The job of the data link layer is to provide services to the network layer. The main service is the transfer of data from the network layer of the sending machine to the network layer of the receiving machine. The sending machine runs an entity, or process, that transfers bits from the network layer to the data transfer layer for transmission to their destination. The job of the data link layer is to transmit these bits to the receiving machine so that they can be passed on to the network layer of the receiving machine, as shown in Figure 1. 3.2, a. In reality, data is transferred along the path shown in Fig. 3.2, b, however, it is easier to imagine two data transfer levels communicating with each other using a data transfer protocol. For this reason, the model shown in Fig. 1 will be used throughout this chapter. 3.2, a.

The data link layer can provide various services. Their set may be different in different systems. Typically the following options are possible.

1. Service without confirmation, without establishing a connection.

2. Service with confirmations, without establishing a connection.

3. Connection-oriented confirmation service.

Let's consider these options in turn.

An acknowledgmentless and connectionless service means that the sending machine sends independent frames to the receiving machine, and the receiving machine does not send acknowledgment of frame reception. No connections are established in advance and are not broken after frames are transmitted. If any frame is lost due to line noise, no attempt is made at the data link level to recover it. This class of service is acceptable with a very low error rate. In this case, issues related to the recovery of data lost during transmission can be left to the upper levels. It is also used in real-time communications links, such as voice, where it is better to receive corrupted data than to receive it with a long delay. An acknowledgment-free, connection-less service is used in the data layer of most local networks.

The next step towards increasing reliability is a service with confirmations, without establishing a connection. When using it, the connection is also not established, but the receipt of each frame is confirmed. This way, the sender knows whether the frame has reached its destination safely. If no acknowledgment is received within the specified time interval, the frame is sent again. This service is useful when using channels with a high probability of errors, for example, in wireless systems.

It should probably be noted that providing confirmations is an optimization rather than a requirement. The network layer can always send a packet and wait for confirmation of its delivery. If confirmation is not received by the sender within the specified period of time, the message may be sent again. The problem with this strategy is that frames usually have a hard maximum length limit due to hardware requirements. Network layer packets do not have such restrictions. Thus, if the average message is broken up into 10 frames and 20% of them are lost along the way, then transmitting the message using this method can take a very long time.

By acknowledging the receipt of individual frames and resending them in case of an error, the entire message will take much less time to be transmitted. On a reliable link such as a fiber optic cable, the overhead of acknowledgments at the data link will only reduce the throughput of the link, but for wireless communications, such overhead will pay off and reduce the transmission time of long messages.

The most complex service that the data layer can provide is the connection-oriented acknowledgment service. When using this method, the source and receiver establish a connection before transmitting data to each other. Each frame sent is numbered, and the link layer ensures that each frame sent is actually received on the other side of the communication channel. It also ensures that each frame is received only once and that all frames are received in the correct order. In a connectionless service, on the other hand, it is possible that if an acknowledgment is lost, the same frame will be sent multiple times and therefore received multiple times. A connection-oriented service provides network layer processes with the equivalent of a reliable bit stream.

When using a connection-oriented service, data transfer consists of three different phases. In the first phase, the connection is established, with both sides initializing the variables and counters needed to keep track of which frames have already been received and which have not yet been received. In the second phase, data frames are transmitted. Finally, in the third phase, the connection is closed and all variables, buffers and other resources used during the connection are released.

Consider a typical example: a wide area network consisting of routers connected from node to node by dedicated telephone lines. When the frame arrives at the router, the hardware checks it for errors (using a method we'll explore in a moment) and passes the frame to the data link software (which may be embedded in the network card chip). The data link program checks whether the frame is the one expected and, if so, passes the packet stored in the frame's payload field to the routing program. The routing program selects the desired outgoing link and passes the packet back to the data link program, which forwards it further along the network. The passage of a message through two routers is shown in Fig. 3.3.

Routing programs often require the job to be done correctly, that is, they need a reliable connection with ordered packets on all the lines connecting the routers. Such programs are usually not liked if you have to worry about lost packets too often. Making unreliable lines reliable, or at least fairly good, is the job of the data link layer, shown in the dotted rectangle in the figure. Note that although the figure shows multiple copies of the data link program, in reality all links are served by one copy of the program, with different tables and data structures for each link.

More on the topic Services provided to the network layer:

1. Our population has now been reduced to such a level that it is increasingly difficult for us to provide the protection we have hitherto provided to the West Coast, while in the very near future you will need much more effective protection.

Data center physical location in which critical computing resources are collected. The center is designed to support business-critical applications and associated computing resources, such as mainframes, servers and server farms.

