It is a collection of interconnected devices which are spread across the globe

4.3 Hopfield Networks

The Hopfield network is a typical recurrent fully interconnected network in which every processing unit is connected to all other units (Figure 9). It is represented by a vector

S=(s1,s2,…,sn)

that describes the instantaneous state of the network. The components of the state vector are binary variables and can have either the value 0 or the value 1. Furthermore, the weights of the interconnections between the nodes, called the connection strengths, are elements of the symmetric matrix

Wij=Wji

Each node is excited by the resulting input signal

Xj=∑SiWij

where the Si is the binary output value of the processing unit i. Here, if the neuron of the processing unit fires its output has the value 1, i.e.,

Xj≥0,

and if it is inhibited its output is 0.

23.2 TCP/IP gateways and hosts

TCP/IP hosts are nodes which communicate over interconnected networks using TCP/IP communications. A TCP/IP gateway node connects one type of network to another. It contains hardware to provide the physical link between the different networks and the hardware and software to convert frames from one network to the other. Typically, it converts a Token Ring MAC layer to an equivalent Ethernet MAC layer, and vice versa.

A router connects a network of a similar type to another of the same kind through a point-to-point link. The main operational difference between a gateway, a router, and a bridge is that for a Token Ring and Ethernet network, the bridge uses the 48-bit MAC address to route frames, whereas the gateway and router use the IP network address. As an analogy to the public telephone system, the MAC address would be equivalent to a randomly assigned telephone number, whereas the IP address would contain the information on where the telephone is logically located, such as which country, area code, and so on.

Figure 23.2 shows how a gateway (or router) routes information. It reads the frame from the computer on network A, and reads the IP address contained in the frame and makes a decision whether it is routed out of network A to network B. If it does then it relays the frame to network B.

Why Is There a Need To Use SSH?

In the beginning there were main frame computers. These large computers allowed programmers to input large mathematical formulas that would take hours or days to solve by hand. These computers could take the same formula and datum and solve it in seconds or minutes. As these computers became more flexible and could handle not only mathematical datum but also text and numerical information, people began to use them to manage more and more business and research data. Computers became more than just a tool for college and government organizations, as they started to be able to manage business data. As they became smaller and more powerful, tools to input and store data came into being and costs became more reasonable.

More customers were in the business world. These computers stored massive amounts of data and people could access these machines in a controlled environment. The topology of the network was called the Centralized Data Model; in this model all the data was stored on one central computer and access was through “dumb” terminals. The terminals themselves had no computer processing power or storage. This protected the data from loss, damage, theft, and spying. In this model encryption was not necessary as the data was never vulnerable to the outside world. People could see only what the administrators allowed through the “green screen,” or dumb terminal.

As computers became more powerful and a need to share data across diverse and distant locations became more prevalent, wide area connections were established. At first these connections were done over analog phone lines using modem (Modulator/Demodulator) technology. There were two types of modems, synchronous and asynchronous. Synchronous modems used a special timing bit in the stream to keep the communications channel operating smoothly. In asynchronous modems, instead of a constant timing bit, the technology used a start and stop bit for each part of the transmission, ensuring each piece of data was received consistently. These analog connections were point to point and it was not easy for people to “listen in” on these connections.

As communications technology progressed and a shared, or interconnected, network of networks developed and more and more “private” data was being transmitted over these open links, the need for encrypted transmission become necessary. In addition, with the wide areas of transmission, personal computers also brought about internal or Local Area Networks (LANs). These internal networks allowed computers to transmit and receive data from other computers and servers within the building. The data traffic of these devices became subject to eavesdropping by other individuals inside the network. The eavesdropping, also known as packet capturing, allowed internal people to view data they might not otherwise had the privilege of viewing. These two scenarios increased the need for data encryption.

Are You Owned?

For each type of remote connection, there are options on how to secure it. In this book we will focus on remote login/control from a client to a server. In the early days, we had two options. The first was remote login, or RLOGIN (TCP port 513); it allowed us to open a session on a UNIX server and issue commands. The second option was telnet (TCP port 23); both of these protocols use a clear text channel to send and receive information. Any user with a packet capture program like Wireshark™ will be able to see the entire session, including usernames and passwords. As networks became more vulnerable to these types of attacks and data leakage, we needed to protect the sessions. For this connectivity issue, SSH is the answer.

SSH employs strong industry recognized encryption methods to protect your data from exposure. It makes no difference if you are using SSH across your local area network or the Internet from a remote location; your data will be secured in these encrypted channels. This software replaces telnet and rlogin as your connectivity method and offers protection to your data. Continued use of rlogin and telnet could be considered a violation of your organization's security police and in some cases a violation of law; Sarbanes Oxley, for example, mandates that all communications containing financial data must be encrypted. If you are using telnet to create a remote session to a UNIX computer that contains your financial application, you are not in compliance with Sarbanes Oxley.

