INTERNET & WEB TECHNOLOGY – I

Module IV (10 lecture)

Lecture No. Topic
Internet Application introduction : FTP
Lecture 1

Internet Application : Telnet & Email

Lecture 2

Internet Application : WWW & HTTP

Lecture 3

Search Engines & E-Commerce

Lecture 4

E-Commerce Security issues and Encryption

Lecture 5

Security challenges including Symmetric and Asymmetric Key

Lecture 6 Encryption

Digital Certificate & Digital Signature

Lecture 7

Emerging Trends in Information Technology

Lecture 8

Internet Telephony & Virtual Reality on Web

Lecture 9

Intranet , Extranet & Firewall

Lecture 10
What is the difference between the client side and server-side programming?

 It is the general name given to the code running on the client’s device (browser). It
governs the behavior & the appearance of your webpage and is used to make interac-
tive web pages, send requests to the server and retrieve data from it as well as make
stuff happen dynamically on the web-page. It is written using HTML, CSS and
JavaScript.
 The server-side programming is the name given to all types of programs which run on
the web server. They process the user input, interact with the databases and control
what content is served back to the client as a response to his request. It is written in a
number of programming languages including PHP, NodeJS, Python, etc. and has full
access to the server’s OS and the programmer can chose the language he/she wants to
code in.
 Server-side programming is extremely useful as it helps to efficiently deliver user-cus-
tomized content, and thus enhance the user experience. It can also be used to refine re-
sponses based on the user’s data (Data Analysis).

Common Gateway Interface

In computing, Common Gateway Interface (CGI) is an interface specification for web
servers to execute programs like console applications (also called command-line interface
programs) running on a server that generates web pages dynamically. Such programs are
known as CGI scripts or simply as CGIs. The specifics of how the script is executed by the
server are determined by the server. In the common case, a CGI script executes at the time a
request is made and generates HTML.
In brief, an HTTP GET or POST request from the client may send HTML form data to the
CGI program via standard input. Other data, such as URL paths, and HTTP header data, are
presented as process environment variables.

 Each web server runs HTTP server software, which responds to requests from web
browsers. Generally, the HTTP server has a directory (folder), which is designated as
a document collection — files that can be sent to Web browsers connected to this
server.
 For example, if the Web server has the domain name example.com , and its document
collection is stored at /usr/local/apache/htdocs in the local file system, then the Web
server will respond to a request for http://example.com/index.html by sending to the
browser the (pre-written) file /usr/local/apache/htdocs/index.html .

For pages constructed on the fly, the server software may defer requests to separate programs
and relay the results to the requesting client (usually, a web browser that displays the page to
the end user). In the early days of the web, such programs were usually small and written in a
scripting language; hence, they were known as scripts.
Such programs usually require some additional information to be specified with the request.
For instance, if Wikipedia were implemented as a script, one thing the script would need to
know is whether the user is logged in and, if logged in, under which name. The content at the
top of a Wikipedia page depends on this information.
HTTP provides ways for browsers to pass such information to the web server, e.g. as part of
the URL. The server software must then pass this information through to the script somehow.
Conversely, upon returning, the script must provide all the information required by HTTP for
a response to the request: the HTTP status of the request, the document content (if available),
the document type (e.g. HTML, PDF, or plain text), et cetera.
Initially, different server software would use different ways to exchange this information with
scripts. As a result, it wasn't possible to write scripts that would work unmodified for differ -
ent server software, even though the information being exchanged was the same. Therefore, it
was decided to specify a way for exchanging this information: CGI (the Common Gateway
Interface, as it defines a common way for server software to interface with scripts). Webpage
generating programs invoked by server software that operate according to the CGI specifica-
tion are known as CGI scripts.
This specification was quickly adopted and is still supported by all well-known server soft-
ware, such as Apache, IIS, and (with an extension) node.js-based servers.
An early use of CGI scripts was to process forms. In the beginning of HTML, HTML forms
typically had an "action" attribute and a button designated as the "submit" button. When the
submit button is pushed the URI specified in the "action" attribute would be sent to the server
with the data from the form sent as a query string. If the "action" specifies a CGI script then
the CGI script would be executed and it then produces an HTML page.

Using CGI scripts

A web server allows its owner to configure which URLs shall be handled by which CGI
scripts.
 This is usually done by marking a new directory within the document collection as
containing CGI scripts — its name is often cgi-bin .
 For example, /usr/local/apache/htdocs/cgi-bin could be designated as a CGI direc-
tory on the web server.
 When a Web browser requests a URL that points to a file within the CGI directory
(e.g., http://example.com/cgi-bin/printenv.pl/with/additional/path?
and=a&query=string ) ,
then, instead of simply sending that file ( /usr/local/apache/htdocs/cgi-bin/printenv.pl )
to the Web browser, the HTTP server runs the specified script and passes the output
of the script to the Web browser.
 That is, anything that the script sends to standard output is passed to the Web client
instead of being shown on-screen in a terminal window.
  As remarked above, the CGI specification defines how additional information passed
with the request is passed to the script.
 For instance, if a slash and additional directory name(s) are appended to the URL im-
mediately after the name of the script (in this example, /with/additional/path ), then
that path is stored in the PATH_INFO environment variable before the script is
called.
 If parameters are sent to the script via an HTTP GET request (a question mark ap-
pended to the URL, followed by param=value pairs; in the example, ?
and=a&query=string ), then those parameters are stored in the QUERY_STRING en-
vironment variable before the script is called.
 If parameters are sent to the script via an HTTP POST request, they are passed to the
script's standard input. The script can then read these environment variables or data
from standard input and adapt to the Web browser's request.

Example
The following Perl program shows all the environment variables passed by the Web
server:

#!/usr/bin/env perl

=head1 DESCRIPTION

printenv — a CGI program that just prints its environment

=cut
print "Content-Type: text/plain\n\n";

for my $var ( sort keys %ENV ) {

printf "%s=\"%s\"\n", $var, $ENV{$var};
}

If a Web browser issues a request for the environment variables at http://example.com/cgi-

bin/printenv.pl/foo/bar?var1=value1&var2=with%20percent%20encoding , a 64-bit Win-
dows 7 web server running cygwin returns the following information:

