17. The Internet - A Recap Flashcards
Summarise the 3 main reasons that CSAE offenders use the Internet
- Access to information/ advocacy and guidance (both aspects, both efforts to avoid re-offending and to be better at offending and avoiding detection)
- Access to CSAM
- Access to children
What is TCP / IP?
TCP/IP stands for Transmission Control Protocol/Internet Protocol. It’s a suite of networking protocols used for communication over the internet and other networks. TCP/IP defines how data is transmitted, routed, addressed, and received between devices on a network.
TCP (Transmission Control Protocol): TCP is a connection-oriented protocol responsible for reliable and ordered data transmission between devices. It establishes a connection between the sender and receiver, breaks data into packets, reassembles packets at the destination, and ensures data integrity through error checking and retransmission of lost packets if necessary.
IP (Internet Protocol): IP is a network layer protocol responsible for addressing and routing packets between devices on a network. It assigns unique IP addresses to devices and defines how data packets are forwarded from source to destination across multiple networks. Allows every device to be identified
What is IRC?
IRC Internet Relay Chat.
It’s a protocol that enables real-time text communication between users in chat rooms, called channels. Users connect to an IRC server using IRC client software, where they can join channels, chat with others, and exchange files. IRC has been around since the late 1980s and was one of the earliest forms of online chat. While its popularity has waned with the rise of other messaging platforms, IRC is still used today for certain communities and purposes - for CSA purposes usually more of a meeting place now than file sharing
What is NNTP?
The Network News Transfer Protocol (NNTP) is a protocol used for distributing, searching, retrieving, and posting news articles from Usenet newsgroups. Usenet is a distributed discussion system that emerged in the early 1980s, before the World Wide Web. NNTP allows clients to connect to servers and interact with Usenet services. It’s a text-based protocol similar to SMTP (Simple Mail Transfer Protocol) and operates on TCP/IP connections. While Usenet’s popularity has declined with the rise of web-based forums and social media, NNTP remains the standard protocol for accessing Usenet.
Still used for broadcasting CSA material
What is FTP?
The Network News Transfer Protocol (NNTP) is a protocol used for distributing, searching, retrieving, and posting news articles from Usenet newsgroups. Usenet is a distributed discussion system that emerged in the early 1980s, before the World Wide Web. NNTP allows clients to connect to servers and interact with Usenet services. It’s a text-based protocol similar to SMTP (Simple Mail Transfer Protocol) and operates on TCP/IP connections. While Usenet’s popularity has declined with the rise of web-based forums and social media, NNTP remains the standard protocol for accessing Usenet.
What is HTTP?
HTTP stands for Hypertext Transfer Protocol. It’s the foundation of data communication on the World Wide Web. HTTP is an application layer protocol used for transmitting hypermedia documents, such as HTML files, over the internet. It defines how messages are formatted and transmitted between web servers and clients, enabling the retrieval and display of web content in web browsers. HTTP operates on a client-server model, where a client (such as a web browser) sends requests to a server, and the server responds with the requested resources, such as web pages, images, or other files. HTTP is stateless, meaning each request from a client is independent and unrelated to previous requests.
What is telnet?
Telnet is a network protocol used for remote terminal connection. It allows a user to log into another computer on a network and interact with its command-line interface as if they were physically present at that computer’s terminal. Telnet operates on a client-server model, where the client program establishes a connection to the server, typically using TCP/IP, and then transmits keystrokes and receives responses from the remote system.
However, Telnet transmits data, including passwords, in plaintext, making it highly insecure. As a result, its usage has declined in favor of more secure protocols like SSH (Secure Shell), which encrypts data transmitted over the network, providing better security for remote terminal access.
What are the main protocols involved in email?
- SMTP (Simple Mail Transfer Protocol): SMTP is used for sending emails from the sender’s email client or server to the recipient’s email server. It handles the transfer of email messages between servers and specifies how email messages should be formatted and transmitted.
- POP3 (Post Office Protocol version 3): POP3 is used by email clients to retrieve emails from a mail server. It allows users to download emails from the server to their local device or client software. POP3 typically downloads emails to the client and removes them from the server, although some configurations allow for leaving copies on the server.pull protocol
- IMAP (Internet Message Access Protocol): IMAP is another protocol used by email clients to retrieve emails from a mail server. Unlike POP3, IMAP allows users to manage emails directly on the server without downloading them to the local device immediately. This allows for synchronization between multiple devices, such as smartphones, tablets, and computers, ensuring that changes made on one device are reflected on others.
- SMTPS (SMTP Secure): SMTPS is a secure version of SMTP that encrypts email data during transmission between email clients and servers, helping to protect sensitive information, such as email content and login credentials, from being intercepted by unauthorized parties.
These protocols work together to facilitate the sending, receiving, and management of email messages across the internet.
Describe IPv4 and IPv6 addresses
IPv4 addresses are the fourth version of Internet Protocol addresses, used to uniquely identify devices on a network. They consist of 32 bits, typically represented as four groups of decimal numbers separated by dots. For example, an IPv4 address might look like “192.0.2.1” due to the limited number of available addresses, IPv4 addresses are being gradually replaced by IPv6 addresses.
IPv6 addresses are the next generation of IP addresses designed to replace IPv4 addresses due to the exhaustion of IPv4 addresses. IPv6 addresses are 128 bits in length, written as eight groups of four hexadecimal digits separated by colons. For example, an IPv6 address might look like “2001:0db8:85a3:0000:0000:8a2e:0370:7334”. IPv6 allows for significantly more unique addresses than IPv4, providing better scalability and enabling the continued growth of the internet.
