Additional Knowledge Material

(Faculty E-Notes)

 COURSE: BBA 5TH SEMESTER

 UNIVERSITY: MAHARSHI DAYANAND UNIVERSITY
 SUBJECT: COMPUTER NETWORKING AND INTERNET
 SUBJECT CODE: BBAN - 504
 UNIT NO & NAME: UNIT 2: COMPUTER NETWORK MODELS
AND PROTOCOLS
 NAME OF THE FACULTY: PREETI

1
UNIT - 2 – COMPUTER NETWORK MODELS AND PROTOCOLS

S.No Topic Page Number

OSI and TCP/IP Model, Protocols and their
1 03 – 16
classification
2 Flow Control and Cryptography 20 – 30
3 Ranking, Firewall 31 - 47

2
COMPUTER NETWORK MODELS
A communication subsystem is a complex piece of Hardware and software. Early attempts for
implementing the software for such subsystems were based on a single, complex, unstructured program
with many interacting components. The resultant software was very difficult to test and modify. To
overcome such problem, the ISO has developed a layered approach. In a layered approach, networking
concept is divided into several layers, and each layer is assigned a particular task. Therefore, we can say
that networking tasks depend upon the layers.

LAYERED ARCHITECTURE
 The main aim of the layered architecture is to divide the design into small pieces. 
 Each lower layer adds its services to the higher layer to provide a full set of services to manage
communications and run the applications. 
 It provides modularity and clear interfaces, i.e., provides interaction between subsystems. 
 It ensures the independence between layers by providing the services from lower to higher layer
without defining how the services are implemented. Therefore, any modification in a layer will not
affect the other layers.
 The number of layers, functions, contents of each layer will vary from network to network. However,
the purpose of each layer is to provide the service from lower to a higher layer and hiding the details
from the layers of how the services are implemented.
 The basic elements of layered architecture are services, protocols, and interfaces.
o Service: It is a set of actions that a layer provides to the higher layer.
o Protocol: It defines a set of rules that a layer uses to exchange the information with peer entity.
These rules mainly concern about both the contents and order of the messages used.
o Interface: It is a way through which the message is transferred from one layer to another layer.
 In a layer n architecture, layer n on one machine will have a communication with the layer n on
another machine and the rules used in a conversation are known as a layer-n protocol.
Let's take an example of the five-layered architecture.

3
 In case of layered architecture, no data is transferred from layer n of one machine to layer n of
another machine. Instead, each layer passes the data to the layer immediately just below it, until the
lowest layer is reached.
 Below layer 1 is the physical medium through which the actual communication takes place.
 In a layered architecture, unmanageable tasks are divided into several small and manageable tasks.
 The data is passed from the upper layer to lower layer through an interface. A Layered architecture
provides a clean-cut interface so that minimum information is shared among different layers. It also
ensures that the implementation of one layer can be easily replaced by another implementation.
 A set of layers and protocols is known as network architecture.
 Why do we require Layered architecture?
 Divide-and-conquer approach: Divide-and-conquer approach makes a design process in such a way
that the unmanageable tasks are divided into small and manageable tasks. In short, we can say that
this approach reduces the complexity of the design.
 Modularity: Layered architecture is more modular. Modularity provides the independence of layers,
which is easier to understand and implement.
 Easy to modify: It ensures the independence of layers so that implementation in one layer can be
changed without affecting other layers.
 Easy to test: Each layer of the layered architecture can be analyzed and tested individually.

OSI Model
 OSI stands for Open System Interconnection is a reference model that describes how information
from a software application in one computer moves through a physical medium to the software
application in another computer.
 OSI consists of seven layers, and each layer performs a particular network function.
 OSI model was developed by the International Organization for Standardization (ISO) in 1984, and it
is now considered as an architectural model for the inter-computer communications.
 OSI model divides the whole task into seven smaller and manageable tasks. Each layer is assigned a
particular task.
 Each layer is self-contained, so that task assigned to each layer can be performed independently.
 Characteristics of OSI Model:

4
 The OSI model is divided into two layers: upper layers and lower layers.
 The upper layer of the OSI model mainly deals with the application related issues, and they are
implemented only in the software. The application layer is closest to the end user. Both the end user
and the application layer interact with the software applications. An upper layer refers to the layer just
above another layer.
 The lower layer of the OSI model deals with the data transport issues. The data link layer and the
physical layer are implemented in hardware and software. The physical layer is the lowest layer of the
OSI model and is closest to the physical medium. The physical layer is mainly responsible for placing
the information on the physical medium.

7 Layers of OSI Model

There are the seven OSI layers. Each layer has different functions. A list of seven layers are given below:
1. Physical Layer
2. Data-Link Layer
3. Network Layer
4. Transport Layer
5. Session Layer
6. Presentation Layer
7. Application Layer

5
 1. Physical layer

 The main functionality of the physical layer is to transmit the individual bits from one node to another
node.
 It is the lowest layer of the OSI model.
 It establishes, maintains and deactivates the physical connection.
 It specifies the mechanical, electrical and procedural network interface specifications.

Functions of a Physical layer:

 Line Configuration: It defines the way how two or more devices can be connected physically.
 Data Transmission: It defines the transmission mode whether it is simplex, half-duplex or full-
duplex mode between the two devices on the network.
 Topology: It defines the way how network devices are arranged.
 Signals: It determines the type of the signal used for transmitting the information.

2. Data-Link Layer

6
 This layer is responsible for the error-free transfer of data frames.
 It defines the format of the data on the network.
 It provides a reliable and efficient communication between two or more devices.
 It is mainly responsible for the unique identification of each device that resides on a local network.
 It contains two sub-layers:
o Logical Link Control Layer
 It is responsible for transferring the packets to the Network layer of the receiver that is
receiving.
 It identifies the address of the network layer protocol from the header.
 It also provides flow control.
o Media Access Control Layer
 A Media access control layer is a link between the Logical Link Control layer and the
network's physical layer.
 It is used for transferring the packets over the network.

Functions of the Data-link layer

 Framing: The data link layer translates the physical's raw bit stream into packets known as Frames.
The Data link layer adds the header and trailer to the frame. The header which is added to the frame
contains the hardware destination and source address.

 Physical Addressing: The Data link layer adds a header to the frame that contains a destination
address. The frame is transmitted to the destination address mentioned in the header.
 Flow Control: Flow control is the main functionality of the Data-link layer. It is the technique
through which the constant data rate is maintained on both the sides so that no data get corrupted. It
ensures that the transmitting station such as a server with higher processing speed does not exceed the
receiving station, with lower processing speed. 
 Error Control: Error control is achieved by adding a calculated value CRC (Cyclic Redundancy
Check) that is placed to the Data link layer's trailer which is added to the message frame before it is
sent to the physical layer. If any error seems to occurr, then the receiver sends the acknowledgment
for the retransmission of the corrupted frames.
 Access Control: When two or more devices are connected to the same communication channel, then
the data link layer protocols are used to determine which device has control over the link at a given
time.

7
 3. Network Layer

 It is a layer 3 that manages device addressing, tracks the location of devices on the network.
 It determines the best path to move data from source to the destination based on the network
conditions, the priority of service, and other factors.
 The Data link layer is responsible for routing and forwarding the packets.
 Routers are the layer 3 devices, they are specified in this layer and used to provide the routing
services within an internetwork.
 The protocols used to route the network traffic are known as Network layer protocols. Examples of
protocols are IP and Ipv6.