COMSPEC="C:\Windows\system32\cmd.exe"
DOCUMENT_ROOT="C:/Program Files (x86)/Apache Software Founda-
tion/Apache2.4/htdocs"
GATEWAY_INTERFACE="CGI/1.1"
HOME="/home/SYSTEM"
HTTP_ACCEPT="text/html,application/xhtml+xml,application/
xml;q=0.9,*/*;q=0.8"
HTTP_ACCEPT_CHARSET="ISO-8859-1,utf-8;q=0.7,*;q=0.7"
HTTP_ACCEPT_ENCODING="gzip, deflate, br"
HTTP_ACCEPT_LANGUAGE="en-us,en;q=0.5"
HTTP_CONNECTION="keep-alive"
HTTP_HOST="example.com"
HTTP_USER_AGENT="Mozilla/5.0 (Windows NT 6.1; WOW64; rv:67.0)
Gecko/20100101 Firefox/67.0"
PATH="/home/SYSTEM/bin:/bin:/cygdrive/c/progra~2/php:/cyg-
drive/c/windows/system32:..."
PATHEXT=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"
PATH_INFO="/foo/bar"
PATH_TRANSLATED="C:\Program Files (x86)\Apache Software Foun-
dation\Apache2.4\htdocs\foo\bar"
QUERY_STRING="var1=value1&var2=with%20percent%20encoding"
REMOTE_ADDR="127.0.0.1"
REMOTE_PORT="63555"
REQUEST_METHOD="GET"
REQUEST_URI="/cgi-bin/printenv.pl/foo/bar?
var1=value1&var2=with%20percent%20encoding"
SCRIPT_FILENAME="C:/Program Files (x86)/Apache Software Foun-
dation/Apache2.4/cgi-bin/printenv.pl"
SCRIPT_NAME="/cgi-bin/printenv.pl"
SERVER_ADDR="127.0.0.1"
SERVER_ADMIN="(server admin's email address)"
SERVER_NAME="127.0.0.1"
SERVER_PORT="80"
SERVER_PROTOCOL="HTTP/1.1"
SERVER_SIGNATURE=""
SERVER_SOFTWARE="Apache/2.4.39 (Win32) PHP/7.3.7"
SYSTEMROOT="C:\Windows"
TERM="cygwin"
WINDIR="C:\Windows"

Some, but not all, of these variables are defined by the CGI standard. Some, such
as PATH_INFO , QUERY_STRING , and the ones starting with HTTP_ , pass information
along from the HTTP request.
From the environment, it can be seen that the Web browser is Firefox running on a Windows
7 PC, the Web server is Apache running on a system that emulates Unix, and the CGI script
is named cgi-bin/printenv.pl .
The program could then generate any content, write that to standard output, and the Web
server will transmit it to the browser.
The following are environment variables passed to CGI programs:

 Server specific variables:

o SERVER_SOFTWARE : name/version of HTTP server.
o SERVER_NAME : host name of the server, may be dot-decimal IP ad-
dress.
o GATEWAY_INTERFACE : CGI/version.
 Request specific variables:
o SERVER_PROTOCOL : HTTP/version.
o SERVER_PORT : TCP port (decimal).
o REQUEST_METHOD : name of HTTP method (see above).
o PATH_INFO : path suffix, if appended to URL after program name
and a slash.
o PATH_TRANSLATED : corresponding full path as supposed by
server, if PATH_INFO is present.
o SCRIPT_NAME : relative path to the program, like /cgi-bin/scrip -
t.cgi .
o QUERY_STRING : the part of URL after ? character. The query
string may be composed of *name=value pairs separated with amper-
sands (such as var1=val1&var2=val2...) when used to sub-
mit form data transferred via GET method as defined by HTML appli-
cation/x-www-form-urlencoded.
o REMOTE_HOST : host name of the client, unset if server did not per-
form such lookup.
o REMOTE_ADDR : IP address of the client (dot-decimal).
o AUTH_TYPE : identification type, if applicable.
o REMOTE_USER used for certain AUTH_TYPE s.
o REMOTE_IDENT : see ident, only if server performed such lookup.
o CONTENT_TYPE : Internet media type of input data if PUT or POST
method are used, as provided via HTTP header.
o CONTENT_LENGTH : similarly, size of input data (decimal,
in octets) if provided via HTTP header.
o Variables passed by user agent ( HTTP_AC -
CEPT , HTTP_ACCEPT_LANGUAGE , HTTP_USER_AGENT , H
TTP_COOKIE and possibly others) contain values of correspond-
ing HTTP headers and therefore have the same sense.
The program returns the result to the Web server in the form of standard output, beginning
with a header and a blank line.
The header is encoded in the same way as an HTTP header and must include the MIME
type of the document returned.[8] The headers, supplemented by the Web server, are generally
forwarded with the response back to the user.
Here is a simple CGI program written in Python 3 along with the HTML that handles a sim-
ple addition problem.[9]
add.html :

<!DOCTYPE html>
<html>
<body>
<form action="add.cgi" method="POST">
<fieldset>
<legend>Enter two numbers to add</legend>
<label>First Number: <input type="number" name="num1"></
label><br>
<label>Second Number: <input type="number"
name="num2"></label><br>
</fieldset>
<button>Add</button>
</form>
</body>
</html>

add.cgi :

#!/usr/bin/env python3

import cgi, cgitb

cgitb.enable()

input_data = cgi.FieldStorage()

print('Content-Type: text/html') # HTML is following

print('') # Leave a blank line
print('<h1>Addition Results</h1>')
try:
num1 = int(input_data["num1"].value)
num2 = int(input_data["num2"].value)
except:
print('<output>Sorry, the script cannot turn your inputs
into numbers (integers).</output>')
raise SystemExit(1)
print('<output>{0} + {1} = {2}</output>'.format(num1, num2,
num1 + num2))

This Python 3 CGI program gets the inputs from the HTML and adds the two numbers to-
gether.
Deployment[edit]
A Web server that supports CGI can be configured to interpret a URL that it serves as a refer-
ence to a CGI script. A common convention is to have a cgi-bin/ directory at the base of the
directory tree and treat all executable files within this directory (and no other, for security) as
CGI scripts. Another popular convention is to use filename extensions; for instance, if CGI
scripts are consistently given the extension .cgi , the web server can be configured to interpret
all such files as CGI scripts. While convenient, and required by many prepackaged scripts, it
opens the server to attack if a remote user can upload executable code with the proper exten-
sion.
In the case of HTTP PUT or POSTs, the user-submitted data are provided to the program via
the standard input. The Web server creates a subset of the environment variables passed to it
and adds details pertinent to the HTTP environment.

Internet Application
The primary errand of the Internet is to give administrations to clients. Among the most
popular applications are file transfer,Telnet, electronic mail,chat , www.

FTP
1. Introduction:

 File Transfer Protocol (FTP)is a standard network protocol used to transfer files
from one host to another host over a TCP-based network, such as the Internet and
used in Application layer of TCP/IP suite.

 The main objective of this protocol is:

1. To transfer data reliably and efficiently
2. To promote sharing of files (compute programs and /or data)
3. To transfer files between FTP client and FTP servers( file download, upload)

 While transferring data over the network, four data representations can be used

1. ASCII mode
2. Image mode (commonly called Binary mode)
3. EBCDIC mode
4. Local mode

Data transfer can be done in any of three modes:

 Stream mode: Data is sent as a continuous stream,

  Block mode: FTP breaks the data into several blocks
 Compressed mode:

2. History:
 The original specification for the File Transfer Protocol was written by AbhayB-
hushan and published as RFC 114 on 16 April 1971 and later replaced by RFC 765
(June 1980) and RFC 959 (October 1985), the current specification. Several proposed
standards amend RFC 959, for example RFC 2228 (June 1997) proposes security ex-
tensions and RFC 2428 (September 1998) adds support for IPv6 and defines a new
type of passive mode.
 A Request for Comments (RFC) is a publication of the Internet Engineering Task
Force (IETF) and the Internet Society, the principal technical development and stan-
dards-setting bodies for the Internet.

