
needed by the Application Layer are
called here so that the data can be used
by the application. You would see this
when streaming a video or looking at a
picture on the internet.
This is where the user interacts with the
computer by using a browser, or using e-
mail such as Outlook or Word or any
other application on your computer.
Everything at this layer is application
specific, although items such as images
embedded in an e-mail and the internet
might share a common library at the
presentation layer.

For more information on the OSI model, watch these videos:

OSI Model - https://wgu.hosted.panopto.com/Panopto/Pages/Viewer.aspx?

id=763e81bc-8e15-44a2-943d-1fc8f0901edf

And

OSI Model basic networks - http://www.lynda.com/IT-IT-Help-Desk-

tutorials/Basic-networking-concepts/184173/187593-4.html

The TCP/IP Model

The TCP/IP Model is a simpler model than the OSI Model with only four discreet
layers rather than seven. These four layers encompass all the same functionality of
the OSI model but wraps the data layer processes into one layer and the physical and
network layer into one layer.

Layer Function
Application Layer Similar to the Application, Presentation
and Session layers in the OSI model, this
 is where you will find your applications,
session support, and translation for
types of data such as image, text and
movie
Transport Equal to the transport layer in the OSI
model, this is where you find protocols
such as TCP and UDP.
Network Equal to the network layer in the OSI
model where you will find control and
routing information such as ICMP, IGMP,
and ARP.
Network Interface Similar to the Data Link and Physical
layers in the OSI model, this is where you
find your electrical and physical
connections and layer 2 MAC address
information.

For more information on the TCP/IP Model please watch this video:

https://wgu.hosted.panopto.com/Panopto/Pages/Viewer.aspx?id=ac85dbae-61c0-
4e0d-8032-1393302a7770

Hardware and Software Security

There are many ways to break into a computer system, and most of these are well-
known. From a manager’s perspective, you need to learn how to address risks when
it comes to the hardware and software that you purchase for the company. There are
steps that can be taken to minimize risk, but all risk can never be eliminated. At best
you will need to make a number of informed decisions about the hardware and
software you purchase for the company, and how those purchases can best support
the company in continuing to do business.

Anti-Virus software, regardless of the manufacturer, is one of the most common

items that a person or a company can purchase to ensure that already known
malware (virus, worm or Trojan) cannot infect and alter a computer’s functioning.
Anti-virus comes in three forms: signature based, in that the virus is known;
behavioral based, in that the behavior of the suspected virus is what will trigger the
anti-virus; or a combination of both signature and behavioral. Behavioral and
signature based anti-virus is also known as heuristic anti-virus software. Most
anti-virus software sold today is heuristic.

Personal Firewalls – all modern computer systems have built-in firewalls. Most of
them are enabled by default and the user has to explicitly allow a program to access
the Internet when installing software. These allowed programs include software
like:
  Microsoft Word
 Microsoft Outlook
 any chat or instant messaging clients that a company might use
 internet browsers
 other programs that the security department is allowing through the firewall
when your computer is set up at work.

Other popular ways of ensuring that the integrity of the network is not
compromised include systems such as proxy servers to make sure that clients do
not directly connect to a web server and packet filtering to make sure that data
inside the packets being sent to a computer on the network do not contain malware.
All of these are technical controls in that both software and hardware are used to
enforce company policy when connecting to the internet or network assets.

There are also policy controls that companies make, such as an acceptable use
policy, and guidance for employees in the employee handbook on their
responsibilities to keep the company network safe. Policy and technical controls
form one part of computer security that everyone should pay attention to when
navigating on the internet.

For more information on this network security please watch these video:

https://wgu.hosted.panopto.com/Panopto/Pages/Viewer.aspx?id=218ae766-3a14-
4822-ac2d-d0dc7ad540ac

Lynda.com video on Firewalls: http://www.lynda.com/IT-IT-Help-Desk-

tutorials/Firewall/184173/187605-4.html

Basic computer security: http://www.lynda.com/IT-IT-Help-Desk-tutorials/Basic-

security/184174/188941-4.html

How attacks work

There are many ways into a computer system at the network level, and in this
section we talk about people. People are always going to be an issue when it comes
to computer security, so much so that we have an entire attack surface devoted to
understanding how people fall for stories that hackers tell them. Social Engineering
relies on people behaving in an insecure manner, something that we all do on a
regular basis including your instructor.