Functions of Network Layer:

 Internetworking: An internetworking is the main responsibility of the network layer. It provides a
logical connection between different devices.
 Addressing: A Network layer adds the source and destination address to the header of the frame.
Addressing is used to identify the device on the internet.
 Routing: Routing is the major component of the network layer, and it determines the best optimal
path out of the multiple paths from source to the destination.
 Packetizing: A Network Layer receives the packets from the upper layer and converts them into
packets. This process is known as Packetizing. It is achieved by internet protocol (IP).

8
 4. Transport Layer

 The Transport layer is a Layer 4 ensures that messages are transmitted in the order in which they are
sent and there is no duplication of data.
 The main responsibility of the transport layer is to transfer the data completely. 
 It receives the data from the upper layer and converts them into smaller units known as segments.
 This layer can be termed as an end-to-end layer as it provides a point-to-point connection between
source and destination to deliver the data reliably. 

The two protocols used in this layer are:

 Transmission Control Protocol
o It is a standard protocol that allows the systems to communicate over the internet.
o It establishes and maintains a connection between hosts.
o When data is sent over the TCP connection, then the TCP protocol divides the data into smaller
units known as segments. Each segment travels over the internet using multiple routes, and they
arrive in different orders at the destination. The transmission control protocol reorders the packets
in the correct order at the receiving end.
 User Datagram Protocol
o User Datagram Protocol is a transport layer protocol.
o It is an unreliable transport protocol as in this case receiver does not send any acknowledgment
when the packet is received, the sender does not wait for any acknowledgment. Therefore, this
makes a protocol unreliable.

Functions of Transport Layer:

 Service-point addressing: Computers run several programs simultaneously due to this reason, the
transmission of data from source to the destination not only from one computer to another computer
but also from one process to another process. The transport layer adds the header that contains the
address known as a service-point address or port address. The responsibility of the network layer is to
transmit the data from one computer to another computer and the responsibility of the transport layer
is to transmit the message to the correct process.
9
 Segmentation and reassembly: When the transport layer receives the message from the upper layer,
it divides the message into multiple segments, and each segment is assigned with a sequence number
that uniquely identifies each segment. When the message has arrived at the destination, then the
transport layer reassembles the message based on their sequence numbers. 
 Connection control: Transport layer provides two services Connection-oriented service and
connectionless service. A connectionless service treats each segment as an individual packet, and they
all travel in different routes to reach the destination. A connection-oriented service makes a
connection with the transport layer at the destination machine before delivering the packets. In
connection-oriented service, all the packets travel in the single route.
 Flow control: The transport layer also responsible for flow control but it is performed end-to-end
rather than across a single link.
 Error control: The transport layer is also responsible for Error control. Error control is performed
end-to-end rather than across the single link. The sender transport layer ensures that message reach at
the destination without any error.

5. Session Layer

 It is a layer 3 in the OSI model.

 The Session layer is used to establish, maintain and synchronizes the interaction between
communicating devices.

Functions of Session layer:

 Dialog control: Session layer acts as a dialog controller that creates a dialog between two processes
or we can say that it allows the communication between two processes which can be either half-
duplex or full-duplex.
 Synchronization: Session layer adds some checkpoints when transmitting the data in a sequence. If
some error occurs in the middle of the transmission of data, then the transmission will take place
again from the checkpoint. This process is known as Synchronization and recovery.

10
 6. Presentation Layer

 A Presentation layer is mainly concerned with the syntax and semantics of the information exchanged
between the two systems.
 It acts as a data translator for a network.
 This layer is a part of the operating system that converts the data from one presentation format to
another format.
 The Presentation layer is also known as the syntax layer.

Functions of Presentation layer:

 Translation: The processes in two systems exchange the information in the form of character strings,
numbers and so on. Different computers use different encoding methods, the presentation layer
handles the interoperability between the different encoding methods. It converts the data from sender-
dependent format into a common format and changes the common format into receiver-dependent
format at the receiving end.
 Encryption: Encryption is needed to maintain privacy. Encryption is a process of converting the
sender-transmitted information into another form and sends the resulting message over the network.
 Compression: Data compression is a process of compressing the data, i.e., it reduces the number of
bits to be transmitted. Data compression is very important in multimedia such as text, audio, video.

11
 7. Application Layer

 An application layer serves as a window for users and application processes to access network
service.
 It handles issues such as network transparency, resource allocation, etc.
 An application layer is not an application, but it performs the application layer functions.
 This layer provides the network services to the end-users.
 Functions of Application layer:
 File transfer, access, and management (FTAM): An application layer allows a user to access the
files in a remote computer, to retrieve the files from a computer and to manage the files in a remote
computer.
 Mail services: An application layer provides the facility for email forwarding and storage.
 Directory services: An application provides the distributed database sources and is used to provide
that global information about various objects.

TCP/IP model
 The TCP/IP model was developed prior to the OSI model.
 The TCP/IP model is not exactly similar to the OSI model. 
 The TCP/IP model consists of five layers: the application layer, transport layer, network layer, data
link layer and physical layer.
 The first four layers provide physical standards, network interface, internetworking, and transport
functions that correspond to the first four layers of the OSI model and these four layers are
represented in TCP/IP model by a single layer called the application layer.
 TCP/IP is a hierarchical protocol made up of interactive modules, and each of them provides specific
functionality. 
Here, hierarchical means that each upper-layer protocol is supported by two or more lower-level
protocols.

12
Functions of TCP/IP layers:

Network Access Layer

 A network layer is the lowest layer of the TCP/IP model. 
 A network layer is the combination of the Physical layer and Data Link layer defined in the OSI
reference model.
 It defines how the data should be sent physically through the network.
 This layer is mainly responsible for the transmission of the data between two devices on the same
network.
 The functions carried out by this layer are encapsulating the IP datagram into frames transmitted by
the network and mapping of IP addresses into physical addresses. 
 The protocols used by this layer are ethernet, token ring, FDDI, X.25, frame relay. 

Internet Layer
 An internet layer is the second layer of the TCP/IP model. 
 An internet layer is also known as the network layer.
 The main responsibility of the internet layer is to send the packets from any network, and they arrive
at the destination irrespective of the route they take.

Following are the protocols used in this layer are:

IP Protocol: IP protocol is used in this layer, and it is the most significant part of the entire TCP/IP suite.
Following are the responsibilities of this protocol:
 IP Addressing: This protocol implements logical host addresses known as IP addresses. The IP
addresses are used by the internet and higher layers to identify the device and to provide internetwork
routing. 
 Host-to-host communication: It determines the path through which the data is to be transmitted.

13
 Data Encapsulation and Formatting: An IP protocol accepts the data from the transport layer
protocol. An IP protocol ensures that the data is sent and received securely, it encapsulates the data
into message known as IP datagram.
 Fragmentation and Reassembly: The limit imposed on the size of the IP datagram by data link
layer protocol is known as Maximum Transmission unit (MTU). If the size of IP datagram is greater
than the MTU unit, then the IP protocol splits the datagram into smaller units so that they can travel
over the local network. Fragmentation can be done by the sender or intermediate router. At the
receiver side, all the fragments are reassembled to form an original message. 
 Routing: When IP datagram is sent over the same local network such as LAN, MAN, WAN, it is
known as direct delivery. When source and destination are on the distant network, then the IP
datagram is sent indirectly. This can be accomplished by routing the IP datagram through various
devices such as routers.