3. The FTP Model

 FTP uses TCP as transport protocol to provide reliable end-to-end connections.

 Two connections are used: the first is the control connection and the second is the
data connection that is managing the data transfer.

 On both sides of the link the FTP application is built with a protocol interpreter (PI)
and a data transfer process (DTP). On the client side of the link there exists also a user
interface.
  The user interface communicates with the protocol interpreter, which is in charge of the con -
trol connection.

 The protocol interpreter, besides its function of responding to the control protocol, has also to
manage the data connection. During the file transfer, the data management is performed by
the DTPs.

4. Protocol Overview:

The FTP protocol uses a control connection (the primary connection) and a data connection (the
secondary connection).

4.1 The Control connection:

 The control connection is the communication path between the USER-PI and
SERVER-PI for the exchange of commands and replies. This connection follows
the Telnet Protocol.
 When an FTP client wants to exchange files with an FTP server, the FTP client
must first set up the control connection. The client makes a TCP connection from a
random unprivileged port N (N > 1023) to the FTP server's well known command
port 21 (the IANA assigned port number).
  The protocol requests the control connection to remain open while the data transfer is
in progress.
 A data connection cannot exist without an open control connection.
 The data connection doesn't need to exist all of the time and there can be many data
connections during the lifetime of a control connection.
 It is the responsibility of the user to request the closing of the control connection
when finished using the FTP service. However, it is the server who takes the action to
close the control connection.

4.2 The Data connection:

 The data connection is the communication path between the USER-DTP and
SERVER-DTP for the exchange of the real data, being directory lists and files. De-
pending on the chosen FTP mode, the data connection is initiated from the server (ac-
tive mode) or the client (passive mode).
5. Overview: FTP Basics Operations:

Goal:

Setup control and data connections, transfer data, closed connections.

Topology: A client H1 is connected to a FTP server S1 via Internet.

Steps:
1. H1 requests for a control connection with S1.
2. S1 requests for a data connection with H1.
3. S1 transfers data to H1.
4. When data transfer is done, S1 requests to close data connection and control connec-
tion.

H1: Control connection request

At H1, user types: ftp 1.1.2.1. It triggers H1 sending a Control Connection Request packet to
S1.
When S1 receives this request, it sends an Ack back to H1.Upon receiving Ack, H1 prints "20
FTP Server ready" to indicate that control connection is up.

H1: Get foo, PORT

- User types "get foo" at H1 to ask S1 to send a file foo.

- Then H1 sends a PORT command. Click PORT to see H1's port information: (IP: 1.1.1.1,
port: 54705).

Note: Here FTP runs in active mode. It is server that initiates data connection. But server
needs to know client's port number first. This is why H1 sends an unsolicited PORT
command to S1.

S1: Data connection request

- Upon receiving PORT, S1 sends data_Conn to H1 (source port 20, destination port 54705)
- H1 responds with an Ack_data_Conn. Now data connection is up.
- S1 receives the Ack and sends a message to H1 (not shown in animation)
- H1 receives the message and prints “150 Opening BINARY....” to indicate that data transfer
are starting.

S1 transfers foo to H1
- With data connection established, S1 starts to transmit foo data one packet (ftp_Data) at a
time.
- When H1 receives a data packet, it responds an Ack_Data.
- When S1 receives Ack, it sends the next data packet.

S1: close data connection

- After S1 has transmitted all data packets, it sends a message to H1

- When H1 receives this message, it print’s"226 Transfer complete" to indicate the file
transfer is done.
- S1 closes the data connection and sends Close Data request to H1.
- H1 receives this request and sends an Ack to grant it. This closes FTP data connection.

S1: close control connection

- User has no other FTP tasks to do and types "quit." It triggers a message to S1
- When S1 receives the quit message, it sends a goodbye message to H1
- H1 receives this message and prints “221 Goodbye" to tell user that FTP is exited.
- S1 sends Close_Ctrl to close control connection with H1.

- H1 receives the request and sends Ack_Close to confirm. Now FTP control connection is
closed.

5.1 File Transfer Protocol (basic Operations):

 Conn Control Request

Ok setup Control Con (ACK)

Ask S1 to send file FOO

Then send PORT command to S1(Port INFO)

Data Conn request

Ok set up a data Conn

ACK Data Conn

FTP data Packet

ACK Data

Send a note about completing data

Request

ACK for REQ to close data Connection

Now, REQ for

REQUEST closed Control
connection

ACK to close Control Connection

Connection Closed

6. The FTP Protocol Modes

FTP may run in active or passive mode, which determines how the data connection is established.

6.1 FTP Active Mode:

  In active mode, the client creates a TCP control connection. While data connection is
initiated by FTP server.
 In active mode, the client sends a PORT command to the server. Basically this com-
mand tells the server to which host (IP address) and port number (unprivileged port >
1023)
 The server must connect back for the data connection. After accepting the Port com-
mand, the server will then establish the data connection from its local data port 20
(the IANA assigned port number) to the IP address and port number learned from the
PORT command.

6.2 FTP Passive Mode:

 In Passive mode, the clients are responsible for initiating both the connection control
connection as well as data connection.
 In passive mode, the client sends a PASV command to the server. Basically this com-
mand asks the server to "listen" on a data port (which is not its default data port 20)
and to wait for a connection rather than to initiate one.
 If the server supports the passive mode, it will send a reply to this command including
the host (IP address) and port number (unprivileged port > 1023) this server is listen-
ing on.
 The client will then establish the data connection from a local random unprivileged
port (> 1023) to the IP address and port number learned from the PASV reply.
6.3 Login

FTP login utilizes a normal username and password scheme for granting access. The
username is sent to the server using the USER command, and the password is sent us-
ing the PASS command. If the information provided by the client is accepted by the
server, the server will send a greeting to the client and the session will commence. If
the server supports it, users may log in without providing login credentials, but the
same server may authorize only limited access for such sessions.

7. List of FTP commands:

These are the FTP commands that may be sent to an FTP server, these commands are
standardized in RFC 959 by the IETF.