Social engineering is the process of knowing enough about the target to get them to
trust you. If the hacker is interested in getting into a company there are a number of
approaches the hacker can take. The first one is get to know employees at the
company by going through sites likes Linkedin.com and seeing who has the most
complete profiles. The hacker will find out about them, where they work, what they
like, and anything else they have posted that is public. Then, the hacker will cross-
reference this with anything they might have posted on Facebook or Google Plus.
The hacker will next perform a Google search on the user and his or her e-mail
address to see what they post to and any interesting Internet history they might
have. Once the hacker has a fairly complete profile on the desired user, the hacker
can determine how to proceed. The hacker can send them a link, for example for a
Boy Scouts or T-ball sign-up form that has malware embedded. Or, the hacker could
send the user a link to a fake website that looks like the local community web site, in
order to get the user to click on a link that has malware attached so the hacker can
get into their computer system. Once the hacker is in the user’s computer system the
hacker can impersonate the user. It does not matter if it is a home system or a work
system, as many people work from home. The hacker can still get access to work
systems by performing a kind of specifically-targeted attack called phishing for any
employee or whaling for a CEO or other important person in an organization.

You will see that there are many variations of this kind of attack, from “watering
hole”, in which the hacker takes over a web site that people use like Stack Exchange
(a popular computer engineer web site) and infect everyone who goes to that site, to
the more personalized approach of e-mail and getting to be the target’s best friend.

Another popular attack type is to watch what people do at locations that have public
access wireless points that are unsecured. Most computers leak information, even if
it is just broadcast information. There are specific programs that take advantage of
public wireless access points like “firesheep”, which tracks sites that do not use SSL
to capture login cookies. Lack of SSL is common on a network like you will find at
fast food restaurants, hotels, hospitals, airports, and any other place that allows
unrestricted public access to a network. The key to defeating an attack like this is to
always make sure you are using SSL/HTTPS when accessing any web site when you
are on a network you are sharing with people you don’t know or trust. Sniffing the
network for plaintext passwords or other plaintext data is very common in public
networks. The best way to defeat this kind of attack is always use a Virtual Private
Network (VPN) when connecting to your company, and always use SSL to any web
site you visit if that option is available.

Other attacks include the “USB in the parking lot attack”, in which an attacker will
leave malware laden USB sticks in the parking lot of an important company like a
bank or other company. Once the USB has been plugged into a computer, that
computer no longer belongs to the company. There is also the “cleaning person”
routine, in which hackers will deliberately take jobs with companies that clean or
other service used by companies in office buildings like UPS or FedEx to infiltrate a
company.

Password cracking is another method but relies on already being in the company,
or people using insecure passwords. The most common password is still “password”
or “12345678”, allowing a hacker a quick way into an account. To prevent password
cracking and password guessing make sure to enforce through policy complex
passwords like OnTine47% or $$HHJJEEee23.

There is a way to see what others computers your computer is communicating with,
and that is to start up the command window on your computer and type in:

netstat –a or netstat –b

This will show you who you are connected to as shown below:

For more information on using netstat, please view the video here:

https://wgu.hosted.panopto.com/Panopto/Pages/Viewer.aspx?id=819b4fad-ee77-
40d6-99f3-5b71b60dede3

If your computer is communicating with a computer you do not know, or shows

unusual ports open like port 80 and you know you are not running a web server, it is
time to get your computer to the help desk to see if your computer has been
compromised. It is a good idea to run netstat regularly to make sure you know to
whom your computer is talking.

For more information on this subject please watch this video:

https://wgu.hosted.panopto.com/Panopto/Pages/Viewer.aspx?id=cf1ec2a4-34a6-
41c2-8c21-6b9457ce72d5
IPv4 Addressing

IPv4 (Internet Protocol version 4) is the backbone of Internet addressing as used

today. IPv4 is a connectionless protocol used on packet switched (Ethernet) network
using a “best effort” delivery model. Remember that a protocol is a set of rules that
say how computers will talk to each other like TCP, which is connection oriented,
and UDP that is a connectionless protocol, so issues such as data integrity and
error correction are handled using a particular protocol (such as TCP) - protocols
are independent of the IPv4 addressing scheme.

An IPv4 address is 32 bits long, made of 4 Octets that are each 8 bits long. An
example IPv4 address is:

10.24.243.24

IPv4 addresses come in five (5) classes that are used to help define the size and
topology of a network.

