2024 Assessment Specifications

For network communication protocols, questions may cover: 

• the internet protocol suite and its four abstraction layers (application, transport, internet, and link)

• application layer protocols - (HTTP / HTTPS)

• transport layer protocols (TCP and UDP)

• traffic analysis

• network optimisation (e.g. queuing theory, predictive maintenance, patterns, anomalies, security threats)

• encapsulation and de-encapsulation

• security (SSL / TLS).

From the new CSFG: Queuing Theory [new section for CSFG - not yet published]

As we talked about in UDP, packets sometimes get lost in the internet. Mostly dropped packets are from routers because of buffer overflow (the buffer is a limited size queue of packets waiting to be processed, and if it fills up faster than the packets are processed it might fill up completely, so new ones arriving are ignored, and so are dropped).

Queuing theory is a mathematical analysis that allows us to work out things like how large a buffer should be to allow for the expected rates of packets entering the router. It is crucial in computer networks for optimizing the performance and efficiency of data transmission. In networking, it helps manage how data packets are queued and processed as they travel through routers and switches. By analysing packet arrival rates, service rates, queue lengths, and waiting times, queuing theory aids in predicting network performance and preventing congestion.

For example, in a router, queuing theory can help prioritize traffic to ensure that time-sensitive data, such as video streams, receives higher priority over less critical data, such as file downloads. This ensures smooth streaming without buffering. Similarly, in load balancing, queuing theory can distribute incoming traffic evenly across multiple servers, preventing any single server from becoming a bottleneck and improving overall network efficiency. 

In networking and queuing theory, FIFO (First In, First Out) and FCFS (First Come, First Served) are fundamental concepts for managing data packets or tasks in a queue.

FIFO (First In, First Out)

·       FIFO is a method where the first packet or task that arrives in the queue is the first one to be processed. Think of it like a line at a grocery store. The first person to get in line is the first person to be checked out. FIFO is used in various networking protocols and buffering strategies where maintaining the order of packets is crucial. For example, in TCP (Transmission Control Protocol) where packets must be delivered in the order, they were sent to ensure data integrity, when the buffer is getting full a message is sent back to suspend the transmission of data. If packets are lost, the sequence numbering of packets will trigger them being retransmitted to ensure that all the packets are received... eventually.  For something like video or audio connection, this could lead to delays that confuse the user. In this case, UDP is likely to be used; when a buffer is full of a UDP protocol, the packets are just discarded. For audio and video, this just means some parts are skipped, but the transmission stays in real time; however, this would not be acceptable for something like a file download, as it would leave the file incomplete.

FCFS (First Come, First Served)

FCFS is essentially the same as FIFO. It prioritizes processing tasks in the order they arrive. Similar to FIFO, the first task to arrive is the first to be processed, regardless of its size or complexity. FCFS is often used in scheduling algorithms for operating systems, job scheduling in batch processing, and network packet handling.

-          Advantages: Fair and simple to understand and implement. Every task gets a turn based on arrival time.

-          Disadvantages: May lead to the "convoy effect," where a single long task can hold up shorter tasks behind it, reducing overall system efficiency.

Key Differences

• Context Usage: While FIFO is often specifically used in the context of queue data structures and buffers, FCFS is more broadly used in scheduling and processing systems.

• Terminology: Both terms are frequently used interchangeably, but FCFS emphasizes the scheduling aspect, whereas FIFO emphasizes the data handling aspect.

From the new CSFG: Predictive maintenance [new section for CSFG - not yet published]

Predictive maintenance in computer science involves using data analysis techniques to predict when a system or component is likely to fail. This approach allows for timely maintenance actions before actual failures occur, thereby minimizing downtime and repair costs. By collecting data from sensors and logs, and applying predictive algorithms, systems can detect patterns that indicate potential issues. This technique is widely used in data centres, manufacturing, and network infrastructure to ensure continuous operation and reliability.

From the new CSFG: Patterns [new section for CSFG - not yet published]

In computer networking, patterns refer to recurring solutions to common challenges within network design and architecture. These patterns offer a more consistent approach to address specific network issues, improving network efficiency, scalability, and maintainability. These patterns also allow for engineers to have good understandings of processes because they are done in a specific way.

Examples include:

-          Load Balancing pattern - which distributes network traffic across multiple servers to prevent any single server from becoming a bottleneck.

-          Proxy pattern - which acts as an intermediary for requests from clients seeking resources from other servers, enhancing security and performance.

Recognizing and applying these patterns helps in developing robust and efficient network infrastructures. For instance, the use of the Cache pattern can significantly reduce latency and bandwidth usage by storing frequently accessed data closer to the end user. In dynamic network environments, the Failover pattern ensures high availability by automatically redirecting traffic to a standby server if the primary server fails.

Pattern recognition is crucial in network management and monitoring. Identifying traffic patterns can lead to insights for optimizing bandwidth allocation and detecting potential security threats. For example, the application of the Micro-segmentation pattern enhances security by dividing the network into smaller, isolated segments, thus limiting the spread of potential breaches.

By leveraging these networking patterns, engineers can design and maintain systems that are more resilient, efficient, and easier to manage.

From the new CSFG: Anomalies and Security Threats [new section for CSFG - not yet published]

Anomalies in computer science are unusual patterns or behaviours that deviate from the norm and often indicate potential security threats. Detecting anomalies is crucial for maintaining system integrity and security. Techniques such as anomaly detection algorithms and machine learning are employed to identify these irregularities. Anomalies can be indicative of various issues, including malware, intrusions, or hardware malfunctions. By analysing system logs, network traffic, and user behaviour, these techniques help in recognizing suspicious activities early on. For example, a sudden spike in network traffic from an unknown source might suggest a Distributed Denial of Service (DDoS) attack, prompting immediate security measures.