Note that most command-line FTP clients present their own set of commands to users. For
example, GET is the common user command to download a file instead of the raw command
RETR.
Command RFC Description
Abort an active file transfer.
ABOR
ACCT Account information.
ADAT RFC 2228 Authentication/Security Data
Allocate sufficient disk space to receive a
ALLO
file.
APPE Append.
AUTH RFC 2228 Authentication/Security Mechanism
CCC RFC 2228 Clear Command Channel
CDUP Change to Parent Directory.
CONF RFC 2228 Confidentiality Protection Command
CWD Change working directory.
DELE Delete file.
ENC RFC 2228 Privacy Protected Channel
Specifies an extended address and port to
EPRT RFC 2428
which the server should connect.
EPSV RFC 2428 Enter extended passive mode.
Get the feature list implemented by the
FEAT RFC 2389
server.
Returns usage documentation on a
HELP command if specified, else a general help
document is returned.
LANG RFC 2640 Language Negotiation
Returns information of a file or directory
LIST if specified, else information of the
current working directory is returned.
Specifies a long address and port to
LPRT RFC 1639
which the server should connect.
LPSV RFC 1639 Enter long passive mode.
Return the last-modified time of a
MDTM RFC 3659
specified file.
MIC RFC 2228 Integrity Protected Command
MKD Make directory.
Lists the contents of a directory if a
MLSD RFC 3659
directory is named.
Provides data about exactly the object
MLST RFC 3659 named on its command line, and no
others.
Sets the transfer mode (Stream, Block, or
MODE
Compressed).
Returns a list of file names in a specified
NLST
directory.
No operation (dummy packet; used
NOOP
mostly on keepalives).
OPTS RFC 2389 Select options for a feature.
PASS Authentication password.
PASV Enter passive mode.
PBSZ RFC 2228 Protection Buffer Size
 Command RFC Description
Specifies an address and port to which
PORT
the server should connect.
PROT RFC 2228 Data Channel Protection Level.
Print working directory. Returns the
PWD
current directory of the host.
QUIT Disconnect.
REIN Re initializes the connection.
REST Restart transfer from the specified point.
RETR Transfer a copy of the file
RMD Remove a directory.
RNFR Rename from.
RNTO Rename to.
Sends site specific commands to remote
SITE
server.
SIZE RFC 3659 Return the size of a file.
SMNT Mount file structure.
STAT Returns the current status.
Accept the data and to store the data as a
STOR
file at the server site
STOU Store file uniquely.
STRU Set file transfer structure.
SYST Return system type.
TYPE Sets the transfer mode (ASCII/Binary).
USER Authentication username.
Change to the parent of the current
XCUP RFC 775
working directory
XMKD RFC 775 Make a directory
XPWD RFC 775 Print the current working directory
XRCP RFC 743
XRMD RFC 775 Remove the directory
XRSQ RFC 743
XSEM RFC 737 Send, mail if cannot
XSEN RFC 737 Send to terminal

8. Advantages of FTP

 FTP is the fast and efficient way of transferring bulks of data across the internet.
 Allows transferring multiple files as well as directories.
 Many FTP clients have the ability to schedule transfers.
 No size limitation on single transfers (browsers only allow up to 2 GB)
 Many clients have scripting capabilities through command line
 Most clients have a synchronizing utility
 Faster transfers then HTTP
  It has an automatic backup .Whenever you edit your files in your local system you can
update the same by copying it to the host system in your site. So in cases where your
site has crashed and all the data is lost you have a copy of it in your own local system.
It also works the other way round.
 FTP gives you control over transfer. That is, you can choose the mode in which the
data is transferred over the network. The data can be transferred either in the ASCII
mode (for text files) or in the Binary mode (for executable or compressed files).
 You can work with the directories on the remote systems, delete or rename the remote
files while transferring data between 2 hosts.
9. Disadvantages of FTP

 FTP was not designed to be a secure protocol.

 FTP causes the following attacks during the transfer of data.
1. Bounce Attacks
2. Spoof Attacks
3. Brute Force Attacks
4. Packet Sniffing
5. User name protection
6. Port sealing

 Encryption of data is not done in FTP.

 Usernames, passwords and files are sent in clear text.
 Servers can be spoofed to send data to a random port on an unintended computer
 Filtering active FTP connections is difficult on your local machine (passive is pre-
ferred)

Telnet

TELNET is a shortening for TErminaL NETwork. It is the standard TCP/IP convention for
virtual terminal administration as proposed by the International Organization for Standards
(ISO). TELNET empowers the foundation of an association with a remote framework in such
a way that the nearby terminal has all the earmarks of being a terminal at the remote
framework.
Introduction.

Before gophers, hypertext, and sophisticated web browsers, telnet was the primary means by
which computer users connected their machines with other computers around the world.
Telnet is a plain ASCII terminal emulation protocol that is still used to access a variety of
information sources, most notably libraries and local BBS’s. This report will trace the history
and usage of this still popular and widely used protocol and explain where and how it still
manages to fit in today.

Where.
 To play games,
 To join chat lines, or
 To access and modify web pages if you have a web site

Why.
 To configure remote system and remote devices(like Router) and access some appli-
cation level protocols(SMTP, FTP, etc).

What.
 Telnet is a network protocol used on the Internet or local area networks to provide a
bidirectional interactive text-oriented communication facility using a virtual termi-
nal connection. User data is interspersed in- band with Telnet control information
in an 8-bit byte oriented data connection over the Transmission Control Protocol
(TCP).

Telnet Model

 TELNET uses the TCP protocol. The TELNET service is offered in the host ma-
chine’s TCP port 23.
 The user at the terminal interacts with the local telnet client.
 The TELNET client acts as a terminal accepting any keystrokes from the keyboard,
interpreting them and displaying the output on the screen.
  The client on the computer makes the TCP connection to the host machine’s
port 23 where the TELNET server answers. The TELNET server interacts with appli-
cations in the host machine and assists in the terminal emulation.

Advantages:

 Using telnet we can able to use access another system.

 We can use other computers, fix other people's computer problems,
 We can play games with other (remote) users.

Disadvantages:

 The data is transferred in plain text format. There is no encryption or security.

 Telnet is not widely available.
 Most of the options present in telnet are not supporting now a day application. (Like
SMTP access through telnet is banned by almost all SMTP servers).
 Telnet has no graphical user interface (GUI).

Telnet Options
TELNET also provides an option that allows the client and server to pass 8-bit data. TELNET
lets the client and server negotiate options before or during the use of the service. Options are
extra features available to a user with a more sophisticated terminal.
Code Option Meaning
0 Binary Interpret as 8-bit binary transmission
1 Echo Echo the data received on one side to the other.
3 Supress go ahead Suppress go-ahead signals after data
5 Status Request the status of TELNET.
6 Timing mark Define the timing marks.
24 Terminal type Set the terminal type.
32 Terrninalspeed Set the terminal speed.
34 Line mode Change to line mode.

Electronic Mail
A standout amongst the most prominent Internet administrations is electronic mail (email).
The planners of the Internet most likely never envisioned the ubiquity of this application
program. At the start of the Internet period, the messages sent by electronic mail were short
what's more comprised of content just; they let individuals trade brisk updates. Today,
electronic mail is a great deal more intricate. It permits a message to incorporate content,
sound, and feature. It moreover permits one message to be sent to one or more beneficiaries.
An Internet email message comprises of three parts, the message envelope, the message
header, and the message body. The message header contains control data, including,
negligibly, an originator's email location and one or more beneficiary locations. Generally
spellbinding data is additionally included, for example, a subject header field and a message
accommodation date/time stamp.

