Computer Networking

WebSockets are a communication protocol that provides a full-duplex, persistent communication channel over a single TCP connection. It is part of the HTML5 specification.

Unlike the traditional HTTP request-response model where the client must initiate every request, WebSockets allow the server to push data to the client at any time without the client having to request it. This makes it ideal for real-time applications.

Key Differences from HTTP:

• Connection: WebSockets maintain a long-lived, persistent connection. HTTP connections are typically short-lived.
• Communication: WebSockets are bi-directional (full-duplex). HTTP is uni-directional (client requests, server responds).
• Overhead: After the initial handshake, WebSocket data frames have very little overhead compared to the repetitive headers in HTTP requests.
• Use Cases: Real-time chat applications, live sports tickers, collaborative editing tools, multiplayer online games.

CSMA/CA (Carrier Sense Multiple Access with Collision Avoidance) is the media access method used in wireless networks (Wi-Fi, 802.11).

It is different from CSMA/CD (used in wired Ethernet) because in a wireless environment, a station cannot listen while sending (it would just hear its own loud transmission). It's also difficult to detect collisions due to the 'hidden node problem'.

CSMA/CA works by trying to avoid collisions before they happen:

1. Listen Before Talk: Like CSMA/CD, it first senses the medium to see if it's idle.
2. Collision Avoidance: Before transmitting, it sends out a small Request to Send (RTS) packet. The Access Point then replies with a Clear to Send (CTS) packet. All other stations on the network hear the CTS and know to wait until the transmission is over.
3. Acknowledgment (ACK): After the data is sent, the receiver sends an ACK to confirm successful reception. If the sender doesn't receive an ACK, it assumes a collision occurred and retransmits.

In summary, CSMA/CD detects collisions and reacts, while CSMA/CA tries to avoid them in the first place.

A Virtual Private Cloud (VPC) is a secure, isolated private cloud hosted within a public cloud. It provides a logically isolated section of a public cloud provider's infrastructure where a customer can launch resources in a virtual network that they define.

Essentially, a VPC allows you to have your own private data center within the public cloud (like AWS, Azure, or Google Cloud). You have complete control over your virtual networking environment, including:

• Selecting your own IP address range.
• Creation of subnets (public and private).
• Configuration of route tables.
• Configuration of network gateways and firewalls (Security Groups and NACLs).

A honeypot is a decoy computer system or network resource set up to attract and trap cyber attackers. It is designed to look like a legitimate and vulnerable target, but it is actually isolated and heavily monitored.

The purpose of a honeypot is not to block attacks, but to:

• Study Attacker Methods: Security professionals can observe the attacker's techniques, tools, and behavior in a safe environment.
• Gather Threat Intelligence: It helps in understanding new malware and attack vectors.
• Divert Attackers: It can distract attackers from the real, valuable systems on the network.
• Early Warning System: An interaction with a honeypot can serve as an early warning that an attack is underway.

Both are security systems that monitor network traffic for malicious activity, but they differ in their response.

• An Intrusion Detection System (IDS) is a passive monitoring system. It analyzes traffic and, if it detects a potential threat, it generates an alert and logs the activity. It's like a security camera that records a break-in and alerts the police, but doesn't stop the intruder itself.
• An Intrusion Prevention System (IPS) is an active, inline system. It not only detects malicious activity but also takes automated action to block or prevent it. It's like a security guard who not only spots the intruder but also actively blocks them from entering. An IPS can drop malicious packets, block traffic from a source IP, or reset a connection.

In short: IDS detects and alerts, while IPS detects and prevents.

The Nagle algorithm is a mechanism in TCP designed to improve the efficiency of TCP/IP networks by reducing the number of small packets sent over the network.

It works by combining a number of small outgoing messages and sending them all at once. Specifically, as long as there is a sent packet for which the sender has not yet received an acknowledgment, the sender will keep buffering any new small packets until a full-sized packet (MTU) is ready to be sent or until the acknowledgment for the previous packet arrives.

This reduces network congestion caused by many small 'tinygram' packets, but it can introduce a small delay. For this reason, it is sometimes disabled for applications that require very low latency, such as real-time online gaming.

APIPA (Automatic Private IP Addressing) is a feature in operating systems (like Windows) that allows a device to automatically assign itself an IP address if it cannot contact a DHCP server.

When a device is configured to use DHCP but fails to receive an address, it will assign itself an IP address from the reserved APIPA range: 169.254.0.1 to 169.254.255.254 with a subnet mask of 255.255.0.0.

This allows devices on a small local network to communicate with each other without a DHCP server or manual configuration. However, a device with an APIPA address cannot communicate with other subnets or the internet because it has no default gateway information.

A digital certificate, also known as an SSL/TLS certificate, is a data file used in cryptography to verify the identity of an entity, such as a website, and to enable encrypted communication.

It works like a digital passport. It contains key information:

• The domain name it was issued for.
• The entity that owns it (person or organization).
• The public key of the entity.
• The digital signature of the Certificate Authority (CA) that issued it.
• The certificate's issue date and expiration date.

When you visit an HTTPS website, your browser receives its digital certificate. The browser checks if the certificate is valid and was issued by a trusted CA. This process authenticates the website and allows your browser to use the website's public key to establish a secure, encrypted connection.

These are two fundamental types of encryption.

• Symmetric Encryption:
  • Uses a single, shared key to both encrypt and decrypt data.
  • Both the sender and the receiver must have the same secret key.
  • It is very fast and efficient.
  • Challenge: Securely sharing the secret key in the first place.
  • Examples: AES, DES, 3DES.
• Asymmetric Encryption (Public-Key Cryptography):
  • Uses a pair of keys: a public key and a private key.
  • The public key can be shared freely and is used to encrypt data.
  • The corresponding private key is kept secret and is the only key that can decrypt the data.
  • It is much slower than symmetric encryption.
  • Use Case: Often used to securely exchange the secret key for symmetric encryption at the beginning of a session (like in a TLS handshake). Also used for digital signatures.
  • Examples: RSA, ECC.

The three-tier (or hierarchical) network model is a common design for building scalable, reliable, and high-performance enterprise networks. It divides the network into three logical layers:

1. Core Layer: This is the high-speed backbone of the network. Its only job is to switch traffic as fast as possible. It provides high availability and redundancy and connects different distribution layer blocks.
2. Distribution Layer: This layer acts as the communication point between the access and core layers. It is where routing policies, access control lists (ACLs), and QoS are implemented. It aggregates the traffic from all the access layer switches.
3. Access Layer: This is the layer where end-user devices (computers, phones, printers) connect to the network. It provides port security and traffic segmentation through mechanisms like VLANs.