Business applications include financial, human resources, e-commerce, and business-to-business applications. In addition to those groups of servers that support business applications, there are other groups of servers that support network services and network applications. Network services include NTP, Telnet, FTP, DNS, DHCP, SNMP, TFTP and NFS. Network applications include IP telephony, video transmission over IP, video conferencing systems, etc.

Business applications include any application that performs functions necessary for business, which, generally speaking, implies a very large number of such applications. Some enterprise applications are logically organized into several layers, separated by the functions they perform.

Some layers are dedicated to supporting client calls or external functions, such as serving web pages or command line interface (CLI) support for applications. In some cases, external functions can be implemented based on web. Other functions process user requests and convert them into a format understandable by layers such as servers or databases.

This multi-level approach is called an N-level model, since in addition to the external and internal levels, there may be several more levels between them. Such levels are associated with the management of objects, their relationships, control interaction with the database, and offer the necessary interfaces to applications.

Enterprise applications typically fall into one of the following core business areas:

• Customer Relationship Management CRM.
• Enterprise Resource Planning ERP.
• Supply Chain Management SCM.
• Sales automation (Sales Force Automation SFA).
• Order Processing.
• E-commerce.

Source: Cisco

It should be noted that the outer layer, which supports client calls to the server, supports access applications. Currently, there are applications with both native and web interfaces, and there is a tendency to move towards web applications.

This trend implies that a web interface is used to work with clients, but at the same time, applications have a middle level that, at the client’s request, receives information from the internal database and transmits it to an external level, for example, to a web server, bringing thus, the answer is up to the client.

This middle tier of the application and database system is a logically separated part that performs specific functions. The logical separation of these functions makes physical separation possible. And the conclusion is that application servers and web servers no longer have to be physically located in the same place.

This separation increases the scalability of services and simplifies the management of large groups of servers. From a networking perspective, such groups of servers performing different functions can be physically separated into different layers of the network for security and manageability reasons. In Fig. 10 The middle tier and database tier provide network connectivity to each group of servers.

Data Center Capabilities

Since critical computing resources are located in these locations, special measures must be taken to prepare personnel and technical equipment to provide round-the-clock support. The object of support is computing and network resources. The specificity of these resources and their importance for doing business require special attention to be paid to the following areas:

• Energy supply
• Cooling
• Cabling
• Temperature and Humidity Control
• Fire and smoke systems
• Physical security: access denial and surveillance systems
• Installation physical space and raised floors

The operating personnel must consist of specialists who have thoroughly studied the requirements for managing the center and monitoring its work. In addition to the above service areas, it is necessary to mention:

• Server resources, including hardware, software and operating systems.
• Network infrastructure supporting server resources

Network infrastructure

The infrastructure required to support computing resources is largely determined by the set of data center services that serve the goals of the architecture. The main components of the network infrastructure are then grouped by these same services. The list of network infrastructure components specifies a set of services, but in itself it is very large, and it is more convenient to outline it by describing the details of each service.

Benefits of creating data centers

The benefits of data centers can be summed up in one sentence: “A data center consolidates critical computing resources in a secure environment for centralized management, giving the enterprise the ability to work on its own schedule, including around the clock.”

24/7 operation is expected for all services supporting the data center. Normal business activity is supported by critical business applications, without which the business either suffers severely or stops altogether.

Building a center requires significant planning. Strategies for efficiency, scalability, security and management must be clear and clearly aligned with business requirements.

The loss of access to important information can be quantified as it affects the result income. There are businesses that are required by law to plan for business continuity: federal agencies, financial institutions, healthcare, etc.

The devastating consequences of a possible loss of access to information force enterprises to look for ways to reduce such risk and its impact on business. A significant portion of the plans consider the use of data centers that cover critical computing resources.

Mikhail Kader / Cisco

The set of server and client parts of the OS that provide access to a specific type of computer resource via a network is called network service. In the example above, the client and server parts of the OS, which together provide network access to the computer's file system, form a file service.

A network service is said to provide network users with a certain set of services. These services are also called network service(from the English term “service”). Although these terms are sometimes used interchangeably, it should be borne in mind that in some cases the difference in the meaning of these terms is fundamental. Further in the text, by “service” we will understand a network component that implements a certain set of services, and by “service” we will mean a description of the set of services that is provided by this service. Thus, a service is an interface between a service consumer and a service provider (service).

Each service is associated with a specific type of network resource and/or a specific method of accessing those resources. For example, a print service provides network users with access to shared network printers and provides a print service, and a mail service provides access to a network information resource - emails. For example, the remote access service differs in the method of accessing resources - it provides users of a computer network with access to all its resources through dial-up telephone channels. To gain remote access to a specific resource, such as a printer, the Remote Access service communicates with the Print service. The most important ones for network OS users are the file service and the print service.

