Beyond Networking 101

There are lots of resources that explain the basics of computer networking.  Here is a quick recap of basic networking 101 concepts.  If you are already familiar with the basics, jump ahead to learn why the networking 101 concepts you understand are no longer valid.

What is a computer network?

Computer networks enable communication between multiple devices.  These devices could be your phone, laptop, a data center in your office, instances hosted in public or private clouds, or the IoT (Internet of Things) devices that all connect to a central location.  The network will include infrastructure such as routers, switches, access points, and more which will relay the information between the communicating devices.

Geographic location defines a computer network as well.  Here are common computer network types:

• LAN (local area network) - connects devices within a building or school.  LANs are privately owned and managed.
• WLAN (wireless local area network) - the same as LAN with the distinction that communication is made wirelessly.
• WAN (wide area network) - connects devices or networks across a wide area such as region to region or continent to continent.
• MAN (metropolitan area network) - more extensive than a LAN but smaller than a WAN.  Cities and governments typically own and manage MANs.
• PAN (personal area network) - serving one person.  Connecting their phone to their computer is a common example.
• SAN (storage area network) - a specialized network that provides access to block-level storage (either on the network or in the cloud)
• CAN (campus area network) - also known as corporate area network.  CANs serve sites such as colleges, universities, and business campuses.
• VPN (virtual private network) - a secure connection between two endpoints.  A VPN establishes an encrypted channel that keeps communications between devices secure.
• Firewall - network security device that decides whether to allow or block incoming and outgoing traffic based on rules.

What are common terms to know when discussing computer networking?

• IP Address - an IP address is a unique number assigned to every device connected to a network.  The address identifies the device’s host network and location.
• Nodes - a node is a connection point inside a network that can receive, send, create, or store data.  Each node requires some form of identification such as an IP address.  Examples: computers, printers, routers, switches.
• Routers - a router is a device that sends the information contained in data packets between networks.  Routers analyze data traffic to determine the best way for the information to reach its destination.
• Switches - a switch connects other devices and manages node to node communication within a network.  A switch sends information between nodes in a single network.
• Ports - a port identifies a specific connection between network devices.  A port is identified by a number.  If you imagine an IP address is the address of an apartment building, the ports are individual apartments.  Computers use port numbers to determine which application, service, or process should receive the data.

Legacy network communications

To share data on Internet, the data needs to be accessible via a public IP address and port.  A browser request to www.google.com will be sent to a DNS (domain name server) which will translate the domain name into an IP address.  Web traffic is port 80 by default.  Your request will be sent to an IP address at port 80.  Google will receive your request and return the webpage content you are looking for.

Since the inception of the Internet, this is how requests for information have been made.  For a public-facing website such as Google, this is fine.  But companies also had to utilize the same communication model for private data.  Let's imagine an MIT research team needs access to a database at Harvard.  Harvard would have to expose the database on a public IP address with the open 3306 port (assuming it’s a standard MySQL configuration).

Now anyone on the Internet can access that IP address and port and connect to the database. The database may have additional authentication to prevent access. This simple act of exposing the database on the Internet has increased the attack surface. Attackers can take advantage of existing CVEs (Common Vulnerabilities and Exposures).

Evolved network communications

Networking textbooks won’t have the following information.  

You can share any resource such as a web application, database, or file server over the Internet without exposing the device to the Internet.  The device doesn’t have a public IP address, and no port has to be open on the router or firewall.

But how can this be?  Read our Advanced Networking for the Cloud Connected World whitepaper for a deeper technical discussion.

‍