WWW and HTTP

The World Wide Web (WWW) is a store of data connected together from focuses
everywhere throughout the world. The WWW has a remarkable blend of adaptability,
convenience, also easy to understand characteristics that recognize it from different
administrations gave by the Internet.
The WWW undertaking was launched by CERN (European Laboratory for Particle Physics)
to make a framework to handle circulated assets vital for logical exploration.
The World Wide Web (WWW, W3) is a data arrangement of interlinked hypertext archives
that are gotten to by means of the Internet. It has likewise generally ended up referred to just
as the Web. Individual record pages on the World Wide Web are called site pages and are
gotten to with a product application running on the client's PC, ordinarily called a web
program. Website pages may contain content, pictures, features, and other mixed media parts,
and in addition web route gimmicks comprising of hyperlinks.
History
Tim Berners-Lee, a British PC researcher and previous CERN representative, is viewed as
the innovator of the Web. On 12 March 1989, Berners-Lee composed a proposition for what
would in the long run turn into the World Wide Web.
Architecture
The WWW today is a dispersed client server administration, in which a customer utilizing a
program
can get to an administration utilizing a server. Notwithstanding, the administration gave is
conveyed over numerous areas called sites, as indicated in Figure.
The client needs to see some information that it knows belongs to site A. It sends a request
through its browser, a program that is designed to fetch Web documents. The request, among
other information, includes the address of the site and the Web page, called the URL. The
server at site A finds the document and sends it to the client. When the user views the
document, she finds some references to other documents ,including a Web page at site B. The
reference has the URL for the new site. The user is also interested in seeing this document.
The client sends another request to the new site, and the new page is retrieved.
Client (Browser)
Each browser usually consists of three parts: a controller, client protocol ,and interpreters.
The controller receives input from the keyboard or the mouse and uses the client programs to
access the document. After the document has been accessed , the controller uses one of the
interpreters to display the document on the screen.The client protocol can be one of the
protocol like FTP The interpreter can be HTML, Java,or JavaScript, depending on the type of
document.
Server
The Webpage is put away at the server. Each time a customer solicitation arrives , the relating
record is sent to the client. To enhance efficiency, servers regularly store asked records in a
store in memory; memory is speedier to get to than disk. A server can likewise become more
productive through multithreading or multiprocessing. In this case, a server can answer more
than one appeal at once.
Uniform Resource Locator
An Uniform Resource Locator (abridged URL; otherwise called a web address, especially
when utilized with HTTP) is a particular character string that constitutes a reference to an
asset. Most web programs show the URL of a website page over the page in an address bar.

The URL defines four things : protocol , host computer , port and path as shown in above
figure.
Protocol
The protocol is the client/server program used to retrieve the document. Many different
protocols can retrieve a document; among them are FTP or HTTP. The most common today
is HTTP.
Host
The host is the computer on which the information is located, although the name of the
computer can be an alias. Web pages are usually stored in computers, and computers are
given alias names that usually begin with the characters "www". This is not mandatory,
however, as the host can be any name given to the computer that hosts the Web page.
Port
The URL can optionally contain the port number of the server. If the port is included, it is
inserted between the host and the path, and it is separated from the host by a colon.
Path
Path is the pathname of the file where the information is located.
Function of WWW
 The WWW works by establishing hypertext/hypermedia links between documents
anywhere on the network.
 A document might include many links to other documents held on many different
servers.
 Selecting any one of those links will take you to the related document wherever it is.
e.g. the references at the end of a paper might have hypertext links to the actual docu-
ments held elsewhere.

WWW Hyperlinks
Hyperlinks can link a part of a hypermedia document to
 another part of the same document file.
 another document file on the same server computer.
 another document file on a server computer located elsewhere in the
world.

HTTP
The Hypertext Transfer Protocol (HTTP) is a protocol used mainly to access data on the
World Wide Web. HTTP functions as a combination of FTP and SMTP. It is similar to FTP
because it transfers files and uses the services of TCP. However, it is much simpler than FTP
because it uses only one TCP connection. There is no separate control connection; only data
are transferred between the client and the server.

HTTP uses the services of TCP on well-known port 80.

HTTP Trasanction
HTTP itself is a stateless protocol. The client initializes the transaction by sending a request
message. The server replies by sending a response.
Messages
A request message consists of a request line, a header, and sometimes a body. A response
message consists of a status line, a header, and sometimes a body.

Request and Status Lines

The first line in a request message is called a request line; the first line in the response
message is called the status line.
HTTP Methods
HTTP allows an open-ended set of methods to be used to indicate the purpose of a request.
The three most often used methods are GET, HEAD, and POST.

The GET Method

The GET method is used to ask for a specific document - when you click on a hyperlink,
GET is being used. GET should probably be used when a URL access will not change the
state of a database (by, for example, adding or deleting information) and POST should be
used when an access will cause a change. The semantics of the GET method changes to a
"conditional GET" if the request message includes an "If-Modified-Since:" header field.
The HEAD Method is used to ask only for information about a document, not for the
document itself. HEAD is much faster than GET, as a much smaller amount of data is
transferred. It's often used by clients who use caching, to see if the document has changed
since it was last accessed. If it was not, then the local copy can be reused, otherwise the
updated version must be retrieved with a GET. The meta-information contained in the HTTP
headers in response to a HEAD request should be identical to the information sent in
response to a GET request.

The POST Method

The POST method is used to transfer data from the client to the server; it's designed to allow
a uniform method to cover functions like: annotation of existing resources; posting a message
to a bulletin board, newsgroup, mailing list, or similar group of articles; providing a block of
data (usually a form) to a data-handling process; extending a database through an append
operation.
The Status Code
The status code field used in the response message is similar to those in the FTP and the
SMTP protocols. It consists of three digits. Whereas the codes in the 100 range are only
informational, the codes in the 200 range indicate a successful request.

Status Phase
This field is used in the response message. It explains the status code in text form.

HEADER

The header exchanges additional information between the client and the server. The header
can consist of one or more header lines. Each header line has a header name, a colon, a space,
and a header value.
A header line belongs to one of four categories: general header, request header, response
header, and entity header. A request message can contain only general, request, and entity
headers. A response message, on the other hand, can contain only general, response, and
entity headers.
General Header
The general header gives general information about the message and can be present in both a
request and a response.

Request Header
The request header can be present only in a request message. It specifies the client's
configuration and the client's preferred document format.
Response Header
The response header can be present only in a response message.It specifies the server's
configuration and special information about the request.

Entity Header
The entity header gives information about the body of the document. Although it is mostly
present in response messages, some request messages, such as POST or PUT methods, that
contain a body also use this type of header.

Body
The body can be present in a request or response message. Usually, it contains
the document to be sent or received.

Search Engines
A web search engine is a software system that is designed to search for information on the
World Wide Web. The search results are generally presented in a line of results often referred
to as search engine results pages (SERPs).
The information may be a mix of web pages, images, and other types of files. Some search
engines also mine data available in databases or open directories.
Unlike web directories, which are maintained only by human editors, search engines also
maintain real-time information by running an algorithm on a web crawler.
A Web crawler is an Internet bot that systematically browses the World Wide Web, typically
for the purpose of Web indexing. A Web crawler may also be called a Web spider, an ant,
an automatic indexer, or (in the FOAF software context) a Web scutter.
Web search engines and some other sites use Web crawling or spidering software to update
their web content or indexes of others sites' web content. Web crawlers can copy all the pages
they visit for later processing by a search engine that indexes the downloaded pages so that
users can search them much more quickly.