Describe the difference between dynamic and static IP addresses
Dynamic IP addresses are assigned to devices by a DHCP (Dynamic Host Configuration Protocol) server dynamically. These addresses can change over time, typically each time a device connects to the network or periodically based on lease durations set by the DHCP server. Dynamic IP addresses are commonly used by residential and small business internet connections, as they are more cost-effective and efficient in managing IP address allocation.
Static IP addresses, on the other hand, are manually configured and remain constant for a specific device. They do not change unless manually reconfigured by the network administrator. Static IP addresses are often used for servers, network devices, and services that require a fixed, predictable address, such as web servers, email servers, and DNS servers. While static IP addresses provide stability and consistency, they may require additional administrative overhead and cost compared to dynamic IP addresses.
What is the difference between public & private IP addresses?
The main difference between public and private IP addresses lies in their scope and usage:
- Public IP addresses:
- Public IP addresses are globally unique and routable over the internet.
- They are assigned to devices that are directly connected to the internet, such as web servers, email servers, and routers.
- Public IP addresses enable communication between devices on different networks across the internet.
- They are assigned by Internet Service Providers (ISPs) or network administrators and are used to identify devices on the public internet.
- Private IP addresses:
- Private IP addresses are used within private networks, such as home or office networks.
- They are not routable over the internet and are meant for internal communication within a network.
- Private IP addresses are reserved for use in private networks and are not unique globally. Multiple devices in different private networks can have the same private IP address.
- The most commonly used private IP address ranges are defined in RFC 1918 and include addresses from the following ranges:
- 10.0.0.0 to 10.255.255.255 (10.0.0.0/8)
- 172.16.0.0 to 172.31.255.255 (172.16.0.0/12)
- 192.168.0.0 to 192.168.255.255 (192.168.0.0/16)
In summary, public IP addresses are used for communication over the internet and are globally unique, while private IP addresses are used for internal communication within private networks and are not routable over the internet.
What is NAT & why can it be problematic for Law Enforcement?
NAT stands for Network Address Translation. It’s a technique used in computer networking to translate private IP addresses used within a local network into public IP addresses used on the internet, and vice versa. NAT allows multiple devices within a private network to share a single public IP address, conserving the limited pool of available public IP addresses.
NAT helps improve network security by hiding the internal IP addresses of devices within a private network from external networks. Additionally, it helps conserve public IP addresses, which are a limited and valuable resource.
BUT this means many internal IP addresses may share on public IP address making it impossible to attribute to an individual device
What is a Software Port?
A software port is a communication endpoint used by networking protocols to identify specific services or applications running on a computer. Ports are numbered addresses that allow multiple services to operate on a single network interface simultaneously. They facilitate the communication between different applications or services over a network.
Ports are categorized into two main types:
- Well-known ports: These are reserved ports ranging from 0 to 1023 and are assigned to specific services or protocols by the Internet Assigned Numbers Authority (IANA). For example, port 80 is commonly used for HTTP (Hypertext Transfer Protocol) web traffic, while port 443 is used for HTTPS (HTTP Secure) traffic.
- Dynamic or ephemeral ports: These are temporary ports used by client applications when communicating with servers. They range from 1024 to 65535 and are dynamically assigned by the operating system to outbound connections. Once the communication session ends, these ports are released and made available for reuse.
Ports work in conjunction with IP addresses to direct network traffic to the appropriate application or service. When data packets are transmitted over a network, they include both the destination IP address and port number. The receiving device uses this information to route the packets to the correct application or service based on the specified port number.
For example, when you type a website’s URL into your web browser and press Enter, your browser initiates a connection to the web server’s IP address on port 80 (or port 443 for HTTPS). The server then receives the request on port 80 and responds by sending back the requested web page or data to your browser through the same port.
What is a Protocol?
A protocol is a set of rules and conventions that govern the communication and interaction between different devices, systems, or entities in a networked environment.
Enables communication between devices / systems / entities.
RFCs define the protocols
E.G RFC 1122 defines tcp / ip protocols
RFC - Request for comment - a sort of manual of the internet.
What is the client - server model?
In this model, clients request services or resources from servers, which fulfill those requests and return the results to the clients.
Key characteristics of the client-server model include:
- Client: A client is a computing device or software application that initiates requests for services or resources from servers. Clients can be desktop computers, laptops, smartphones, or other devices. They typically run client software that communicates with servers over a network.
- Server: A server is a computing device or software application that provides services or resources to clients upon request. Servers are dedicated machines optimized for handling multiple client requests simultaneously. They typically run server software that listens for incoming client requests and processes them accordingly.
- Communication: Clients and servers communicate with each other using predefined protocols and network protocols such as TCP/IP. Clients send requests to servers, which process the requests and return responses back to the clients.
- Roles: In the client-server model, clients and servers have distinct roles and responsibilities. Clients initiate requests, provide user interfaces, and process responses received from servers. Servers manage shared resources, execute requested services, and respond to client requests.
- Scalability: The client-server model supports scalability, allowing multiple clients to access services provided by multiple servers simultaneously. This scalability enables efficient resource sharing and distribution of computing tasks across the network.
Common examples of client-server applications include web browsing (with web browsers acting as clients and web servers as servers), email (with email clients and email servers), file sharing (with file transfer clients and file servers), and database management (with database clients and database servers).