IP Address Range Class

0.0.0.0 – 126.255.255.255 (in some Class A address
documentation you might also see this as
127.255.255.255)
128.0.0.0 – 191.255.255.255 Class B Address
192.0.0.0 – 223.255.255.255 Class C Address
224.0.0.0 – 239.255.255.255 Class D Address – does not use a subnet
240.0.0.0 – 254.255.255.255 Class E Address – does not use a subnet

To address the needs of users, a series of IPv4 addresses were set to private so that
companies and users could build large elaborate networks behind one or more
public IP addresses. Private IP addresses are in all ranges A, B, and C:

IP address Type of Private Address

10.0.0.0 to 10.255.255.255
172.16.0.0 to 172.31.255.255
192.168.0.0 to 192.168.255.255
Class A private address range, commonly
used on routers or data centers with
many computers for distributed offices
Class B private address range, commonly
used in companies such as Facebook or
Microsoft for infernal interoffice
computer systems including users
Class C private address range, commonly
used in smaller home or SOHO (Small
Office Home Office) installations –
primarily users

Network Bits and Host Bits

Each class of IP address (A, B, and C) have a process where they identify network
bits verses host bits. A network bit identifies what network a computer resides on,
while the host bits denotes systems or computers that are actual hosts on the
network. For example, a Class A IPv4 address has 8 network bits, but 24 host bits.
This means that the first 8 bits in a Class A address belongs to the network, while the
remaining 24 bits (made of 3 octets) can lead to an individual computer system on
the network. This is important when you start working with subnetting (see below),
but is intrinsic to how the 4 octets of IPv4 are designed.

IP Class Network Bits Host Bits

A 8 24
B 16 16
C 24 8

Here are some examples of IPv4 addresses::

 Class A address of 10.24.25.23: the first octet (10) is the network while
24.25.23 is the host on the 10.x.x.x network.

 Class B address of 129.12.34.35: the first two octets (129.12) are the network
while .34.35 is the host on the 129.12.x.x network

 Class C address of 192.168.12.23: the first three octets (192.168.12) are the
network while 23 is the host address on the 192.168.12.x network

Each of these IP Address classes also has a subnet (Class D and E do not use
subnets) that matches the network address layout. For example, the subnet of a
standard class A IP address is:

10.0.0.0 Class A private address range

255.0.0.0 Class A subnet address

172.16.0.0 Class B private address range

255.255.0.0 Class B subnet address

192.168.0.1 Class C private address range

255.255.255.0 Class C subnet address

These base subnets are used for helping define the boundaries of a network, and we
will cover this more in the subnetting section.

There are also special-purpose IP addresses like Class D and Class E as well as the
local loopback port:
127.0.0.1 – Home or Local Loopback Port – this is a reserved class A IP address to
test how the TCP/IP program on your computer is working. If you can contact
127.0.0.1 (ping localhost) and you get a reply back, then odds are highly likely that
your TCP/IP networking program is working correctly. You will also hear this
loopback address referred to as “home” by network engineers.

Class D IP Addresses – these are used for multi-casting. If you are a very large
company like Microsoft, Facebook, or Google, no one computer can ever be large
enough to take care of the billions of monthly visitors. You would use a Class D IP
address to have many computers respond to the name Microsoft.com or Google.com.
They can also be used for security, such as in preventing Denial of Service (DoS) and
Distributed Denial of Service (DDoS) attacks by making sure there are enough
computers to respond to spikes in user requests that might not be legitimate.

Class E IP Addresses – these are used for experimental purposes. If you are
designing the next great computer application and want to test how it will work on
the Internet, give it a class E IP address for research and development without
disrupting any other network you might be on at the time.

For more information on this subject please watch this video:

https://wgu.hosted.panopto.com/Panopto/Pages/Viewer.aspx?id=082975c7-7a4b-
4d4e-9e88-f00be83fae2c

CIDR Notation

CIDR stands for Classless Inter-Domain Routing and was developed to make it
easier to route packets across the Internet. We remember that IP addresses have the
Network bits and the Host bits that we discussed in the IPv4 section above. CIDR
involves using network bits, also called “significant bits”. When routing on the
Internet it is not necessary to know every host on the Internet; rather, CIDR allows
routers and switches to know where networks reside rather than individual hosts.
CIDR is a shortcut so that network engineers know how many possible available
hosts are on a network. CIDR makes sending a packet from your computer to Google
much faster because the only thing the router needs to know is that Google is on the
6.0.0.0 network and will route accordingly. Not having to know where every host is
makes routing much faster and helps keep the Internet manageable from a network
engineering viewpoint.

The diagram below shows the possible combinations on an IPv4 address with 32
bits in the address. The diagram below shows the binary mask, the CIDR prefix, and
the subnet mask that would be used by a network engineer who is building out a
network for a company.
 Figure 4 From Cisco cisco.com

It is a good idea to memorize this table for future use in the course. The easiest way
to memorize this table is to start with the bases

Class A /8
Class B /16
Class C /24

Then, use the CIDR count method below to calculate CIDR numbers for a network.