Here are some examples of anomalies and security threats:

Examples of Anomalies:

1. Unusual Network Traffic Patterns:

   • A sudden, unexplained spike in network traffic from a single IP address, which could indicate a potential security breach or malfunctioning device.

2. Unexpected Login Locations:

   • A user account shows login attempts from geographically distant locations within a short period, suggesting possible account compromise.

3. Abnormal System Resource Usage:

   • A server exhibits unexpectedly high CPU or memory usage without a corresponding increase in workload, indicating a possible malware infection or runaway process.

4. Unusual File Access Patterns:

   • A user or process accessing a large number of files in a short time, which could be a sign of data exfiltration or a ransomware attack.

5. Irregular Behaviour in Application Logs:

   • Application logs contain unusual error messages or activity patterns not typical for regular operations, suggesting potential security issues or bugs.

Examples of Security Threats:

• Distributed Denial of Service (DDoS) Attack:

  • Description: A DDoS attack is a coordinated attack where multiple systems flood a targeted system with traffic, overwhelming it and causing a denial of service to legitimate users. To Mitigate this problem, using firewalls and intrusion detection/prevention systems (IDS/IPS) to filter and block malicious traffic. Implement rate limiting to control the flow of incoming traffic. Employ DDoS protection services that can absorb and mitigate attack traffic.

• Phishing Attacks:

  • Phishing attacks are malicious attempts to acquire sensitive information such as usernames, passwords, and credit card details by disguising as a trustworthy entity in electronic communications. We need to educate users about recognizing phishing attempts. Implement email filtering and anti-phishing tools. Use multi-factor authentication (MFA) to provide an additional layer of security.

• SQL Injection:

  • Description: SQL injection is a code injection technique that exploits vulnerabilities in an application's software by inserting malicious SQL queries into input fields, leading to unauthorized access to the database.

  • Mitigation: Validate and sanitize all user inputs. Use prepared statements and parameterized queries. Implement web application firewalls (WAFs) to detect and block malicious requests.

• Ransomware:

  • Ransomware is malware that encrypts a victim's data and demands payment for the decryption key, effectively holding the data hostage until the ransom is paid. Regularly backing up data and ensure backups are stored offline or in a separate network will help avoid the problem, also using endpoint protection software to detect and block ransomware. Educate users on avoiding suspicious emails and downloads.

• Man-in-the-Middle (MITM) Attack:

  • In a MITM attack, an attacker intercepts and potentially alters the communication between two parties who believe they are directly communicating with each other, compromising the confidentiality and integrity of the communication. Using virtual private networks (VPNs) to encrypt data transmitted over untrusted networks helps avoid attacks in this manner.

Useful Links

https://www.youtube.com/watch?v=z611FLLR3_8 (Queuing Theory – Advanced)

https://www.youtube.com/watch?v=2V38iVkQ0r4 (Predictive Maintenace)

security (ssl/tls)

Digital Certificate Types    From Steve's Internet guide:

If you are trying to purchase a certificate for a website or to use for encrypting MQTT you will encounter two main types:

• Domain Validated Certificates (DVC)

• Extended validation Certificates (EVC)

The difference in the two types is the degree of trust in the certificate which comes with more rigorous validation.

The level of encryption they provide is identical

A domain-validated certificate (DV) is typically used for Transport Layer Security (TLS) where the identity of the applicant has been validated by proving some control over a DNS domain.

The validation process is normally fully automated making them the cheapest form of certificate. They are ideal for use on websites like this site that provides content, and not used for sensitive data.

An Extended Validation Certificate (EV) is a certificate used for HTTPS websites and software that proves the legal entity controlling the website or software package. Obtaining an EV certificate requires verification of the requesting entity’s identity by a certificate authority (CA).

They are generally more expensive than domain validated certificates as they involve manual validation.

Different Perspectives

The Future and Protocols

From:  APNIC - Internet protocols are changing

Background

When the Internet started to become widely used in the 1990s, most traffic used just a few protocols: IPv4 routed packets, TCP turned those packets into connections, SSL (later TLS) encrypted those connections, DNS named hosts to connect to, and HTTP was often the application protocol using it all.

For many years, there were negligible changes to these core Internet protocols.

As a result, network operators, vendors, and policymakers that want to improve (and sometimes, control) the Internet have adopted a number of practices based upon the official protocol to tweak things, whether intended to debug issues, improve quality of service, or impose policy.  

Now, significant changes to the core Internet protocols are underway. While they are intended to be compatible with the Internet at large (since they won’t get adoption otherwise), they might be disruptive to those who have taken liberties with undocumented aspects of protocols or made an assumption that things won’t change. 

Why we need to change the Internet

There are a number of factors driving these changes.

1. The limits of the core Internet protocols have become apparent, especially regarding performance. Because of structural problems in the application and transport protocols, the network was not being used as efficiently as it could be, leading to end-user perceived performance (in particular, latency).

This translates into a strong motivation to evolve or replace those protocols because there is a large body of experience showing the impact of even small performance gains.

2. The ability to evolve Internet protocols — at any layer — has become more difficult over time, largely thanks to the unintended uses by networks discussed above. For example, HTTP proxies that tried to compress responses made it more difficult to deploy new compression techniques; TCP optimization in middleboxes made it more difficult to deploy improvements to TCP.

3. Finally, we are in the midst of a shift towards more use of encryption on the Internet. Encryption is one of best tools we have to ensure that protocols can evolve and many protocols have been developed to insist on encryption. 

You can read about these further by going to the APNIC site referenced above.