E-Commerce And Security Issues

What is E-Commerce:
 The integration of communications, data management, and security technologies to
allow individuals and organizations to exchange information related to the sale of
goods and services.
 Electronic commerce, commonly known as E-commerce or e-Commerce, is trading
in products or services using computer networks, such as the Internet.
 Electronic commerce draws on technologies such as mobile commerce, electronic
funds transfer, supply chain management, Internet marketing, online transaction
processing, electronic data interchange (EDI), inventory management systems, and
automated data collection systems.
Major function of E- commerce includes
 the buying of goods,
 the selling of goods, and
 performance of financial transactions on the Internet.
E-Commerce advantages for Business
 Reduced Costs
 Increased Customer Satisfaction
 More Effective Data Management
 Potentially Higher Sales
E-Commerce advantages for Consumers
 Convenience
 Easier Comparison Shopping
 Wider Selection of Goods
E-Commerce Risk for Business
 Need for a robust, reliable web site
 Fraudulent transactions
 Customer reluctance to purchase online
 Increased competition
E-Commerce for Consumers
 Possible Security Issues
  Possible Privacy Issues
 Purchasing from photos & descriptions
 Possible difficulty with returns
Data in a database of e-commerce are very important. We must assure their security
completely. Through the analysis on the process of users’ registration and retrieving
password, the security problems existing in databases of traditional e-commerce are
explained. Then it points out that it is difficult to ensure the security of the e-commerce
system by using a single encryption technology. On the basis the technologies of symmetrical
encryption and asymmetrical encryption are introduced.
An e-commerce system is a trading platform which sets up in a more open network
environment. The transaction process is broadly divided into user registration, user login,
purchasing merchandise, online payment and so on. When user information is transmitted in
the web it may be stealed by hackers or other people with ulterior motives and will result in
property loss. Therefore ensuring the security and integrity of basic information of users is
the basis for the smooth conduct of e-commerce.
Security is on the mind of every e-commerce entrepreneur who solicits, stores, or
communicates any information that may be sensitive if lost. An arms race is underway:
technologists are building new security measures while others are working to crack the
security systems. One of the most effective means of ensuring data security and integrity is
encryption.

E-Commerce Security
Encryption is a generic term that refers to the act of encoding data, in this context so that
those data can be securely transmitted via the Internet.
Encryption can protect the data at the simplest level by preventing other people from reading
the data. In the event that someone intercepts a data transmission and manages to deceive any
user identification scheme, the data that they see appears to be gibberish without a way to
decode it.
Encryption technologies can help in other ways as well, by establishing the identity of users
(or abusers); control the unauthorized transmission or forwarding of data; verify the integrity
of the data (i.e., that it has not been altered in any way); and ensure that users take
responsibility for data that they have transmitted.
Encryption can therefore be used either to keep communications secret (defensively) or to
identify people involved in communications (offensively).
Secure E-Commerce transactions use the encryption technologies below:
 Symmetric-key Encryption
 Asymmetric-key Encryption
Symmetric-key Encryption
The basic means of encrypting data involves a symmetric cryptosystem. The same key is
used to encrypt and to decrypt data.

When sending information, it will be encrypted through certain algorithms and keys and the
original information will be changed into ciphertext. When receiving information, it will be
decrypted with the same algorithms and keys and ciphertext will be restored.

Symmetric Encryption

At present the most widely used symmetric encryption algorithm is DES (Data Encryption
Standard ) algorithm proposed by the IBM company. DES is a binary data encryption
algorithms.
The advantages of symmetric encryption are fast speed, high efficiency. It is widely used in
encryption of large amount of data.
The disadvantages are that keys are easily intercepted when they are transmitted on the
network. That will pose a threat to information security.
Therefore when using symmetric encryption the security of key transmission need be
graranteed.
Asymmetric Key Encryption
Public Key Encryption, or asymmetric encryption, is much more important than symmetric
encryption for the purposes of e-commerce. The big improvement wrought by Public Key
Encryption was the introduction of the second key - which makes a world of difference in
terms of protecting the integrity of data. Public Key Encryption relies on two keys, one of
which is public and one of which is private. If you have one key, you cannot infer the other
key.

 We can see that in the asymmetric encryption technology key is decomposed into a
pair
 (private key and public key). Thereinto private key belongs to the owner of key pair
and others do not know.
 Public key is open and everyone can know. Information encrypted by public key can
be decrypted only by the corresponding private key.
 Information encrypted by private key can be decrypted only by the corresponding
public key.
 Asymmetric-Key Encryption
Typical asymmetric encryption algorithm is the RSA algorithm . The algorithm is proposed
by R. Rivest, A.Shamir and L. Adleman from the Massachusetts Institute of Technology. It
builds on the basis of the theories of decomposition of large numbers and detection of prime
numbers.
The most common use of PKE for e-commerce involves the use of so-called Digital
Certificates issued by "trusted" third parties.
Digital Certificates
 Digital certificates are digital files that certify the identity of an individual or
institution seeking access to computer-based information. In enabling such access,
they serve the same purpose as a driver’s license or library card.
 The digital certificate links the identifier of an individual or institution to a digital
public key.
 The certificate includes information about the key, information about its owner's
identity, and the digital signature of an entity that has verified the certificate's
contents are correct.
 If the signature is valid, and the person examining the certificate trusts the signer,
then they know they can use that key to communicate with its owner.
 In a typical public-key infrastructure (PKI) scheme, the signer is a certificate
authority (CA), usually a company such as VeriSign which charges customers to issue
certificates for them.
How these certificates are issued
Digital certificates are issued by certificate authorities, just as state governments issue
driver’s licenses. There are several public companies in the business of issuing certificates.
Also, many campuses are setting up their own certificate authorities and issuing certificates to
their faculty members, staff, and students. This is similar to campuses issuing ID cards to the
members of their communities. How campuses issue certificates will depend on the technical
infrastructure and institutional policies that are established. Certificate authorities are
responsible for managing the life cycle of certificates, including their revocation.
Digital Signatures
 A digital signature is a mathematical scheme for demonstrating the authenticity of a
digital message or document.
 A valid digital signature gives a recipient reason to believe that the message was
created by a known sender, such that the sender cannot deny having sent the message
(authentication and non-repudiation) and that the message was not altered in transit
(integrity).
 Digital signatures are commonly used for software distribution, financial transactions,
and in other cases where it is important to detect forgery or tampering.
 Digital signatures are based on a combination of the traditional idea of data hashing
with public-key based encryption. Most hash functions are similar to encryption
functions; in fact, some hash functions are just slightly modified encryption functions.
 The digital equivalent of a handwritten signature or stamped seal, but offering far
more inherent security, a digital signature is intended to solve the problem of
tampering and impersonation in digital communications.
 Digital signatures can provide the added assurances of evidence to origin, identity and
status of an electronic document, transaction or message, as well as acknowledging
informed consent by the signer.
How digital signatures work ?
Digital signatures are based on public key cryptography, also known as asymmetric
cryptography. Using a public key algorithm such as RSA, one can generate two keys that are
mathematically linked: one private and one public. To create a digital signature, signing
software (such as an email program) creates a one-way hash of the electronic data to be
signed. The private key is then used to encrypt the hash. The encrypted hash -- along with
other information, such as the hashing algorithm -- is the digital signature. The reason for
encrypting the hash instead of the entire message or document is that a hash function can
convert an arbitrary input into a fixed length value, which is usually much shorter. This saves
time since hashing is much faster than signing.
The value of the hash is unique to the hashed data. Any change in the data, even changing or
deleting a single character, results in a different value. This attribute enables others to
validate the integrity of the data by using the signer's public key to decrypt the hash. If the
decrypted hash matches a second computed hash of the same data, it proves that the data
hasn't changed since it was signed. If the two hashes don't match, the data has either been
tampered with in some way (integrity) or the signature was created with a private key that
doesn't correspond to the public key presented by the signer (authentication).