Remember that IPv4 relies on 4 octets of 8 bits each to make a 32-bit address. A
helpful way to think about how to calculate the CIDR block is to think of each set of
bits like a number line. The right-most bit is the least significant bit, and signifies a
decimal 1 in the overall subnet mask. The next right-most bit signifies a decimal 2,
the third right-most bit signifies a 4, and so on. This is counting in binary. Using this
logic, the full set of 8 bits in each octet work out this way:

128 64 32 16 8 4 2 1
Adding the numbers above together equals 255. CIDR simply counts the number of
bits that are enabled and ignores everything else. So, if all 8 bits in an octet are on:
11111111 (binary), that equals 255 (128+64+32+16+8+4+2+1) in the subnet mask.

If only a few bits are on, such as 11000000, then from the number line that means
we have turned on 128 and 64. We add these together to give us 192. Using the
number line to count your subnet and CIDR block is a straight-forward way of
solving a CIDR problem.

Full example:

If our subnet is 11111111.111111111.11111111.00000000 then our decimal

number is 255.255.255.0 and our CIDR is /24 because 3 of our 8-bit blocks are fully
enabled, and 3*8 = 24.

If our subnet is 11111111.11111111.11111111.11000000, then our decimal

number is 255.255.255.192 and our CIDR is /26 because when we count we end up
with 26 ‘1’s’ turned on.

We can do this for class A and B subnets as well just by remembering the base of a
class A is 11111111.00000000.000000.000000 255.0.0.0 /8 and a class B is
11111111.11111111.00000000.00000000 255.255.0.0 /16.

Sometimes we can borrow from a network address and use host bits to make a new
subnet. For example, let’s say I need a Class A network subnet mask that is CIDR /9.
Using the same number line method, that would equal:

11111111.10000000.0000000.0000000 or 255.128.0.0. I borrowed the first

number (128) from the host address and added it to our subnet mask.

For more information on this subject please watch this video:

https://wgu.hosted.panopto.com/Panopto/Pages/Viewer.aspx?id=2cb81b9b-50c7-
40c5-b1ed-a1fd310ff148

Subnetting

Now that we know how an IPv4 address is comprised of 32 bits in 4 octets of 8 bits
each, and that we know CIDR is a short hand notation for making routing tables
smaller by only needing to know the network not the host, we can start thinking
about subnetting. There are many reasons to break up a network into smaller more
manageable sections, and that is what subnetting allows the network engineer to do.

It is important to remember that all networks have a maximum number of

assignable IP addresses; for example, for a class C it is 255 available IP addresses.
However, only 254 of these are available host addresses because one address in the
range is reserved for the broadcast address. Because 255 is not a multiple of 2
(remember everything in IPv4 can be brought back to binary), for convention we say
that there are 256 (128*2) assignable IP addresses and 254 available host
addresses. It is important to remember that we only need the number 256 for math.
As we progress through subnetting we will see that the last IP address in a range or
in a subnet by convention is generally dropped and not used, but we have to take it
into account when we do the math.

Subnet example:

Let’s imagine we have a class C network that we need to split into 2 equal segments.
With a class C network, we know we have 24 network bits and 8 host bits. The
maximum number of available hosts is theoretically 255
(=128+64+32+16+8+4+2+1) but since one half of 255 is a fraction, that will not
work in terms of the math.

So, we need to use 256 because one half of 256 takes us to 128, or one half of the
network we are working with. This is the only time that the number of 256 will
show up in the math that we use for calculating a subnet. We need it to get to the
first number of 128 so we know what host bit to use for our subnet in our number
line.

We know from our previous lessons that a class C network is 255.255.255.0 /24. If
we need one half of that number, we can use our number line. We divide 256 by 2
and get 128, or our first number on our number line. Based on that, we next do the
following:

255.255.255.128 is the division between the first and second subnet:

11111111.11111111.11111111.10000000

Because we took 1 bit from the hosts to be a network bit, we count all our 1’s and
come to 25. So, our CIDR notation for this subnet would be /25.

We can do this same thing for a class A or class B network.

One half of a Class A network is also 128, but our position in the IP address is
different and our CIDR is different.

255.128.0.0
11111111.10000000.00000000.00000000 and the CIDR is /9.

One half of a Class B network would look like this:

255.255.128.0
11111111.11111111.10000000.00000000
Or, in other words, CIDR /17

What happens if we need a one quarter of a network?