Not Your Father's TCP/IP Stack

Before TCP/IP there was the 1822 Protocol, which was developed in 1969 for the Advanced Research Projects Agency (ARPA) of the U.S. Department of Defense. In 1973 Vint Cerf and Bob Kahn took the existing protocols and rebuilt them into what we now know as TCP/IP version 4. These protocols became the foundation of what we now use on the Internet.

In TCP/IP version 4 (IPv4) we had a 32-bit address space that would support approximately 4.9 billion addresses. This was more than enough for the ARPA network (ARPANET) that they were working on. In the early days of the APRANET one computer was added every 20 days. In the 70’s and 80’s there was no question of running out of addresses on this private network used by the government and university research facilities to share data. In 1990 the responsibility for the network was transferred to the National Science Foundation and became the NSFNET. Although government and universities still shared the network, National Science Foundation added six supercomputers, and opened up its use to high-tech companies as well.

In 1995 the National Science Foundation offered the backbone of the network to a communications company, who would then have control of the NSFNET and thereby make it a for-profit network. The company purchased part of the backbone and other companies were able to purchase pieces, thus creating the Internet as we know it today.

Once the Internet became a for-profit network of interconnected networks, it became apparent that the public address space of IPv4 was not sufficient to meet the demands of a global network. The use of standards like network address translation (NAT) bought time while a new standard was developed. This new standard became IPv6, the next generation of Internet Protocol addressing.

Notes from the Underground…

TCP/IP: The Next Generation

Windows Server 2008 includes the following new features:

A dual-layer IP architecture for IPv6

Support for a strong host model and for scaling on multiprocessor computers

New packet filtering and security for APIs

Support for a kernel-mode programming interface, called Winsock Kernel, which was designed to replace the transport driver interface (TDI) in Windows XP and Windows Server 2003

Routing compartments and new mechanisms for protocol stack overloads

For a full discussion of the changes to the TCP/IP implementation in Windows Server 2008 read Microsoft's TechNet article located at www.microsoft.com/technet/community/columns/cableguy/cg0905.mspx.

Configuring IPv6 Settings

The first time you log on to a Windows 2008 server you will get the server manager screen shown in Figure 6.1.

Figure 6.1. Server Manager on Windows Server 2008

You can go directly to the Network Connections Control Panel Page (see Figure 6.2) using the Computer Information Section of the Server Summary.

Figure 6.2. The Network Connections Control Panel

In the Network Connections Control Panel you will find your Ethernet and Wireless network connections. Right-click on the connection you wish to work with and select Properties from the pop-up menu (see Figure 6.3).

Figure 6.3. Selecting a Connection

Once you have selected Properties, the screen shown in Figure 6.4 will appear.

Figure 6.4. Local Area Connection Properties

From the Networking tab you can set the options for IPv6 (see Figure 6.5).

Figure 6.5. IPv6 Properties

As with IPv4, you would typically allow host computers to obtain an IPv6 address automatically from the DHCP server. However, since this computer is a server, you may want to assign a nontemporary IP address to it. (Recall that nontemporary is the IPv6 equivalent of a static IP address in IPv4.) If you choose to use a nontemporary address, you could click the radio button next to the Use the following IPv6 address option and enter the specifics. Also remember that if you set a nontemporary IP address here, you should create a reservation for this address in the DHCP server so that this address does not get assigned to another computer on the network. Best practices typically include creating your DHCP server scope and reservations before activating the DHCP server, then activating the DHCP server and assigning nontemporary (and static) IP addresses. This helps avoid potential problems with IP address assignments.

New Features on the Block

With ISA Server 2004, Microsoft has introduced a multi-networking model that is appropriate for interconnected networks used by many corporations.

Now you can create network rules and control how different networks communicate with one another.

ISA Server 2004 includes several built-in network definitions, including: the Internal network (includes the addresses on the primary protected network), the External network (includes addresses that don't belong to any other network), the VPN clients network (includes the addresses assigned to VPN clients), and the Local host network (includes the IP addresses on the ISA Server).

ISA Server 2004's new multi-networking features make it easy for you to protect your network against internal and external security threats by limiting communication between clients, even within your own organization.

You can use ISA Server 2004 to define the routing relationship between networks, depending on the type of access and communication required between the networks.

ISA Server 2004 provides network templates that you can use to easily configure firewall policy governing the traffic between multiple networks.

ISA Server 2004's HTTP policy allows the firewall to perform deep HTTP stateful inspection (application layer filtering). You can configure the extent of the inspection on a per-rule basis.

