Networking concepts are not easy and please don't ever let anyone make you feel bad for not knowing. This is not something you are usually taught in schools, or by your parents, friends, or anyone! Read "It is complicated" for my rant on this.
However, so much now depends on the internet and your home network that it really helps to know a little bit. I will try to explain some basic concepts, that may help understand the other articles on networking. Your home network can be better - so read on!
Networking concepts
- When talking about home network, we're typically talking about connectivity within a specific location (i.e. your home), and connectivity in & out with the 'internet' - the world wide network out that provides us with entertainment (think Netflix), access to applications (your bank, online shopping, etc) and information (wikipedia, news, etc).
- All the above entertainment, applications and information, are hosted by someone else, on someone else's network, and you can interact with them over the internet. The internet is a massive world wide network of networks.
- The 'internet' also contains services that make the internet work, such as
- DNS - a service that looks up the IP address for a URL. It is the service that knows where www.vancurious.ca lives and can be found
- Routing protocols and algorithms that know how to find the actual server to talk to, based on an IP address
- Your bridge to the internet from your home network is provided by an ISP, an "Internet Service Provider". These companies provide a number of services, including usually a means of translating a URL (e.g www.netflix.com) to an IP address on the internet (DNS) (don't worry if you don't know what an IP address or DNS is yet - I'll get to that later!). They also provide this nifty little box called a modem, which takes care of sending network traffic in & out between your home network and the internet.
- when we talk about a 'port' on a device, that sounds very techie, but in practical terms in this context it is the ethernet connector you plug the cable into
- The term "IOT" or Internet-Of-Things. This refers to all the appliances and gadgets you bought that are 'smart' and often would like connection to the internet. They are all mini-computers that are usually programmed to interact with their 'mother-ship' to share data back (and not necessarily to benefit you) and they are often easily compromised (i.e. taken over by nefarious actors) or offer additional features. I usually do not allow these gadgets connection - why should my garage opener need to be internet-enabled? What possible need can there be for my oven to access the internet?
- Think of all the stuff you have in your home: printers, laptops, tables, mobile phones, your smart TV and smart fridge and perhaps even your fish-feeding device. All these are connected to your home network, and via this 'bridge' (the ISP's modem) connected to the internet. Everything on your home network, in principle, can talk to each other - unless you stop it. And everything inside your home network, can talk to the internet - unless you stop it. What things on the internet can talk to things on your home network is usually stopped by your modem - unless you set it up to allow it.
- IP address is a way to uniquely identify anything on the network. There are two ways a device can get an IP address - you can preconfigure this on a device its your network settings, or you can configure your device to dynamically ask for it by sending a message on the network saying "Is there a DHCP service out there? I'd like an IP address please!").
The draw back to a pre-configured IP is that it is difficult to maintain - much easier if a central service manages this for you. In addition, networks are very unhappy when there are multiple devices with the same address, as it doesn't know where to send traffic. Imagine two houses with an identical address - what is the poor post service going to do! Therefore usually, selecting DHCP in your network settings is a good way to go.- Note that for your internal network, you'll want to choose an "unroutable" IP which by the rules that govern the internet, is not visible outside of your home network i.e. behind your modem.
- DHCP is a service that provides a device with an IP address when the device asks for it. Many things can be configured to run DHCP, including your gateway, your router, or a server on your network, etc. When any device asks for an IP on a network, the device configured with DHCP will respond to the device saying "here you go buddy, here's a nice unique IP address for you, store it well until it expires!"
And the DHCP service can be configured to always provide the same IP address for a certain device - your laptop for instance. How does it do that? Well, each device has one identifier that never changes: it's MAC address. This is hard-wired into the device itself by the manufacturer. And you can set up your DHCP service to associate a specific IP address for a specific MAC address. Network Address Translation (NAT) is a function of most routers and modems. It allows you to shield your internal devices with non-routable IP addresses and present only one public IP to the internet.
Think of a Mage that maintains a protective veil that shields the town as follows:
- Outsiders should not need to know anyone inside the village by their real name (their IP address).
- If someone inside the village wants to talk to an outsider, they have to ask the Never-tiring Mage Nat to send the outsider the message. The response from the outsider will be sent back to the Never-tiring Mage Nat - since the outsider doesn't know the villager's name.
- The Never-tiring Mage Nat, as they are looking after the whole village, keeps a record of all the requests the villagers have sent, so that when a response comes, they know who to pass it on to. "Monseigneur Jacques, I know you were waiting for a response on your request for a knitting pattern from www.bestknittingever.com and, it just came in, here it is!"
- And the Never-tiring Mage Nat passes on the knitting pattern to the villager. The villager never talks directly to www.bestknittingever.com, and that site - the outsider - never talks directly to Monseigneur Jacques
- The Never-tiring Mage Nat also saves the village money, since having a public address, a public mailbox any outsider can reach, is not cheap. The whole village has the benefit of employing only a single Mage guarding the only door in town.
- Note that Mage Nat will always allow messages out, no questions asked, and will also allow any responses in, as long as the villager started the conversation.
- A Firewall is a service (a program) running on a computer that has been set up to inspect and judge network traffic. If active, it will look at ALL traffic that goes through this computer - and for it to do the job, you'll want to have this computer connected in your network such that ALL traffic from and to the internet HAS to go through this computer. So as long as you connect the network to this device, and there is no connection that bypasses it, you have yourself a firewall. Note that the 'device' that has the firewall software on it can be an old computer, a specialized appliance, or a router - and yes, a router is a little computer.
A firewall works like a gatekeeper for your village, letting only trusted travelers into the town. The gatekeeper looks at every traveler (i.e. data traveling on the network) and checks their list of rules to determine:- do we accept messages from this foreign land, or do we have these foreign lands on a 'disallow' list because they've caused issues on the past
- do we accept this types of messages - perhaps we will accept hand written messages but not verbal ones (and a singing telegram is right out)
- if a message sender has acted in bad faith and were detected trying to break the rules, the firewall can block their messages for a certain amount of time even if the next set of messages are following the rules. Kinda 'one strike you're out' approach.
- A firewall does not necessarily allow all messages out. This gatekeeper can ask questions especially if the villagers are detected of sending messages to known questionable places. This helps especially if the villagers may not be that knowledgeable and not realize bad destinations, or if they have been compromised and are being coerced to send messages to bad actors. Remember that your Mage Nat will allow all messages out, and all answers in to a message that started inside.
- Your firewall software is usually one of the many things that runs on a gateway computer, unless you are very lucky and it is built into your modem. To protect your whole network, your gatekeeper the firewall has to sit between the outside network (internet) and your internal network, with no ways around it.
Network Address Translation - how do the internal devices actually talk to the internet?
- You may be wondering - you saw we set up the devices with 'unroutable' IPs. You know these are not addressable from the internet.
So - how do the devices actually interact with sites on the internet, when they are 'hidden'? - The answer is that the work that the NeverNetwork Address Translation. If on your laptop, you try to go to www.lululemon.com, you enter this into your browser's address bar. The request for this URL goes to the router. The router keeps track that it was your laptop wanting this connection. The router sends the request to www.lululemon.com, with sender as itself - its own IP address. www.lululemon.com will send the page with all the awesome gear back to the router's IP address.
And the router, remembering that it was actually your laptop wanting this page, and having kept track of your laptop's internal (non-routable) IP address, will forward the page to your laptop. And your laptop's browser will render the page.
Comments very welcome!
Add new comment