256 / 4 = 64
We would subtract 64 from 256 and arrive at 192. Using our number line, we count
the number of bits that we need to borrow from the hosts:

128 64 32 16 8 4 2 1
1 1 0 0 0 0 0 0 = 192 (128 + 64)

Our subnet for a Class C would then be:

255.255.255.192 with a CIDR of /26

Our subnet for a Class B would then be:

255.255.192.0
CIDR /18

Our subnet for a Class A would then be:

255.192.0.0
CIDR /10

As long as you remember that IPv4 addresses are 32 bits, 4 octets of 8 bits each,
subnetting a network can be straightforward. Remember the number line to
calculate the CIDR block, and memorize the table so that you know the number of
available hosts on a network.

For more information on this subject please watch this video:

https://wgu.hosted.panopto.com/Panopto/Pages/Viewer.aspx?id=63d2d770-c8c2-
4377-84d0-ce8e0ec4ece0

Key Terms

Internet – a global network where people can share and store data

MRI – Magnetic Resonance Imager produces images of organs and structures within
the body

CAT Scan – X-Ray test to produce cross-sectional images of an object

HIPAA – Health Information Portability and Accounting Act

FDA – Food and Drug Administration

Imaging PACS - (picture archiving and communication system) is a healthcare

technology for the short- and long-term storage, retrieval, management, distribution
and presentation of medical images.

EHR – Electronic Health Records

CPOE – Computerized Physician Order Entry for Medication

Network – A method for two or more computers to communicate with each other

Workstation - A computer that a person uses to accomplish work

Host – see workstation

Ad-Hock Network – a non-centralized network made of computers without any

specific server or topology

SOHO – Small Office Home Office

LAN – Local Area Network

WAN – Wide Area Network

Topology – how a network is designed at the physical layer

Token Ring – an older topology in the shape of a ring where computers talk to each
other by sharing a token

Bus Network – a single cable terminated by 50-Ohm caps that all computers share

Star Network – a modern design with a switch that performs routing and sharing
decisions for the computers on the network

Mesh – a fault tolerant network topology where all computers are interconnected to
each other

Broadcast Message – a message sent to all computers on a network

UTP – Unshielded Twisted Pair copper cable

EMI – Electromagnetic interference

Fiber Optic – cables made of glass or plastic that carry data using lasers

LED – Light Emitting Diode

Bandwidth – the data carried on a signal

Cross Talk – two data streams that interfere with each other

Signal Attenuation – the distance that a signal can be received

IEEE 802.11 – A Wireless Local Area Network standard for the physical layer

MAC – Media Access Control found on layer 2 of a network

OSI Model – A reference guide called the Open Systems Interconnect with seven
layers

TCP/IP Model – A reference guide used in conjunction with the OSI model but with
only four layers

Malware – An overall term for software designed to harm computers or software

Virus – a malware program that requires human effort to propagate

Worm – a malware program that can propagate and replicate without human
intervention

Trojan – a malware program that looks like a useful program but can damage a
computer system

Heuristic anti-virus software – a behavioral and rules based way of detecting

malware

Proxy Server – a specialized server that provides logging, caching, and filtering of
web sites or other services

Packet Filtering – a method used to ensure that data inside a network session does
not contain malware

Technical controls – hardware and software used to implement company policies

Policy Controls – polices created by companies that set down minimum standards
that will be followed by all employees of a company
Social Engineering – a hacking method that can be used against people to click a link
or turn over a username and password

Phishing – a social engineering practice used to trick a person into clicking a link to
malware

Whaling – a social engineering practice that directly targets CEO’s and other C suite
executives to compromise their computers

Sniffing – a technological way of obtaining computer traffic for later off line analysis

SSL – Secure Sockets Layer – used to encrypt sessions between servers and
workstations

HTTPS – Secure Hyper Text Transfer Protocol – used to secure data transmission
between a web server and a work station

Password Cracking – a technological method for breaking passwords

IPv4 – a 32 bit addressing scheme used to send data between computers

Octet – a subdivision of an IPv4 address comprising 8 bits

DOS – Denial of Service one computer attacking another computer

DDoS – Distributed Denial of Service – many computers attacking another computer

Local Loopback – also known as home, a special IPv4 address to test the local
connection to the network

CIDR – Classless Inter-Domain Routing – a shorthand for routing packets on the

network

References:

http://www.hhs.gov/ocr/privacy/hipaa/faq/securityrule/

http://www.fda.gov/MedicalDevices/DeviceRegulationandGuidance/Overview/