ARP Protocol
 ARP stands for Address Resolution Protocol. 
 ARP is a network layer protocol which is used to find the physical address from the IP address.
 The two terms are mainly associated with the ARP Protocol: 
o ARP request: When a sender wants to know the physical address of the device, it broadcasts the
ARP request to the network.
o ARP reply: Every device attached to the network will accept the ARP request and process the
request, but only recipient recognize the IP address and sends back its physical address in the
form of ARP reply. The recipient adds the physical address both to its cache memory and to the
datagram header

ICMP Protocol
 ICMP stands for Internet Control Message Protocol.
 It is a mechanism used by the hosts or routers to send notifications regarding datagram problems back
to the sender.
 A datagram travels from router-to-router until it reaches its destination. If a router is unable to route
the data because of some unusual conditions such as disabled links, a device is on fire or network
congestion, then the ICMP protocol is used to inform the sender that the datagram is undeliverable.
 An ICMP protocol mainly uses two terms:
o ICMP Test: ICMP Test is used to test whether the destination is reachable or not.
o ICMP Reply: ICMP Reply is used to check whether the destination device is responding or not.
 The core responsibility of the ICMP protocol is to report the problems, not correct them. The
responsibility of the correction lies with the sender.
 ICMP can send the messages only to the source, but not to the intermediate routers because the IP
datagram carries the addresses of the source and destination but not of the router that it is passed to.

14
Transport Layer
The transport layer is responsible for the reliability, flow control, and correction of data which is being
sent over the network.
The two protocols used in the transport layer are User Datagram protocol and Transmission control
protocol.
 User Datagram Protocol (UDP)
o It provides connectionless service and end-to-end delivery of transmission.
o It is an unreliable protocol as it discovers the errors but not specify the error.
o User Datagram Protocol discovers the error, and ICMP protocol reports the error to the sender
that user datagram has been damaged.
o UDP consists of the following fields:
Source port address: The source port address is the address of the application program that has
created the message.
Destination port address: The destination port address is the address of the application program
that receives the message.
Total length: It defines the total number of bytes of the user datagram in bytes.
Checksum: The checksum is a 16-bit field used in error detection.
o UDP does not specify which packet is lost. UDP contains only checksum; it does not contain any
ID of a data segment.

 Transmission Control Protocol (TCP)

o It provides a full transport layer services to applications.
o It creates a virtual circuit between the sender and receiver, and it is active for the duration of the
transmission.
o TCP is a reliable protocol as it detects the error and retransmits the damaged frames. Therefore, it
ensures all the segments must be received and acknowledged before the transmission is
considered to be completed and a virtual circuit is discarded.

15
 o At the sending end, TCP divides the whole message into smaller units known as segment, and
each segment contains a sequence number which is required for reordering the frames to form
an original message.
o At the receiving end, TCP collects all the segments and reorders them based on sequence
numbers.

Application Layer
 An application layer is the topmost layer in the TCP/IP model. 
 It is responsible for handling high-level protocols, issues of representation.
 This layer allows the user to interact with the application. 
 When one application layer protocol wants to communicate with another application layer, it
forwards its data to the transport layer.
 There is an ambiguity occurs in the application layer. Every application cannot be placed inside the
application layer except those who interact with the communication system. For example: text editor
cannot be considered in application layer while web browser using HTTP protocol to interact with
the network where HTTP protocol is an application layer protocol. 

Following are the main protocols used in the application layer:

 HTTP: HTTP stands for Hypertext transfer protocol. This protocol allows us to access the data over
the World Wide Web. It transfers the data in the form of plain text, audio, video. It is known as a
Hypertext transfer protocol as it has the efficiency to use in a hypertext environment where there are
rapid jumps from one document to another.
 SNMP: SNMP stands for Simple Network Management Protocol. It is a framework used for
managing the devices on the internet by using the TCP/IP protocol suite. 
 SMTP: SMTP stands for Simple mail transfer protocol. The TCP/IP protocol that supports the e-mail
is known as a Simple mail transfer protocol. This protocol is used to send the data to another e-mail
address.
 DNS: DNS stands for Domain Name System. An IP address is used to identify the connection of a
host to the internet uniquely. But, people prefer to use the names instead of addresses. Therefore, the
system that maps the name to the address is known as Domain Name System.
 TELNET: It is an abbreviation for Terminal Network. It establishes the connection between the local
computer and remote computer in such a way that the local terminal appears to be a terminal at the
remote system.
 FTP: FTP stands for File Transfer Protocol. FTP is a standard internet protocol used for transmitting
the files from one computer to another computer.

16
Data Link Controls
Data Link Control is the service provided by the Data Link Layer to provide reliable data transfer over
the physical medium. For example, In the half-duplex transmission mode, one device can only transmit
the data at a time. If both the devices at the end of the links transmit the data simultaneously, they will
collide and leads to the loss of the information. The Data link layer provides the coordination among the
devices so that no collision occurs.
The Data link layer provides three functions:
 Line discipline
 Flow Control
 Error Control

Line Discipline
 Line Discipline is a functionality of the Data link layer that provides the coordination among the link
systems. It determines which device can send, and when it can send the data.
Line Discipline can be achieved in two ways:
 ENQ/ACK
 Poll/select 

END/ACK
END/ACK stands for Enquiry/Acknowledgement is used when there is no wrong receiver available on
the link and having a dedicated path between the two devices so that the device capable of receiving the
transmission is the intended one.
END/ACK coordinates which device will start the transmission and whether the recipient is ready or not.

Working of END/ACK
The transmitter transmits the frame called an Enquiry (ENQ) asking whether the receiver is available to
receive the data or not.
The receiver responses either with the positive acknowledgement (ACK) or with the negative
acknowledgement (NACK) where positive acknowledgement means that the receiver is ready to receive

17
the transmission and negative acknowledgement means that the receiver is unable to accept the
transmission.

Following are the responses of the receiver:

 If the response to the ENQ is positive, the sender will transmit its data, and once all of its data has
been transmitted, the device finishes its transmission with an EOT (END-of-Transmission) frame. 
 If the response to the ENQ is negative, then the sender disconnects and restarts the transmission at
another time.
 If the response is neither negative nor positive, the sender assumes that the ENQ frame was lost
during the transmission and makes three attempts to establish a link before giving up.

18
Poll/Select
The Poll/Select method of line discipline works with those topologies where one device is designated as a
primary station, and other devices are secondary stations.
Working of Poll/Select
 In this, the primary device and multiple secondary devices consist of a single transmission line, and
all the exchanges are made through the primary device even though the destination is a secondary
device.
 The primary device has control over the communication link, and the secondary device follows the
instructions of the primary device.
 The primary device determines which device is allowed to use the communication channel.
Therefore, we can say that it is an initiator of the session.
 If the primary device wants to receive the data from the secondary device, it asks the secondary
device that they anything to send, this process is known as polling.
 If the primary device wants to send some data to the secondary device, then it tells the target
secondary to get ready to receive the data, this process is known as selecting.
Select
 The select mode is used when the primary device has something to send. 
 When the primary device wants to send some data, then it alerts the secondary device for the
upcoming transmission by transmitting a Select (SEL) frame, one field of the frame includes the
address of the intended secondary device. 
 When the secondary device receives the SEL frame, it sends an acknowledgement that indicates the
secondary ready status.
 If the secondary device is ready to accept the data, then the primary device sends two or more data
frames to the intended secondary device. Once the data has been transmitted, the secondary sends an
acknowledgement specifies that the data has been received.