Among the network services, we can highlight those that are aimed not at the average user, but at the administrator. Such services are used to organize the operation of the network. For example, the Bindery service of the Novell NetWare 3.x operating system allows the administrator to maintain a database of network users on the computer running that OS. A more progressive approach is the creation of a centralized help service or, in other words, a directory service, which is designed to maintain a database not only of all network users, but also of all its software and hardware components. Novell's NDS is often cited as an example of directory services. Other examples of network services that provide services to the administrator are a network monitoring service, which allows you to capture and analyze network traffic, a security service, the functions of which may include, in particular, performing a login procedure with password verification, and a backup and archiving service.

The rich range of services an operating system offers to end users, applications, and network administrators determines its position in the overall range of network operating systems.

Network services are, by nature, client-server systems. Since when implementing any network service, a request source (client) and a request executor (server) naturally arise, any network service contains two asymmetric parts - client and server. A network service can be represented in the operating system either by both (client and server) parts, or only by one of them.

It is usually said that the server provides its resources to the client, and the client uses them. It should be noted that when a network service provides a certain service, the resources of not only the server, but also the client are used. The client may spend a significant portion of its resources (disk space, CPU time, etc.) maintaining the operation of the network service. The fundamental difference between a client and a server is that the client is always the initiator of the work performed by the network service, and the server is always in a passive mode of waiting for requests. For example, a mail server delivers mail to the user's computer only when a request is received from a mail client.

Typically, the interaction between the client and server parts is standardized, so that one type of server can be designed to work with different types of clients, implemented in different ways, and even by different manufacturers. The only condition for this is that the clients and server must support a common standard protocol for interaction.

Internet– a single global network that connects a huge number of networks around the world (from the English InterNet - “internetwork”, “network of networks”). The Internet arose in the 60s in the United States as a result of experiments to create a viable network that could not be disabled by destroying one or more command posts with central computers.

The Internet is a decentralized network that does not have an owner or governing body (although each network included in it has an owner and a system administrator), functioning and developing through voluntary (including commercial) cooperation of various organizations and users on the basis of common agreements and standards (protocols). ). Registered and numbered Internet standards, protocols, specifications form RFC electronic document system(Request For Comments - request for clarification).

Organizations providing connection and provision of Internet services – providers(English Internet Service Providers, Internet service providers) are connected high-speed trunk channels(cable, fiber optic, satellite, radio relay). A separate computer or local network can connect to the provider via leased line(permanent connection) or by dial-up line(temporary connection via modem and regular telephone network). The first method is more expensive, but provides higher data transfer speeds.

The modem signal can be transmitted:

· via regular telephone channel – dial-up line;

· By dedicated telephone line;

· on the base ADSL technologies(English: Asymmetric Digital Subscriber Line - asymmetric digital subscriber line) over a regular telephone channel, without occupying it and allowing independent and simultaneous telephone conversations.

The data transfer speed through a dial-up telephone line is about 30 Kbit/s for analog telephone lines and 60–120 Kbit/s for digital ones. For dedicated telephone lines, transmission speeds are up to 2 Mbit/s, for fiber-optic and satellite communication lines – hundreds of Mbit/s.

Permanent connections, depending on the network equipment used and the type of cable channel, provide data transfer rates of up to 20-40 Mbit/s and higher.

The Internet works based on basic TCP/IP protocol, introduced in 1983. In fact, TCP/IP is a set of protocols and consists of several main layers. So, transport protocol TCP(Transmission Control Protocol) ensures that data is split into small packets ( segments) before shipping and assembly after delivery, and IP routing protocol(Internet Protocol) is responsible for selecting routes over various nodes and networks between the sender and recipient (possibly different for different packets from the same message). Data packets prepared using this protocol are called IP datagrams(or IP packets). They include segments prepared using the TCP protocol, to which the sender and recipient addresses are added.

These protocols also perform other tasks, for example, the TCP protocol includes functions not only of the transport layer, but also of the session layer, but do not fit completely into the layer separation of the OSI model, since they were developed before its advent.

Each of information services (information services) of the Internet solves its problems using its application protocols, based on basic TCP/IP protocols. The most famous of them:

· "World Wide Web" www(from the English World Wide Web) makes it possible to move documents, books, news, photographs, drawings, training courses, reference materials, etc. in the information space; Currently, the WWW, in fact, claims to be the main carrier of the “collective memory” of humanity. The www service uses http protocol and is discussed in more detail below.

