Wednesday, June 04, 2008

The Ecommerce Architecture

Learning & Understanding Ecommerce Infrastructure

Cheswick/Burch Map of the Internet

Introduction


The main reason why Plow of the Sea, Inc [PotS], a small but prospering corporation has hired me, as a Networking Security Engineer [NSE], it is that the top management has recently decided to develop a competitive ecommerce or eBusiness presence. One of my main goals was to obtain the adequate executive level support for designing and implementing the networking security policy and conduct an enterprise wide security, education and awareness program. Even though, for the most part the network architecture has been already implemented, its security has not been properly developed, possibly because the lack of staff training or awareness about the importance that information systems security plays in the success of PotS, Inc’s ecommerce ventures. In this blog post, I am briefly identifying, describing and discussing the main topologies that are used to design and implement networks and internetworks that facilitate commercial online or web transactions and for such they can be considered as the network infrastructure and the bare bones of the ecommerce (Course, 2008).

Exploring Networks


At the very beginning of our journey into the realms of networking security, we need to understand the network topologies, that infrastructure whereby the exchange of information remotely or locally is carried on. However, firstly what really is a network? Especially nowadays, when it seems that everything is connected or networked somehow, as our personal information appears to be spinning around the globe many times within a gamut of disparate computing devices, cables and airwaves. Panko (2005); a consultant that has been working for the Whitehouse, gives us a very comprehensive definition of it, he states: “A network is a system of hardware, software, and transmission components that collectively allow two applications programs on two different stations connected to the network to communicate well.” (p. 3, chap 1), I also have another definition, a network is an interconnection of devices to form a pathway on which to exchange a signal, perhaps this concept is the reason why we call a small telephone network an “exchange”.

As we are exploring these concepts in some depth, with the aim to understand how network security is making our personal information and privacy safer, I would like to add that once upon a time and not too long ago, experts were talking about the phenomenon of convergence. During those times corporations needed to have two separate networks, one for voice and video, and other for data. Now with Voice over IP [VoIP], YouTube, Google, mobile wireless connections, Radio-Frequency Identification [RFID], Automatic Identification and Mobility (AIM) et al., convergence seems to be a done deal and corporations nowadays only need to implement one single enterprise network as a solution for all their telecommunications and data networking needs (Panko, 2003). Therefore, we should discuss networking topologies to increase our awareness over the network infrastructure and the challenges therein about its protection.

Network topologies

Barabási & Réka (1999) implied that the difficulties to describe, and for such to understand, complex networks rest in their topologies (p. 2-11), therefore is not a bad idea at all to become familiar with some of the nuances behind network topologies. Experts refer to network topologies when they are describing configurations of connected computers or information systems [IS]. This terminology can lead to confusions, for instance there are two types of networking topologies: [1] physical and [2] logical (or signal topology) logical topology describes the methods and algorithms used to pass information among computer and network components (Tomasi, chap. 17, p. 515). I usually differentiate these two topologies by thinking in the differences therein between hardware and software. Hardware is anything that can be touched, i.e., tangible; and software is those several sequences of instructions that it is used to process data for obtaining desired information, and for such is intangible (the spirit in the machine). It just flows from one point to other, in a stream of a bunch of zeros and ones, and so we are able to save it in many formats, within those various network components and storage devices, whether locally or remotely elsewhere.

Network design & Physical Topology

Once we have identified and evaluate our business concerns and opportunities in terms of desired data processing capacity, information transaction volume requirements and communications needs, we are in the position to design the information system that shall meet the demands imposed by those needs and requirements. The first step is to figure out what are the hardware and software elements that could substantiate the business model for putting the ecommerce site into ‘massive’ motion. Once we have identified and acquired the necessary resources, its time for assembling the network and so the need to arrange and organize these components so they can interoperate well.