19
Poll
 The Poll mode is used when the primary device wants to receive some data from the secondary
device. 
 When a primary device wants to receive the data, then it asks each device whether it has anything to
send.
 Firstly, the primary asks (poll) the first secondary device, if it responds with the NACK (Negative
Acknowledgement) means that it has nothing to send. Now, it approaches the second secondary
device, it responds with the ACK means that it has the data to send. The secondary device can send
more than one frame one after another or sometimes it may be required to send ACK before sending
each one, depending on the type of the protocol being used.

Flow Control
 It is a set of procedures that tells the sender how much data it can transmit before the data
overwhelms the receiver. 
 The receiving device has limited speed and limited memory to store the data. Therefore, the receiving
device must be able to inform the sending device to stop the transmission temporarily before the
limits are reached.
 It requires a buffer, a block of memory for storing the information until they are processed.

20
Two methods have been developed to control the flow of data:
 Stop-and-wait
 Sliding window

Stop-and-wait
 In the Stop-and-wait method, the sender waits for an acknowledgement after every frame it sends.
 When acknowledgement is received, then only next frame is sent. The process of alternately sending
and waiting of a frame continues until the sender transmits the EOT (End of transmission) frame.

Advantage of Stop-and-wait
The Stop-and-wait method is simple as each frame is checked and acknowledged before the next frame is
sent.

Disadvantage of Stop-and-wait
Stop-and-wait technique is inefficient to use as each frame must travel across all the way to the receiver,
and an acknowledgement travels all the way before the next frame is sent. Each frame sent and received
uses the entire time needed to traverse the link.

Sliding Window
 The Sliding Window is a method of flow control in which a sender can transmit the several frames
before getting an acknowledgement.
 In Sliding Window Control, multiple frames can be sent one after the another due to which capacity
of the communication channel can be utilized efficiently. 
 A single ACK acknowledge multiple frames. 
 Sliding Window refers to imaginary boxes at both the sender and receiver end. 
 The window can hold the frames at either end, and it provides the upper limit on the number of
frames that can be transmitted before the acknowledgement.
 Frames can be acknowledged even when the window is not completely filled. 
 The window has a specific size in which they are numbered as modulo-n means that they are
numbered from 0 to n-1. For example, if n = 8, the frames are numbered from
0,1,2,3,4,5,6,7,0,1,2,3,4,5,6,7,0,1........
 The size of the window is represented as n-1. Therefore, maximum n-1 frames can be sent before
acknowledgement.
 When the receiver sends the ACK, it includes the number of the next frame that it wants to receive.
For example, to acknowledge the string of frames ending with frame number 4, the receiver will send
the ACK containing the number 5. When the sender sees the ACK with the number 5, it got to know
that the frames from 0 through 4 have been received.

Sender Window
 At the beginning of a transmission, the sender window contains n-1 frames, and when they are sent
out, the left boundary moves inward shrinking the size of the window. For example, if the size of the
window is w if three frames are sent out, then the number of frames left out in the sender window is
w-3.
21
 Once the ACK has arrived, then the sender window expands to the number which will be equal to the
number of frames acknowledged by ACK.
 For example, the size of the window is 7, and if frames 0 through 4 have been sent out and no
acknowledgement has arrived, then the sender window contains only two frames, i.e., 5 and 6. Now,
if ACK has arrived with a number 4 which means that 0 through 3 frames have arrived undamaged
and the sender window is expanded to include the next four frames. Therefore, the sender window
contains six frames (5,6,7,0,1,2).

Receiver Window
 At the beginning of transmission, the receiver window does not contain n frames, but it contains n-1
spaces for frames.
 When the new frame arrives, the size of the window shrinks. 
 The receiver window does not represent the number of frames received, but it represents the number
of frames that can be received before an ACK is sent. For example, the size of the window is w, if
three frames are received then the number of spaces available in the window is (w-3).
 Once the acknowledgement is sent, the receiver window expands by the number equal to the number
of frames acknowledged. 
 Suppose the size of the window is 7 means that the receiver window contains seven spaces for seven
frames. If the one frame is received, then the receiver window shrinks and moving the boundary from
0 to 1. In this way, window shrinks one by one, so window now contains the six spaces. If frames
from 0 through 4 have sent, then the window contains two spaces before an acknowledgement is sent.

22
Error Control
Error Control is a technique of error detection and retransmission.

Categories of Error Control:

Stop-and-wait ARQ
Stop-and-wait ARQ is a technique used to retransmit the data in case of damaged or lost frames.
This technique works on the principle that the sender will not transmit the next frame until it receives the
acknowledgement of the last transmitted frame.

Four features are required for the retransmission:

 The sending device keeps a copy of the last transmitted frame until the acknowledgement is received.
Keeping the copy allows the sender to retransmit the data if the frame is not received correctly. 
 Both the data frames and the ACK frames are numbered alternately 0 and 1 so that they can be
identified individually. Suppose data 1 frame acknowledges the data 0 frame means that the data 0
frame has been arrived correctly and expects to receive data 1 frame. 
 If an error occurs in the last transmitted frame, then the receiver sends the NAK frame which is not
numbered. On receiving the NAK frame, sender retransmits the data.
 It works with the timer. If the acknowledgement is not received within the allotted time, then the
sender assumes that the frame is lost during the transmission, so it will retransmit the frame. 

Two possibilities of the retransmission:

 Damaged Frame: When the receiver receives a damaged frame, i.e., the frame contains an error,
then it returns the NAK frame. For example, when the data 0 frame is sent, and then the receiver
sends the ACK 1 frame means that the data 0 has arrived correctly, and transmits the data 1 frame.
The sender transmits the next frame: data 1. It reaches undamaged, and the receiver returns ACK 0.
The sender transmits the next frame: data 0. The receiver reports an error and returns the NAK frame.
The sender retransmits the data 0 frame.

23
 Lost Frame: Sender is equipped with the timer and starts when the frame is transmitted. Sometimes
the frame has not arrived at the receiving end so that it can be acknowledged neither positively nor
negatively. The sender waits for acknowledgement until the timer goes off. If the timer goes off, it
retransmits the last transmitted frame.

Sliding Window ARQ

SlidingWindow ARQ is a technique used for continuous transmission error control.
Three Features used for retransmission:
 In this case, the sender keeps the copies of all the transmitted frames until they have been
acknowledged. Suppose the frames from 0 through 4 have been transmitted, and the last
acknowledgement was for frame 2, the sender has to keep the copies of frames 3 and 4 until they
receive correctly. 
 The receiver can send either NAK or ACK depending on the conditions. The NAK frame tells the
sender that the data have been received damaged. Since the sliding window is a continuous
transmission mechanism, both ACK and NAK must be numbered for the identification of a frame.
The ACK frame consists of a number that represents the next frame which the receiver expects to
receive. The NAK frame consists of a number that represents the damaged frame. 
 The sliding window ARQ is equipped with the timer to handle the lost acknowledgements. Suppose
then n-1 frames have been sent before receiving any acknowledgement. The sender waits for the
acknowledgement, so it starts the timer and waits before sending any more. If the allotted time runs
out, the sender retransmits one or all the frames depending upon the protocol used.