Applications of digital signatures

As organizations move away from paper documents with ink signatures or authenticity
stamps, digital signatures can provide added assurances of the evidence to provenance,
identity, and status of an electronic document as well as acknowledging informed consent and
approval by a signatory.
some common reasons for applying a digital signature to communications:
Authentication
Digital signatures can be used to authenticate the source of messages. When ownership of a
digital signature secret key is bound to a specific user, a valid signature shows that the
message was sent by that user.
Integrity
The sender and receiver of a message may have a need for confidence that the message has
not been altered during transmission.
Non-repudiation
Non-repudiation, or more specifically non-repudiation of origin, is an important aspect of
digital signatures. By this property, an entity that has signed some information cannot at a
later time deny having signed it. Similarly, access to the public key only does not enable a
fraudulent party to fake a valid signature.
As the digital signature process is central to the idea of a digital certificate - and in turn, the
digital certificate is the primary tool to ensure e-commerce security.

Emerging Trends in Information Technology

In recent years, we have seen a surge of new concepts in the field of Information
Technology. Technologies are getting outdated in just a few years or even months. Some of
the emerging trends in Information Technology are namely Visual Information Gratification,
Silent Sound Technology, 4G and Cell-All.
What is Internet telephony?
 IP telephony (Internet Protocol telephony) is a general term for the technologies that
use the Internet Protocol's packet-switched connections to exchange voice, fax, and
other forms of information that have traditionally been carried over the dedicated cir-
cuit-switched connections of the public switched telephone network (PSTN).
 IP Telephony is designed to scale over the whole Internet. It should offer an alternat-
ive to the PSTN, replicating the PSTN services and adding new ones.

This new type of telephony has introduced a more efficient method of transferring voice
signals other than our largest electronic communication medium, voice transmission lines.
This allows the elimination of circuit switching and the associated waste of bandwidth. In this
process the voice of the speaker is sent to the receiver in the form of packets and returns back
to its original form when it reaches the receiver. To change the voice into packets the voice is
converted to digital form from the analog form and later while receiving the digital voice
again converts back into the analog form. VoIP can be connected to any cell phone and also
can be used in a PC atmosphere.
Factors making Internet Telephony Possible
 Voice quality is increasing, thanks to new codec technology.
 There are ongoing improvements in compression techniques.
 Full-duplex PC sound cards enable two-way simultaneous calls.
 The typical PC is getting more and more powerful, making it possible to perform pro-
cessor-intensive functions without specialized hardware.

Internet Telephony use a variety of signaling and multimedia protocols, including the Session
Initiation Protocol (SIP), the Media Gateway Control Protocol (MGCP), Megaco, and
the H.323protocol. H.323 is one of the earliest VoIP protocols, but its use is declining and it
is rarely used for consumer products.
Three Generation
 The first generation systems were introduced to enable voice conversations between
users with telephony software-equipped-computers. The software provides the func-
tions of data compression and translation to IP packets, and sends the packets over the
Internet to the destination computer where the process is reversed.
 The second generation emerged after the development of technologies which over-
came difficulties with PSTN interface protocols and the mapping of IP addresses to
E.164 phone numbers. Using servers at the ISP's premises, these systems enable a
user with a computer and an Internet connection to call any number on the PSTN.
 The third generation phone gateways makes Internet telephony start to receive serious
attention. These gateways provide a two-way interface between the PSTN and the In-
ternet and allow voice conversations between users with standard phones, without the
need of computers or Internet access.

Gateways are the key to bringing Internet telephony into the mainstream. By bridging the
traditional circuit-switched telephony world with the Internet, gateways offer the advantages
of Internet telephony to the most common, cheapest, most mobile, and easiest-to-use terminal
in the world: the standard telephone. Gateways also overcome another significant Internet
telephony problem, addressing. To address a remote user on a multimedia PC, you must
know the user's Internet Protocol (IP) address. To address a remote user with a gateway
product, you only need to know the user's phone number.

Ideal Internet Telephony should be

 high-volume call processing within and between public and private networks.
 high-volume, real-time translation between IP and circuit-switched networks.
 economic scaleability
 broad acceptance and implementation of standards

Virtual reality on the Web

Virtual reality is an artificial environment that is created with software and presented to the
user in such a way that the user suspends belief and accepts it as a real environment. On a
computer, virtual reality is primarily experienced through two of the five senses: sight and
sound.
The simplest form of virtual reality is a 3-D image that can be explored interactively at a
personal computer, usually by manipulating keys or the mouse so that the content of the
image moves in some direction or zooms in or out. More sophisticated efforts involve such
approaches as wrap-around display screens, actual rooms augmented with wearable
computers, and haptics devices that let you feel the display images.
Virtual reality can be divided into:
 The simulation of a real environment for training and education.
 The development of an imagined environment for a game or interactive story.
Popular products for creating virtual reality effects on personal computers include Bryce,
Extreme 3D, Ray Dream Studio, trueSpace, 3D Studio MAX, and Visual Reality. The Virtual
Reality Modelling Language (VRML) allows the creator to specify images and the rules for
their display and interaction using textual language statements.
A new, more accessible form of virtual reality delivered via the Web promises to let people
experience digital worlds in 3-D using head-mounted displays connected to a variety of
browser-enabled devices.
 Web VR is expected to offer the ability to move you from one immersive experience
to another with a click of the mouse, touch of the screen or nod of the head.
 Web VR will let software developers port their virtual worlds to the Web, making
them available for most VR hardware.
 Google and Mozilla are setting these wheels in motion within the next month or so
when they deliver updated Chrome and Firefox browsers that support Web VR.Face-
book’s $2-billion acquisition of VR headset maker Oculus VR earlier this year and
the release of relatively inexpensive headsets from Samsung and Google provide fur-
ther evidence that Web VR could be ready for wider use.