Physical topology is the layout and configuration assigned by the system designers to connect two o more devices for sharing information over the network. The Physical topology involves the distribution of devices in a geometrically manner (segmentation) and within a determined geographically area; for example a network can consists of a minimum of two computers or nodes [although nowadays this is highly unlikeable] (Tomasi, 2005,). In fact, all devices or components that can be assigned an address in a Transfer Control Protocol [TCP]/Internet Protocol [IP] network are called nodes. Today connecting two computers is a task that is a piece of cake, but back in those “snickernet” times, two computers connected were considered a real deal, and it did not matter if just they were physically located next to each other.

Two computers, (Personal Computers) PC-to-PC can be connected via Network Interface Cards [NICs], transceivers (Homan, 1998), Universal Serial Bus [USB], serial or parallel ports. Today some people still using this type of connection throughout Universal Twisted-Pair [UTP] Crossover cables, USB cables, or wirelessly, using the ad-hoc mode or Bluetooth, because several different reasons propel them to do so (Russell, 2000, Chap. 4). In reality, the three main types of layouts and their combination thereof define the ABC of the configuration and wiring in networking the physical topology. Thus, we have the following main topologies: [A] Star, [B] Bus, and [C] Ring (Hassing, Kent, & Johnson, 2003).

The differences among Physical Topology


‘Addressing’ in a Local Area Network or LAN for short, changes according to the type of topology selected; LAN addressing could be unicast, one device; multicast, many devices; and broadcast, all devices. For example, the primary feature of the Star topology is that computers are linked to a central device; to either a hub or a switch (just the name of concentrators or electronic boxes use signal distribution), in a point-to-point direct connection. All transmissions enter this central device and are forwarded to all ongoing links. However, there are hubs that are more capable. The smart or managed hubs that allow the configuration of users’ access points for LAN connectivity, for instance, the Cisco’s 1500 Microhub series. Notwithstanding, the central device that is most often used today is the “switch”, this device could detect and save the Media Access Control address [MAC address] from the computers’ NIC cards connected to the network. A switch is able to forward the message, in this case, the frame, to a specific destination. Switches also can be managed, or unmanaged, it all depends of your budget and needs. The Cisco’s Catalyst family switches are managed via the proprietary operating systems [OS] developed by Cisco, called Internetwork OS [IOS]. Hubs are considered a layer 1 devices (by the International Organization for Standardization [ISO [not an acronym, but an Etymological denomination, from the Latin word “iso” meaning equal or standard as applied to all] Open Systems Interconnect [OSI] Reference Model [RM]); as switches are mostly considered Layer 2 (Data link) devices because they use and are able to build a MAC addresses table from the connected computers in the local network. The MAC address is a six hexadecimal number that is edged permanently in each NIC card. This number identifies physically each device in a network. By the way, the IP addresses are considered the logical addresses of the devices (an IP is temporally assigned to the node and can be reassigned). In contrast to the MAC addresses that are seen as the physical address and that cannot be reassigned or this we suppose, there are programs that can modify the MAC address by masking them in away.

Star topology seems to be ideal for troubleshooting since all traffic necessarily needs to flow into the central node, be either this facilitate by a switch or a hub, and thus appears to be very manageable for a small amount of devices and can be easily expanded or scaled as well. For instance, time-sharing systems, database management and word-processing systems are generally configured with a star topology.

The major inconvenience of the star topology is that the network is reliable as the central node or device. If the switch or hub fails then the network also fails, since the other computer would not have ways to contact one to other. Therefore, a central device is a critical resource, because a start network topology will be unable to function at all without it. A centralized network has the syndrome of the always avoided and feared “single point of failure”. This topology is capable of implementing Ethernet or LocalTalk. (Russell, 2005)

Bus topology is a multipoint or multidrop configuration whereby computers are interconnected to a single shared communication channel or transmission medium, thence its name of Bus. Its length is limited because certain attenuation problems; that is, the signals become weaker as they travel throughout the cables o more exactly, the wires. However, weaken signals can be enhanced and boosted by perusing repeaters and/or bridges. In this case the most critical resource is the ‘bus’ itself, because if it would get damaged and depending how and were, it could make the whole network inoperable as well. On the positive side, bus topology networks do not need routing information to be stored or retransmitted, as consequence, all that overhead is gone. However, as the traffic increases, collisions [crashes] among computers also will increase, thus a contention strategy has been ideated under the name of: Carrier Sense Multiple Access with collision Detection [CSMA/CD]. Scalability, is the main issue for the bus topology, it seems cumbersome, to find cables over the ceiling, on the wall or under the floor to connect another computer, this is why wireless networks seem to be such a blessing.