Two protocols used in sliding window ARQ:

 Go-Back-n ARQ: In Go-Back-N ARQ protocol, if one frame is lost or damaged, then it retransmits
all the frames after which it does not receive the positive ACK.

Three possibilities can occur for retransmission:

 Damaged Frame: When the frame is damaged, then the receiver sends a NAK frame. 

24
In the above figure, three frames have been transmitted before an error discovered in the third frame. In
this case, ACK 2 has been returned telling that the frames 0,1 have been received successfully without
any error. The receiver discovers the error in data 2 frame, so it returns the NAK 2 frame. The frame 3 is
also discarded as it is transmitted after the damaged frame. Therefore, the sender retransmits the frames
2,3.
 Lost Data Frame: In Sliding window protocols, data frames are sent sequentially. If any of the
frames is lost, then the next frame arrive at the receiver is out of sequence. The receiver checks the
sequence number of each of the frame, discovers the frame that has been skipped, and returns the
NAK for the missing frame. The sending device retransmits the frame indicated by NAK as well as
the frames transmitted after the lost frame.
 Lost Acknowledgement: The sender can send as many frames as the windows allow before waiting
for any acknowledgement. Once the limit of the window is reached, the sender has no more frames to
send; it must wait for the acknowledgement. If the acknowledgement is lost, then the sender could
wait forever. To avoid such situation, the sender is equipped with the timer that starts counting
whenever the window capacity is reached. If the acknowledgement has not been received within the
time limit, then the sender retransmits the frame since the last ACK.

Selective-Reject ARQ
 Selective-Reject ARQ technique is more efficient than Go-Back-n ARQ. 
 In this technique, only those frames are retransmitted for which negative acknowledgement (NAK)
has been received. 
 The receiver storage buffer keeps all the damaged frames on hold until the frame in error is correctly
received. 
 The receiver must have an appropriate logic for reinserting the frames in a correct order.
 The sender must consist of a searching mechanism that selects only the requested frame for
retransmission.

25
CRYPTOGRAPHY IN COMPUTER NETWORK
Cryptography refers to the science and art of transforming messages to make them secure and immune to
attacks. It is a method of storing and transmitting data in a particular form so that only those for whom it
is intended can read and process it. Cryptography not only protects data from theft or alteration but can
also be used for user authentication.

Components
There are various components of cryptography which are as follows −

Plaintext and Ciphertext

The original message, before being transformed, is called plaintext. After the message is transformed, it
is called ciphertext. An encryption algorithm transforms the plaintext into ciphertext; a decryption
algorithm transforms the ciphertext back into plaintext. The sender uses an encryption algorithm, and the
receiver uses a decryption algorithm.

Cipher
We refer to encryption and decryption algorithms as ciphers. The term cipher is also used to refer to
different categories of algorithms in cryptography. This is not to say that every sender-receiver pair
needs their very own unique cipher for secure communication. On the contrary, one cipher can serve
millions of communicating pairs.

Key
A key is a number (or a set of numbers) that the cipher, as an algorithm, operates on. To encrypt a
message, we need an encryption algorithm, an encryption key, and plaintext. These create the ciphertext.

26
 To decrypt a message, we need a decryption algorithm, a decryption key, and the ciphertext. These
reveal the original plaintext.

Types
There are two types of cryptography which are as follows −

Some Common Cryptography Examples

These are the cryptography examples :
 Secure Web Browsing: When you visit a website with "https" in the URL, the communication between
your browser and the website is encrypted using SSL/TLS, which is a form of symmetric key
cryptography.
 Online Banking: Many online banking systems use cryptography to secure sensitive financial
transactions and protect customers’ personal and financial information.
 Email: Many email services use encryption to protect the privacy and confidentiality of emails in transit.
For example, services like Gmail use Transport Layer Security (TLS) to encrypt emails.
 Mobile Devices: Mobile devices, such as smartphones and tablets, often use cryptography to secure data
stored on the device and to protect communications. For example, Apple’s iOS uses a hardware
encryption system to secure data on iPhones and iPads.
 Cloud Storage: Cryptography is used to secure data stored in the cloud. For example, Amazon Web
Services uses the AES encryption algorithm to secure data stored in its Simple Storage Service (S3) and
the Amazon Elastic Block Store (EBS).
These are just a few cryptography examples that are widely used in many other areas including VPNs,
secure instant messaging, and software updates to name a few

Features of Cryptography
These are the features of cryptography:
 Confidentiality: Hides the contents of a message from unauthorized parties.
 Integrity: Ensures that a message has not been altered during transmission.
 Authentication: Verifies the identity of the sender and receiver of a message.
 Non-repudiation: Prevents the sender from denying having sent a message.
 Availability: Ensures that authorized users have access to the information they need when they need
it.
 Key Management: The process of generating, distributing, storing, and replacing cryptographic
keys.
 Algorithm: The mathematical formula used to encrypt and decrypt messages.
 Encryption/Decryption: The process of converting plaintext to ciphertext and vice versa.
 Symmetric/Asymmetric Key Encryption: The use of a single shared key for encryption and
decryption or the use of a public and private key pair.
 Hash Functions: A one-way mathematical transformation of an input (message) into a fixed-size
output (message digest).
 Digital Signatures: A signature that can be used to authenticate the identity of the sender of a
message and ensure the integrity of the message.

27
Types of Cryptography
There are Three Types of Cryptography

Symmetric Key
The symmetric key is a types of cryptography which also known as private key cryptography or secret
key cryptography. Both the information receiver and the sender use a single key to encrypt and decrypt
the message in this case. it is a method of encryption and decryption that uses a single shared key for both
operations. The same key is used to encrypt the plaintext into ciphertext and to decrypt the ciphertext
back into plaintext.
AES is the most commonly used type of cryptography in this method (Advanced Encryption System).
The approaches used in this type are completely streamlined and faster as well.

Symmetric key cryptography includes the following types:

 Block
 Block cipher
 DES (Data Encryption System)
 RC2
 IDEA
 Blowfish
 Stream cipher

Advantages of Symmetric Key Cryptography include:

 Speed: Encryption and decryption are fast and efficient, making it suitable for large amounts of data.
 Simplicity: The single shared key makes it easier to implement and use compared to asymmetric key
cryptography.

Disadvantages of Symmetric Key Cryptography include:

 Key Management: The secure distribution of the shared key between the sender and receiver can be
a challenge.
 Scalability: With a large number of users, the number of keys required can quickly become
unmanageable.
 Security: If the shared key is compromised, the confidentiality and integrity of the data can be
threatened.

28
Asymmetric Key
The asymmetric key is types of cryptography which also known as public-key cryptography. It employs a
diverse and secure method of information transmission. The most common type of cryptography used in
this method is RSA. An asymmetric key refers to a cryptographic method that uses two different keys for
encryption and decryption. The two keys are called the public key and the private key. The public key is
used to encrypt the data and the private key is used to decrypt it. The security of this method is based on
the fact that it is computationally infeasible to derive the private key from the public key. Asymmetric
key cryptography is commonly used for secure communication, digital signatures, and public key
infrastructure (PKI).

Asymmetric Key Cryptography includes the following types:

 RSA
 DSA
 PKCs

29
Advantages of Asymmetric Key Cryptography:
 Increased security: The use of two different keys makes it more secure than symmetric key
cryptography.
 Non-repudiation: The digital signature created using the private key provides proof of the
authenticity of the sender.
 Scalability: Asymmetric key cryptography can support a large number of users.
 Public key distribution: The public key can be freely distributed without any security risk, allowing
for easy encryption of messages.