VR for the masses

Web VR has been around since the early 1990s, when virtual reality modeling language, or
VRML, aimed to allow the creation of virtual worlds—such as Second Life—linked together
via the Web. But VRML could only be rendered using heavy-duty graphics workstations
more likely found in a computer science lab or a data center than in one’s home. Although
work on VRML continues, this first attempt was way ahead of the hardware.
Virtual reality, actual software
In addition to interesting content Web VR’s success depends on widespread browser support
and the ability to find this content.
New authoring tools in Chrome and Firefox should make it easier for Web developers to
enable Web VR on their sites for those browsers. Glam, an open-source project led by VRML
pioneer will let you use HTML-like tags and cascading style sheets, the basic tools of Web
design, to create virtual worlds. And Unity, a popular 2-D and 3-D game-authoring tool, will
support Web VR in an upcoming release. "We really believe that the Web could be the killer
platform for virtual reality," Mozilla’s Carpenter says. "It is open, wild and creative."
Intranet ,Extranet and Firewall
Intranet
 A private network based on Internet protocols such as TCP/IP but designed for in-
formation management within a company or organization.
 One of the key advantages of an intranet is the broad availability and use of software
applications unique to the needs of a corporation.
 It is also a computer network and includes some of the same technologies as the Inter-
net.
 Intranet uses include providing access to software applications; document distribu-
tion; software distribution; access to databases; and training.
 An intranet is so named because it looks like a World Wide Web site and is based on
the same technologies, yet is strictly internal and confidential to the organization and
is not connected to the Internet properly.
 Some intranets also offer access to the Internet, but such connections are directed
through a firewall that protects the internal network from the external Web.
 An intranet may host multiple private websites and constitute an important component
and focal point of internal communication and collaboration. Any of the well known
Internet protocols may be found in an intranet, such as HTTP (web ser-
vices), SMTP (e-mail), and FTP (file transfer protocol). Internet technologies are of-
ten deployed to provide modern interfaces to legacy information systems hosting cor-
porate data.
 An intranet can be understood as a private analog of the Internet, or as a private exten-
sion of the Internet confined to an organization. The first intranet websites and home
pages were published in 1991,and began to appear in non-educational organizations in
1994.
Extranet
 An extension of some combination of corporate, public, and private intranet using
World Wide Web technology to facilitate communication with the corporation’s sup-
pliers, customers, and associates.
 An extranet allows customers, suppliers, and business partners to gain limited access
to a company’s intranet in order to enhance the speed and efficiency of their business
relationship.
 An extranet is a computer network that allows controlled access from outside of an
organization's intranet.
 Extranets are used for specific use cases including business-to-business (B2B).
 In a business-to-business context, an extranet can be viewed as an extension of an or-
ganization's intranet that is extended to users outside the organization, usually part-
ners, vendors and suppliers, in isolation from all other.
 An extranet, then, is basically a private network designed specifically to allow these
individuals to communicate with you and your employees in a closed virtual space.
 Extranets serve an extremely important role, especially in marketing and tech indus-
tries but have been playing a major role in many different spaces.

Intranets are sometimes contrasted to extranets. While intranets are generally restricted to
employees of the organization, extranets may also be accessed by customers, suppliers, or
other approved parties. Extranets extend a private network onto the Internet with special
provisions for authentication, authorization and accounting (AAA protocol).
Relationship to an intranet an extranet could be understood as an intranet mapped onto the
public Internet or some other transmission system not accessible to the general public, but
managed by more than one company's administrator(s).
Extranet = Internet + intranet
Firewall
 The term firewall has been around for quite some time and originally was used to de-
fine a barrier constructed to prevent the spread of fire from one part of a building or
structure to another.
 Network firewalls provide a barrier between networks that prevents or denies un-
wanted or unauthorized traffic.
  A Network Firewall is a system or group of systems used to control access between
two networks -- a trusted network and an untrusted network -- using pre-configured
rules or filters.
 A computer system or network firewall is designed to permit authorized communica-
tions while blocking unauthorized access.
 Firewalls are technological barriers designed to prevent unauthorized or unwanted
communications between computer networks or hosts.

Firewall
A firewall is usually classified as a packet-filter firewall or a proxy-based firewall.
Packet-Filter Firewall
A firewall can be used as a packet filter. It can forward or block packets based on the
information in the network layer and transport layer headers: source and destination
IP addresses, source and destination port addresses, and type of protocol (TCP or UDP).
A packet-filter firewall is a router that uses a filtering table to decide which packets
must be discarded
  Incoming packets from network 131.34.0.0 are blocked (security precaution). Note
that the * (asterisk) means "any."
 Incoming packets destined for any internal TELNET server (port 23) are blocked.
 Incoming packets destined for internal host 194.78.20.8 are blocked. The organization
wants this host for internal use only.
 Outgoing packets destined for an HTTP server (port 80) are blocked. The organiza-
tion does not want employees to browse the Internet.
A packet.filter firewall filters at the network or transport layer.

Proxy Firewall
Sometimes we need to filter a message based on the information available in the message
itself (at the application layer). As an example, assume that an organization wants to
implement the following policies regarding its Web pages: Only those Internet users who
have previously established business relations with the company can have access; access to
other users must be blocked. In this case, a packet-filter firewall is not feasible because it
cannot distinguish between different packets arriving at TCP port 80 (HTTP). Testing must
be done at the application level (using URLs).
One solution is to install a proxy computer (sometimes called an application gateway), which
stands between the customer (user client) computer and the corporation computer.

When the user client process sends a message, the proxy firewall runs a server process to
receive the request. The server opens the packet at the application level and finds out if the
request is legitimate. If it is, the server acts as a client process and sends the message to the
real server in the corporation. If it is not, the message is dropped and an error message is sent
to the external user. In this way, the requests of the external users are filtered based on the
contents at the application layer.
 A proxy firewall filters at the application layer.
What Firewalls Do ?
Positive Effects
 User authentication. Firewalls can be configured to require user authentication. This
allows network administrators to control ,track specific user activity.
 Auditing and logging. By configuring a firewall to log and audit activity,
information may be kept and analyzed at a later date.
 Anti-Spoofing - Detecting when the source of the network traffic is being "spoofed",
i.e., when an individual attempting to access a blocked service alters the source
address in the message so that the traffic is allowed.
 Network Address Translation (NAT) - Changing the network addresses of devices
on any side of the firewall to hide their true addresses.
 Virtual Private Networks- VPNs are communications sessions traversing public
networks that have been made virtually private through the use of encryption
technology. VPN sessions are defined by creating a firewall rule that requires
encryption for any session that meets specific criteria.
Negative Effects
Although firewall solutions provide many benefits, negative effects may also be
experienced.
 Traffic bottlenecks. By forcing all network traffic to pass through the firewall, there
is a greater chance that the network will become congested.
 Single point of failure. In most configurations where firewalls are the only link
between networks, if they are not configured correctly or are unavailable, no traffic
will be allowed through.
 Increased management responsibilities. A firewall often adds to network
management responsibilities and makes network troubleshooting more complex.
 A firewall does not guarantee that your network is 100% secure.
 Firewalls cannot offer any protection against inside attacks. A high percentage of
security incidents today come from inside the trusted network.
 In most implementations, firewalls cannot provide protection against viruses or
malicious code. Since most firewalls do not inspect the payload or content of the
packet, they are not aware of any threat that may be contained inside.
 Finally, no firewall can protect against inadequate or mismanaged policies.
Books :
1. Data & Computer Communications, By William Stallings
2. Internetworking with TCP / IP, Principles, Protocols & Architecture, By
Douglas E.Comer.
3. Computer Networking Kurose and Ross.
4. Computer Networks, A system approach By Larry L.Peterson, Bruce S. Davie .
5. Data Communications and Networking By Behrouz A.Forouzan