You can configure ISA Server 2004's HTTP policy to block all connection attempts to Windows executable content, regardless of the file extension used on the resource.

ISA Server 2004's HTTP policy makes it easy for you to allow all file extensions, allow all except a specified group of extensions, or block all extensions except for a specified group.

With ISA Server 2004's HTTP policy, you can control HTTP access for all ISA Server 2004 client connections, regardless of client type.

ISA Server 2004's deep HTTP inspection also allows you to create “HTTP Signatures” that can be compared to the Request URL, Request headers, Request body, Response headers, and Response body.

You can control which HTTP methods are allowed through the firewall by setting access controls on user access to various methods.

ISA Server 2004's Secure Exchange Server Publishing Rules allow remote users to connect to the Exchange server by using the fully-functional Outlook MAPI client over the Internet.

You can configure ISA Server 2004's FTP policy to allow users to upload and download via FTP, or you can limit user FTP access to download only.

ISA Server 2004 includes a link translation feature, which allows you to create a dictionary of definitions for internal computer names that map to publicly-known names.

ISA Server 2004 leverages the Network Access Quarantine Control feature built into Windows Server 2003 to provide VPN quarantine, which allows you to quarantine VPN clients on a separate network until they meet a predefined set of security requirements.

ISA Server 2004 adds support for port redirection and the ability to publish FTP servers on alternate ports.

11.1.2 The Traditional Power Grid

The power grid is one of the most complex engineered systems in modern world. It is an interconnected network consisting of power plants, transmission lines, substations, distribution lines, and users. The whole idea of the power grid is to deliver power from the generation sources to the service locations [3] (businesses and consumers) [4,5]. And this is accomplished today through these highlighted steps [6] of energy conversion and delivery [7,8]:

Generation

In 2014 there were about 19,745 individual generators, with nameplate generation capacities of at least 1 megawatt (MW) at about 7677 operational power plants in the United States. A power plant may have one or more generators, and some generators may use more than one type of fuel. Most of these plants are centralized and built away from extremely populated areas. These power plants contain electromechanical generators, steered by water or by heat engines driven by steam from chemical combustion of fossil fuel, including coal, petroleum, natural gas, and liquefied petroleum gas [9].

Transmission

To move the generated electric power over long distances and with less loss, it is stepped up to higher voltages to substations through transmission lines, since power plants are located in isolated and unpopulated regions away from consumers [10,11].

Distribution

Upon the arrival at a substation, usually near the users, the power must be stepped down from the transmission level voltage to a distribution level voltage. This step is called the distribution phase and this portion of the grid is called the distribution grid [12].

Consumption

By now, the power has arrived at the service location. Therefore it needs to be stepped down again from the distribution voltage to the required service voltage(s).

Fig. 11.1 shows the different elements or components of the power delivery system in the traditional grid.

12.3.3.1 The idea of NAS

The initial idea of network attached storage (NAS) came from file sharing by many users via an interconnected network. During the early evolution of computers, file sharing was not an easy thing, especially when some users turned their computers off. It would be impossible for other people to access the files stored in their computers (see Figure 12.34).

This issue led to the idea of having a dedicated computer to host shared files so that every user can access the shared files throughout a file storage network. This was an early form of NAS architecture (see Figure 12.35).

As we can see in Figure 12.35, NAS is actually an IP-based file sharing environment that is attached to a LAN. Therefore, it needs protocols for users to communicate with file servers. If we use the UNIX operating system (OS), Sun Microsystem developed the Network File System (NFS) as a protocol to share files. However, if we adopt Windows, the protocol is the Common Internet File System (CIFS). Today, there are many software solutions that allow people operating across both the UNIX and Windows OSes to share files.

When more and more users need to access the file server to share files, the requirements to improve I/O performance and run different applications for diversified configurations become the priority. As a result, a NAS device that differentiates with a general-purpose server has been developed that is dedicated to NAS applications and clients. In contrast to a general-purpose server, it has own OS, namely the Real-Time Operating System (RTOS) for file serving (see Figure 12.36).

This OS adopts an open standard protocol so that many vendors can support it. A NAS device is capable of optimize the execution of file access and the connection of storage arrays. It has a “many-to-one” configuration that allows the NAS device to serve many clients simultaneously. It can also be configured as “one-to-many,” which enables one client to access multiple NAS devices or shared file servers at the same time. With a UNIX environment, the NAS device can leverage the NFS system as a shared catalog for network users.

What is a system of interconnected network across the globe?

What is the collection of interconnected network?

Is a collection of interconnected computers and other devices which are able to communicate with each other and share hardware and software resources?

Which of these is a collection of interconnected devices?