Disadvantages of Asymmetric Key Cryptography:

 Computational overhead: The encryption and decryption process using asymmetric key
cryptography is slower and more resource-intensive compared to symmetric key cryptography.
 Key management: Asymmetric key cryptography requires the safekeeping and management of both
private and public keys.
 Key length: The security of asymmetric key cryptography is directly proportional to the length of the
key used. Longer keys require more processing power, making them less practical for some
applications.
 Lack of standardization: Asymmetric key cryptography is still evolving and there is a lack of
standardization in terms of algorithms and key lengths, making it difficult for interoperability
between different systems

30
Ranking
Ranking objects in a network may refer to sorting the objects according to importance, popularity,
influence, authority, relevance, similarity, and proximity, by utilizing link information in the network

We introduce the ranking methods developed for networks. Different from other ranking methods
defined in text or database systems, links or the structure information of the network are significantly
explored. For most of the ranking methods in networks, ranking scores are defined in a way that can be
propagated in the network. Therefore, the rank score of an object is determined by other objects in the
network, usually with stronger influence from closer objects and weaker influence from more remote
ones.

Methods for ranking in networks can be categorized according to several aspects, such as global ranking
vs. query-dependent ranking, based on whether the ranking result is dependent on a query; ranking in
homogeneous information networks vs. ranking in heterogeneous information networks, based on the
type of the underlying networks; importance-based ranking vs. proximity-based ranking, based on
whether the semantic meaning of the ranking is importance related or similarity/promximity related; and
unsupervised vs. supervised or semi-supervised, based on whether training is needed.

Historical Background
The earliest ranking problem for objects in a network was proposed by sociologists, who introduced
various kinds of centrality to define the importance of a node (or actor) in a social network. With the
advent of the World-Wide Web and the rising necessity of Web search, ranking methods for Web page
networks are flourishing, including the well-known ranking methods, PageRank [Brin and Page(1998)]
and HITS [Kleinberg(1999)]. Later, in order to better support entity search instead of Web page ranking,
object ranking algorithms are proposed, which usually consider more complex structural information of
the network, such as heterogeneous information networks. Moreover, in order to better personalize search
quality, ranking methods that can integrate user guidance are proposed. Learning to rank techniques are
used in such tasks, and not only the link information but the attributes associated with nodes and edges
are commonly used.

Firewall
Nowadays, it is a big challenge to protect our sensitive data from unwanted and unauthorized sources.
There are various tools and devices that can provide different security levels and help keep our private
data secure. One such tool is a 'firewall' that prevents unauthorized access and keeps our computers and
data safe and secure.
In this article, we have talked about firewalls as well as other related topics, such as why we need
firewalls, functions of firewalls, limitations of firewalls, working of firewalls, etc.
What is a Firewall?
A firewall can be defined as a special type of network security device or a software program that
monitors and filters incoming and outgoing network traffic based on a defined set of security rules. It acts
as a barrier between internal private networks and external sources (such as the public Internet).
The primary purpose of a firewall is to allow non-threatening traffic and prevent malicious or unwanted
data traffic for protecting the computer from viruses and attacks. A firewall is a cybersecurity tool that

31
filters network traffic and helps users block malicious software from accessing the Internet in infected
computers.

Firewall: Hardware or Software

This is one of the most problematic questions whether a firewall is a hardware or software. As stated
above, a firewall can be a network security device or a software program on a computer. This means that
the firewall comes at both levels, i.e., hardware and software, though it's best to have both.
Each format (a firewall implemented as hardware or software) has different functionality but the same
purpose. A hardware firewall is a physical device that attaches between a computer network and a
gateway. For example, a broadband router. On the other hand, a software firewall is a simple program
installed on a computer that works through port numbers and other installed software.
Apart from that, there are cloud-based firewalls. They are commonly referred to as FaaS (firewall as a
service). A primary advantage of using cloud-based firewalls is that they can be managed centrally. Like
hardware firewalls, cloud-based firewalls are best known for providing perimeter security.

32
Why Firewall
Firewalls are primarily used to prevent malware and network-based attacks. Additionally, they can help
in blocking application-layer attacks. These firewalls act as a gatekeeper or a barrier. They monitor every
attempt between our computer and another network. They do not allow data packets to be transferred
through them unless the data is coming or going from a user-specified trusted source.
Firewalls are designed in such a way that they can react quickly to detect and counter-attacks throughout
the network. They can work with rules configured to protect the network and perform quick assessments
to find any suspicious activity. In short, we can point to the firewall as a traffic controller.
Some of the important risks of not having a firewall are:

Open Access
If a computer is running without a firewall, it is giving open access to other networks. This means that it
is accepting every kind of connection that comes through someone. In this case, it is not possible to
detect threats or attacks coming through our network. Without a firewall, we make our devices vulnerable
to malicious users and other unwanted sources.

Lost or Comprised Data

Without a firewall, we are leaving our devices accessible to everyone. This means that anyone can access
our device and have complete control over it, including the network. In this case, cybercriminals can
easily delete our data or use our personal information for their benefit.

Network Crashes
In the absence of a firewall, anyone could access our network and shut it down. It may lead us to invest
our valuable time and money to get our network working again.
Therefore, it is essential to use firewalls and keep our network, computer, and data safe and secure from
unwanted sources.

Brief History of Firewall

Firewalls have been the first and most reliable component of defense in network security for over 30
years. Firewalls first came into existence in the late 1980s. They were initially designed as packet filters.
These packet filters were nothing but a setup of networks between computers. The primary function of
these packet filtering firewalls was to check for packets or bytes transferred between different computers.
Firewalls have become more advanced due to continuous development, although such packet filtering
firewalls are still in use in legacy systems.
As the technology emerged, Gil Shwed from Check Point Technologies introduced the first stateful
inspection firewall in 1993. It was named as FireWall-1. Back in 2000, Netscreen came up with its
purpose-built firewall 'Appliance'. It gained popularity and fast adoption within enterprises because of
increased internet speed, less latency, and high throughput at a lower cost.
The turn of the century saw a new approach to firewall implementation during the mid-2010. The 'Next-
Generation Firewalls' were introduced by the Palo Alto Networks. These firewalls came up with a
variety of built-in functions and capabilities, such as Hybrid Cloud Support, Network Threat Prevention,
Application and Identity-Based Control, and Scalable Performance, etc. Firewalls are still getting new

33
features as part of continuous development. They are considered the first line of defense when it comes to
network security.

How does a firewall work?

A firewall system analyzes network traffic based on pre-defined rules. It then filters the traffic and
prevents any such traffic coming from unreliable or suspicious sources. It only allows incoming traffic
that is configured to accept.
Typically, firewalls intercept network traffic at a computer's entry point, known as a port. Firewalls
perform this task by allowing or blocking specific data packets (units of communication transferred over
a digital network) based on pre-defined security rules. Incoming traffic is allowed only through
trusted IP addresses, or sources.

Functions of Firewall
As stated above, the firewall works as a gatekeeper. It analyzes every attempt coming to gain access to
our operating system and prevents traffic from unwanted or non-recognized sources.
Since the firewall acts as a barrier or filter between the computer system and other networks (i.e., the
public Internet), we can consider it as a traffic controller. Therefore, a firewall's primary function is to
secure our network and information by controlling network traffic, preventing unwanted incoming
network traffic, and validating access by assessing network traffic for malicious things such as hackers
and malware.
Generally, most operating systems (for example - Windows OS) and security software come with built-in
firewall support. Therefore, it is a good idea to ensure that those options are turned on. Additionally, we
can configure the security settings of the system to be automatically updated whenever available.

