TCP/IP
One very important set of protocols is called TCP/IP. It is important because it is what the creators of the Internet decided would be used for that particular network, which means that any computer that wants to connect to the Internet must also use TCP/IP. TCP/IP stands for Transmission Control Protocol / Internet Protocol.
TCP/IP is actually in two parts. The TCP portion covers the agreements between systems about how they will carry on their ‘conversation’, and the IP portion deals with addressing the packets and routing them.
The TCP part all happens in the background and we don’t really need to concern ourselves with it under normal circumstances. However, in a network that uses TCP/IP, every system must have a unique IP address, and that is something that requires human intervention in one way or another.

IP Addresses
An IP address is made up of four sets of numbers separated by periods. An example is:
192.168.42.122
Each of these sets of numbers is called an octet, because they started out as 8-digit binary numbers. By changing them into 3-digit decimal numbers, the whole address is shorter and easier to remember. The highest value for any octet is 255, because the highest number you can make with eight binary digits is equal to 255 in decimal.
In most networks, the first three octets are the same for all systems, and the last octet is different for every machine. If there are more than 255 computers in a network, it is usually divided into smaller subnets.
Static or Dynamic?
There are two ways to associate a unique IP address to a specific computer. One way is for the administrator to assign a number, which stays the same unless somebody decides to change it some day. That number is then a static IP address.
The other way is to assign a group of addresses to a server, and let the server hand them out as needed to any system that wants to communicate on the network. This produces a dynamic IP address. It is sometimes important to know which method is in use on a network, because with dynamic addressing, the IP address of a machine may be different each time you try to communicate with it.
Computer Names
The example address 192.168.42.122 is only one digit longer than a phone number with area code, but that’s plenty long enough to give most of us a hard time. It’s much easier for people to remember a name instead of a number, and for this reason computers in a network are also given a unique name. It may be something mundane like Sales14, but at least it’s a name and not a number.
This is not only easier to remember, but it solves the problem of a dynamic address that changes all the time, because the computer name doesn’t normally change. It does create another problem though, because the computers use only the addresses and not the names to keep track of each other. Fortunately there is a part of the TCP/IP protocol called address resolution, and it matches up the names and addresses so things keep rolling smoothly along.
Security
The problem with connecting computers to the Internet is that they are then sharing a network with many other computers from all over the world, and the users of some of those other computers are not such nice folks. Protecting the network and the information on it is one of the most important parts of a network administrator’s job.
Encryption
One way to protect information is to scramble it so that it appears to be gibberish unless someone has the right ‘key’ to unscramble it. Scrambling it is called encryption, and unscrambling it is called decryption. There are many ways to encrypt information, and of course just as many keys to decrypt it.
Encrypting and decrypting information slows things down a bit, so a decision must be made about when to use it. For packets going around the LAN, it depends on how likely it is that someone will gain unauthorized access to the LAN, called hacking. It also depends on how much damage would be done if that happened. If the threat is severe, encryption can be done not only on the transmitted packets but also to information stored on the disk drive.
For information going over the Internet, encryption is much more important unless it’s all right for the whole world to see the information. If you send your credit card number to a vendor, you must trust that vendor to encrypt and safeguard the information.
Virus Software
A computer virus is a little program that makes copies of itself to send to other computers. It’s very similar in some ways to contagious germs spreading a disease from one person to the next. And like diseases, some of these computer viruses have some really nasty side effects, like wiping out important files in the operating system or filling up the hard drive with garbage data.
As we will discuss a little later, there are ways to keep these virus programs from getting to your computer, but they are not foolproof. A lot of viruses come in attached to e-mail, and then they will mail copies of themselves to everyone in your e-mail address folder. You can’t completely block them without blocking e-mail, and most of us like to get e-mail from our friends and coworkers.
The most important prevention for viruses is to have a good anti-virus program installed on your computer. Norton, McCaffey and Panda are probably the most popular. The next most important thing is to keep the anti-virus software up-to-date, because the delinquents who write virus software are always coming up with new tricks, and the anti-virus companies are just as quickly coming up with new versions to stop them.
Access Control
If you have ever had a computer that was connected to a local area network, you almost certainly had to type in a user name and password to get network access. It’s two forms of ID, just like when you cash a check at department store.
The network administrator used that identification information to determine what you could and couldn’t do on the network. And there may have been additional passwords to access the company’ customer database, employee payroll records, or files stored on someone else’s computer.
Here are a few tips about passwords:
First, if you share files on your computer, use password protection for them even if they are available to everyone in the network. That way they can’t be tampered with if a hacker breaks in.
In choosing a password, never use your name, your birthday or other obvious personal information. The best is a random combination of letters and numbers.
Commit the password to memory, and if you must write it down, hide it. A password written on a post-it note stuck to your monitor is probably worse than no password at all.
Don’t give your password to someone you don’t know personally just because they claim to be tech support, the phone company, the police or your long-lost Aunt Matilda. Refer them to the network administrator, or better yet, get their phone number and have the network administrator call them back.
Firewalls
In a building, a firewall is a wall to keep fire from spreading from one area to another. In a computer network, a firewall is a boundary that can block unwanted data packets. The firewall may be program running on the server or router, or it may be a separate piece of hardware or even a complete computer system just for that purpose. In any case, its purpose is to look at all of the packets coming through, and decide which ones can pass and which ones get blocked.
Ports – Several pages ago, we defined a port as the place in a hub that a cable plugs into. There is another completely different kind of thing called a port, and that is a location in a computer’s memory that is used by a device or application to send and receive data. Each application will have one (or more) of these locations for its own use.
For instance, there is a common e-mail program that has port # 110, which means that the program exchanges information with the rest of the system at memory location 110. The popular game called Doom uses port # 666.
When a packet is sent over a network, it will contain not only the destination address, but also the port number of the application that will use it at that destination. One of the ways a firewall controls the packets is by looking at the port number, and only passing packets with ports that are appropriate for the destination. If nobody should be playing Doom on the network’s computers, then it would make sense to block port 666.
Another way a firewall can control traffic is to look at the source of the packet. It can have a ‘prohibited’ list that keeps out packets from certain IP addresses, or it can have an ‘allowed’ list and block everyone who isn’t on it. Ports can be done the same way, with a ‘prohibited’ or ‘allowed’ list of ports.
Conclusion
There is much more to know about security, and about networks in general, if one is to be involved in managing them. The purpose of this paper is to present just enough information to enable you talk with network administrators and to understand their concerns when presenting network products to them. For additional training in this subject, we recommend the Micro2000 A+ and Network+ courses.