Developers have implemented other topologies to facilitate the expansion of bus network topology, called the Tree topology, consisting in adding more bus segments as a way of branching further the network. For Bus topology and Tree or Hierarchical topology, it is employed the Ethernet standard, this topology is suitable for the utilization of Ethernet and LocalTalk. (Russell, 2000).

Ring topology is a daisy-chained group of connected computers, in which one computer is connected to the other forming a circle or loop. Ring topology facilitates the transmission of messages in one way, one computer to the next, either in counterclockwise or clockwise direction, until the message reaches its final destination. Ring topology devices have to states: Listen or transmitting mode (aided by a signal, i.e., the token). The downside of the Ring topology is that almost every computer needs to retransmit the message (Hassing, Kent, & Johnson, 2003).

From these basic types of network topologies, other types of topologies are generated, such as partial and full mesh, double ring and a combination of two or more topologies, i.e., hybrid topologies. When a router, a layer 3 (of the ISO-OSI-RM) device is used, the network is able to forward packets to other networks, thus in how you are connect to the Internet [the global network made out of networks and for such the host of all the webs]. These types of topologies can then be joined over large geographical areas, constituting internetworks or networks of networks, call accordingly, Wide Area Networks [WAN], Metropolitan Area Networks [MAN], Campus Area Network [CANs] Global Area Networks [GAN] and finally, there we are, the Internet.

Conclusion

One of the main goals of networking security engineering is to bring the highest level possible of information assurance, ciphered in three main areas of information security confidentiality, availability, & integrity. By setting correctly the aforementioned topologies, the designers are being able to understand how to improve the security of the system and reduce the risks therein (Tomasi, 2005; Panko 2005).

For example, ideally, from the very beginning of the network design, and as a networking security engineer [NSE], I recommend the identification of security controls, constrains, requirements and features that would have matched the business requirements. Thus, I am increasing the likelihood that the PotS’s Local Area Networks [LANs] and Wide Area Network [WAN] would be able to operate as intended in the first place. Now, the challenges that we face ahead for initiating the PotS eBusiness venture, are issues associated with risk management, i.e., system’s reliability [downtimes], network management, scalability and performance, and how to offer a level of security for customers so they would be able to feel comfortable to buy products and/or order services from the PotS’s e-catalogue via online services.

References

Barabási, A. & Réka, A. (1999 October 21). Emergence of Scaling in Random Networks. Department of Physics, Notre-Dame, IN: University of Notre-Dame. Retrieved, January 8, 2008, from http://arxiv.org/PS_cache/cond-mat/pdf/9910/9910332v1.pdf.

Hassing, K., Kent, A. K., & Johnson, G. (2003). CCNA 1 & 2 Companion Guide, 3rd Edition. Cisco Networking Academy Program Indianapolis, IN: 2003.

Homan, C. (1998 October 19). NICs and Transceivers: Overview. UCDavis Network 21. Retrieved, January 8, 2008, from http://net21.ucdavis.edu/nic21rec.htm.

Panko R. R. (2005). Business Data Networks and Telecommunications, 5th Edition. Upper Saddle River, NJ: Prentice Hall- Pearson Education, Inc.

Russell, T. (2000). Telecommunications Pocket Reference. New York, NY: McGraw- Hill Companies.

Tomasi, W. (2005). Introduction to Data communications and Networking, Upper Saddle River, NJ: Pearson Prentice Hall, Inc.

Plowed Results | Resultados Arados