34
Firewalls have become so powerful, and include a variety of functions and capabilities with built-in
features:
 Network Threat Prevention
 Application and Identity-Based Control
 Hybrid Cloud Support
 Scalable Performance
 Network Traffic Management and Control
 Access Validation
 Record and Report on Events

Limitations of Firewall
When it comes to network security, firewalls are considered the first line of defense. But the question is
whether these firewalls are strong enough to make our devices safe from cyber-attacks. The answer may
be "no". The best practice is to use a firewall system when using the Internet. However, it is important to
use other defense systems to help protect the network and data stored on the computer. Because cyber
threats are continually evolving, a firewall should not be the only consideration for protecting the home
network.
The importance of using firewalls as a security system is obvious; however, firewalls have some
limitations:
 Firewalls cannot stop users from accessing malicious websites, making it vulnerable to internal
threats or attacks.
 Firewalls cannot protect against the transfer of virus-infected files or software.
 Firewalls cannot prevent misuse of passwords.
 Firewalls cannot protect if security rules are misconfigured.
 Firewalls cannot protect against non-technical security risks, such as social engineering.
 Firewalls cannot stop or prevent attackers with modems from dialing in to or out of the internal
network.
 Firewalls cannot secure the system which is already infected.

Therefore, it is recommended to keep all Internet-enabled devices updated. This includes the latest
operating systems, web browsers, applications, and other security software (such as anti-virus). Besides,
the security of wireless routers should be another practice. The process of protecting a router may include
options such as repeatedly changing the router's name and password, reviewing security settings, and
creating a guest network for visitors.

Types of Firewall
Depending on their structure and functionality, there are different types of firewalls. The following is a
list of some common types of firewalls:
 Proxy Firewall
 Packet-filtering firewalls
 Stateful Multi-layer Inspection (SMLI) Firewall
 Unified threat management (UTM) firewall
 Next-generation firewall (NGFW)

35
 Network address translation (NAT) firewalls
Difference between a Firewall and Anti-virus
Firewalls and anti-viruses are systems to protect devices from viruses and other types of Trojans, but
there are significant differences between them. Based on the vulnerabilities, the main differences between
firewalls and anti-viruses are tabulated below:
ATTRIBUTES FIREWALL ANTI-VIRUS
Definition A firewall is defined as the system Anti-virus is defined as the special type of
which analyzes and filters incoming or software that acts as a cyber-security
outgoing data packets based on pre- mechanism. The primary function of Anti-
defined rules. virus is to monitor, detect, and remove any
apprehensive or distrustful file or software
from the device.
Structure Firewalls can be hardware and Anti-virus can only be used as software.
software both. The router is an Anti-virus is a program that is installed on
example of a physical firewall, and a the device, just like the other programs.
simple firewall program on the system
is an example of a software firewall.
Implementation Because firewalls come in the form of Because Anti-virus comes in the form of
hardware and software, a firewall can software, therefore, Anti-virus can be
be implemented either way. implemented only at the software level.
There is no possibility of implementing Anti-
virus at the hardware level.
Responsibility A firewall is usually defined as a Anti-viruses are primarily responsible for
network controlling system. It means detecting and removing viruses from
that firewalls are primarily responsible computer systems or other devices. These
for monitoring and filtering network viruses can be in the form of infected files or
traffic. software.
Scalability Because the firewall supports both Anti-viruses are generally considered less-
types of implementations, hardware, scalable than firewalls. This is because anti-
and software, therefore, it is more virus can only be implemented at the
scalable than anti-virus. software level. They don't support hardware-
level implementation.
Threats A firewall is mainly used to prevent Anti-virus is mainly used to scan, find, and
network related attacks. It mainly remove viruses, malware, and Trojans, which
includes external network threats?for can harm system files and software and share
example- Routing attacks and IP personal information (such as login
Spoofing. credentials, credit card details, etc.) with
hackers.

36
Types of Firewall
There are mainly three types of firewalls, such as software firewalls, hardware firewalls, or both,
depending on their structure. Each type of firewall has different functionality but the same purpose.
However, it is best practice to have both to achieve maximum possible protection.
A hardware firewall is a physical device that attaches between a computer network and a gateway. For
example- a broadband router. A hardware firewall is sometimes referred to as an Appliance Firewall. On
the other hand, a software firewall is a simple program installed on a computer that works through port
numbers and other installed software. This type of firewall is also called a Host Firewall.
Besides, there are many other types of firewalls depending on their features and the level of security they
provide. The following are types of firewall techniques that can be implemented as software or hardware:
 Packet-filtering Firewalls
 Circuit-level Gateways
 Application-level Gateways (Proxy Firewalls)
 Stateful Multi-layer Inspection (SMLI) Firewalls
 Next-generation Firewalls (NGFW)
 Threat-focused NGFW
 Network Address Translation (NAT) Firewalls
 Cloud Firewalls
 Unified Threat Management (UTM) Firewalls

37
Packet-filtering Firewalls
A packet filtering firewall is the most basic type of firewall. It acts like a management program that
monitors network traffic and filters incoming packets based on configured security rules. These firewalls
are designed to block network traffic IP protocols, an IP address, and a port number if a data packet does
not match the established rule-set.

While packet-filtering firewalls can be considered a fast solution without many resource requirements,
they also have some limitations. Because these types of firewalls do not prevent web-based attacks, they
are not the safest.

Circuit-level Gateways
Circuit-level gateways are another simplified type of firewall that can be easily configured to allow or
block traffic without consuming significant computing resources. These types of firewalls typically
operate at the session-level of the OSI model by verifying TCP (Transmission Control
Protocol) connections and sessions. Circuit-level gateways are designed to ensure that the established
sessions are protected.
Typically, circuit-level firewalls are implemented as security software or pre-existing firewalls. Like
packet-filtering firewalls, these firewalls do not check for actual data, although they inspect information
about transactions. Therefore, if a data contains malware, but follows the correct TCP connection, it will
pass through the gateway. That is why circuit-level gateways are not considered safe enough to protect
our systems.

Application-level Gateways (Proxy Firewalls)

Proxy firewalls operate at the application layer as an intermediate device to filter incoming traffic
between two end systems (e.g., network and traffic systems). That is why these firewalls are
called 'Application-level Gateways'.
Unlike basic firewalls, these firewalls transfer requests from clients pretending to be original clients on
the web-server. This protects the client's identity and other suspicious information, keeping the network
safe from potential attacks. Once the connection is established, the proxy firewall inspects data packets
coming from the source. If the contents of the incoming data packet are protected, the proxy firewall
transfers it to the client. This approach creates an additional layer of security between the client and many
different sources on the network.

Stateful Multi-layer Inspection (SMLI) Firewalls

Stateful multi-layer inspection firewalls include both packet inspection technology and TCP handshake
verification, making SMLI firewalls superior to packet-filtering firewalls or circuit-level gateways.
Additionally, these types of firewalls keep track of the status of established connections.
In simple words, when a user establishes a connection and requests data, the SMLI firewall creates a
database (state table). The database is used to store session information such as source IP address, port
number, destination IP address, destination port number, etc. Connection information is stored for each
session in the state table. Using stateful inspection technology, these firewalls create security rules to
allow anticipated traffic.

38
In most cases, SMLI firewalls are implemented as additional security levels. These types of firewalls
implement more checks and are considered more secure than stateless firewalls. This is why stateful
packet inspection is implemented along with many other firewalls to track statistics for all internal traffic.
Doing so increases the load and puts more pressure on computing resources. This can give rise to a
slower transfer rate for data packets than other solutions.

Next-generation Firewalls (NGFW)

Many of the latest released firewalls are usually defined as 'next-generation firewalls'. However, there
is no specific definition for next-generation firewalls. This type of firewall is usually defined as a security
device combining the features and functionalities of other firewalls. These firewalls include deep-packet
inspection (DPI), surface-level packet inspection, and TCP handshake testing, etc.
NGFW includes higher levels of security than packet-filtering and stateful inspection firewalls. Unlike
traditional firewalls, NGFW monitors the entire transaction of data, including packet headers, packet
contents, and sources. NGFWs are designed in such a way that they can prevent more sophisticated and
evolving security threats such as malware attacks, external threats, and advance intrusion.

Threat-focused NGFW
Threat-focused NGFW includes all the features of a traditional NGFW. Additionally, they also provide
advanced threat detection and remediation. These types of firewalls are capable of reacting against
attacks quickly. With intelligent security automation, threat-focused NGFW set security rules and
policies, further increasing the security of the overall defense system.
In addition, these firewalls use retrospective security systems to monitor suspicious activities
continuously. They keep analyzing the behavior of every activity even after the initial inspection. Due to
this functionality, threat-focus NGFW dramatically reduces the overall time taken from threat detection
to cleanup.

Network Address Translation (NAT) Firewalls

Network address translation or NAT firewalls are primarily designed to access Internet traffic and block
all unwanted connections. These types of firewalls usually hide the IP addresses of our devices, making it
safe from attackers.
When multiple devices are used to connect to the Internet, NAT firewalls create a unique IP address and
hide individual devices' IP addresses. As a result, a single IP address is used for all devices. By doing
this, NAT firewalls secure independent network addresses from attackers scanning a network for
accessing IP addresses. This results in enhanced protection against suspicious activities and attacks.
In general, NAT firewalls works similarly to proxy firewalls. Like proxy firewalls, NAT firewalls also
work as an intermediate device between a group of computers and external traffic.

Cloud Firewalls
Whenever a firewall is designed using a cloud solution, it is known as a cloud firewall or FaaS (firewall-
as-service). Cloud firewalls are typically maintained and run on the Internet by third-party vendors. This
type of firewall is considered similar to a proxy firewall. The reason for this is the use of cloud firewalls
as proxy servers. However, they are configured based on requirements.

39
The most significant advantage of cloud firewalls is scalability. Because cloud firewalls have no physical
resources, they are easy to scale according to the organization's demand or traffic-load. If demand
increases, additional capacity can be added to the cloud server to filter out the additional traffic load.
Most organizations use cloud firewalls to secure their internal networks or entire cloud infrastructure.

Unified Threat Management (UTM) Firewalls

UTM firewalls are a special type of device that includes features of a stateful inspection firewall with
anti-virus and intrusion prevention support. Such firewalls are designed to provide simplicity and ease of
use. These firewalls can also add many other services, such as cloud management, etc.

Which firewall architecture is best?

When it comes to selecting the best firewall architecture, there is no need to be explicit. It is always better
to use a combination of different firewalls to add multiple layers of protection. For example, one can
implement a hardware or cloud firewall at the perimeter of the network, and then further add individual
software firewall with every network asset.
Besides, the selection usually depends on the requirements of any organization. However, the following
factors can be considered for the right selection of firewall:

Size of the organization

If an organization is large and maintains a large internal network, it is better to implement such firewall
architecture, which can monitor the entire internal network.
Availability of resources
If an organization has the resources and can afford a separate firewall for each hardware piece, this is a
good option. Besides, a cloud firewall may be another consideration.
Requirement of multi-level protection
The number and type of firewalls typically depend on the security measures that an internal network
requires. This means, if an organization maintains sensitive data, it is better to implement multi-level
protection of firewalls. This will ensure data security from hackers.

How to Disable Firewall

A firewall is the first line of control when it comes to the security of computers. It is designed to keep
unauthorized users away from accessing files and resources stored on the computer system. There can be
several reasons why a user might want to disable the firewall, especially when a user wants to try another
firewall program.
Note: It is not good to disable Windows Firewall unless there is another security program (with
additional firewall support) running on the computer.
Disabling the Windows Firewall is quite easy, and it hardly takes around 10 minutes. Let's proceed with
the steps to disable a firewall:
Step 1: First, we need to open the Control Panel. There are several ways to do this, but the easiest way is
to use a search bar. Therefore, we need to click on the Windows search bar and enter the 'Control
Panel'. It will look like the following screen:

40
Step 2: After that, we are required to click on the Control Panel to open its settings. The control panel
contains the following options:

41
Here, we need to click on 'System and Security'. This option is only visible if the 'view by:' option is set
as 'Category'.
Step 3: Next, we need to click on 'Windows Defender Firewall', as shown below:

Note: In some computers, the option of 'Windows Defender Firewall' might instead be displayed as
'Windows Firewall'.
Step 4: We are then required to click on 'Turn Windows Defender Firewall on or off'. This option is
shown in the left side panel of the screen:

42
Step 5: On the next screen, we need to click on the circle radio button next to 'Turn off Windows
Defender Firewall (not recommended)'.

43
Here, we can select the firewall settings for different types of networks. Using this screen, we can turn off
or disable the firewall for private networks, public networks, or both. We need to select the circle radio
button next to 'Turn off Windows Defender Firewall (not recommended)' under both the private and the
public network settings.
Step 6: After selecting the radio buttons, we are required to click on the 'OK' button to keep the changes.

These are the steps to disable Windows Firewall. Here, we have used Windows 10 to describe the
complete step by step tutorial. The processes will be the same on Windows 7/8/8.1; however, the user
interface may be slightly different.
Caution
Suppose there is any program that is unable to access the Internet. In that case, it is better to allow that
specific program through the firewall rather than disabling the entire firewall system. Here are the steps
to allow any program through Windows Firewall:
Step 1: First, we need to open a Control Panel.
Step 2: On the next screen, we need to click on 'System and Security'.
Step 3: After that, we are required to click on 'Allow an app through Windows Firewall'. This option
is displayed under 'Windows Defender Firewall' option, as shown below:

44
Step 4: After completing the above step, we will get the following screen:

45
Here, we need to click on the 'Change settings' button. This will allow us to access the list and modify
its settings.
Step 5: Under the list of 'allowed apps and features', we can find a specific program to which we want
to grant access through the Windows Firewall. After that, we need to select the checkboxes next to that
particular program.
Here, we also get options to manage firewall settings for the private network and public network
separately. The private box is mostly used for games based on a local area network, while the public box
is used to allow the program to access the Internet. Besides, if we don't see a required program in the list,
we can use the 'Allow another app' button to add it manually.

Step 6: Next, we need to click on the 'OK' button to keep the changes.

46
By using this method, we can enable or disable Windows Firewall for specific software. In simple words,
the method helps us specify rules for individual programs to allow access to the Internet.

47