· Email or Email(from the English Electronic mail) allows you to exchange emails over the network, which can be accompanied by additional files. Using the E-mail service, you can also send messages to a cell phone, communicator, fax, or pager. Used to send correspondence SMTP protocol(English: Simple Mail Transfer Protocol) to receive it from your mailbox on mail server – POP protocol(English Post Office Protocol - post office protocol). IMAP protocol(Internet Message Access Protocol) allows you to store mail in your mailbox on a mail server. To attach arbitrary files to a letter, use MIME standard(Multipurpose Internet Mail Extension - multi-purpose Internet mail extension). The rules for generating email addresses are discussed below. Used to work with email mailers Outlook Express (included in Microsoft Internet Explorer), Microsoft Outlook (included in Microsoft Office), Netscape Messenger (included in the Netscape Communicator browser), The Bat! and others clients E-mail.

· File transfer service between remote computers used to transfer large files (archives, books, etc.) via FTP protocol(English File Transfer Protocol - file transfer protocol). To work with FTP you need FTP client, which can be built into an Internet browser, file manager, or supplied as a separate application. FTP clients differ in their ability to use multithreading(downloading parts of files in several parallel processes), support for “resuming” a file after a connection failure, restrictions on the maximum supported file size.

· Teleconferencing service (news, news groups) UseNet News (Newsgroups) provides viewing of materials on a selected topic sent to the teleconference server by the users themselves. Also used mailing lists, formed with the participation of the administrator ( moderator) conferences and sent to subscribed subscribers.

· Before the widespread spread of the Internet, the functions of teleconferencing were largely performed by BBS electronic bulletin boards(English Bulletin Board System - a system of electronic bulletins), the most famous system of which is the FidoNet network. Connection to the BBS is carried out over small computer networks with one server using modems through telephone lines.

· IRC online communication service(Internet Relay Chat - literally, Internet broadcast of chatter), which is often called chat conferences or simply chat, supports a collective conversation, the participants of which type their remarks on the keyboard and see what others have said on the monitor.

· Internet paging system ICQ(from the English “I seek you” - I am looking for you, “ICQ” in the jargon of domestic Internet users) makes it possible to exchange messages and files in real time. This system provides a search for the network address of a subscriber (permanent or temporary), if he is currently connected to the network, by his personal identification number UIN(English Universal Internet Number), received when registering on the central server of this service.

· Telnet service serves for remote control (by Telnet protocol) via the Internet by other computers and programs installed on them, for example, connected to equipment for conducting experiments or performing complex mathematical calculations.

· Important areas of using the Internet are Internet telephony (IP telephony)– transmission of telephone conversations and faxes over the Internet in encoding that complies with the IP protocol, broadcasting radio and television programs over the Internet, wireless Internet connection from mobile phones: directly via WAP protocol(Wireless Application Protocol), or via a computer via GPRS protocol(General Packet Radio Service).

· Encryption of information transmitted over the Internet is ensured SSL protocol(Secured Socket Layer).

Each computer connected to the Internet receives a unique (non-repeating) IP address(that is, an address corresponding to the IP protocol). With a permanent connection, this address is assigned to it; with a temporary connection, a temporary (dynamic) address is allocated for the session. In this case, a computer that is constantly connected to the network and through which temporary users connect is called host computer(from the English host - owner).

Physical IP address is a 32-bit (4-byte) binary number, which is usually written by converting each byte into a decimal number and separating them with dots. This number encodes the network through which the computer accesses the Internet and the number of the computer on the network. Depending on the permissible number of computers, networks are divided into three classes (Table 3).

Table 3. Network classes A, B, C

For example, the address 197.98.140.101 corresponds to host number 0.0.0.101 on the class C network 197.98.140.0.

To separate the network address from the host address, use Subnet mask, which is also a 32-bit number. By default, class A networks correspond to a mask of 255.0.0.0, class B – 255.255.0.0, and class C networks – 255.255.255.0, that is, in the binary representation of the mask, positions corresponding to the network address are closed with ones. The subnet mask can be used for other purposes, for example, to logically divide local networks into smaller subnets.

Several IP addresses are reserved for special purposes, e.g. address 127.0.0.1 provides the user with access to himself (used for testing programs and debugging Web applications on the local server). A network number with a computer number of 0 denotes this entire network, and with the maximum possible number (255 for network C) it is used for broadcast message, sent to all computers on the network.

It is more convenient for users to work not with physical addresses, but with domain names networks and computers on the Internet. This name consists of symbols separated by dots domains(from Latin dominium – possession.) – network fragments. From right to left, the most extensive is indicated, senior domain (first or top level), then lower, nested domains, and so on until the leftmost domain corresponding to the end node of the network. At the beginning of the domain name, before the server name, the Internet service in which this network node operates can be indicated (for example, www. - "World Wide Web" or ftp. - file transfer service). Often domains of the third and lower levels are called subdomains or subdomains.

Top-level domains are most often designated by two (country) or three (type of organization) letters. Some of them are given in table. 4.

For example, microsoft.com is the domain address of Microsoft in the domain of commercial servers, and the domain cit.sibstrin.ru can mean the address of a subdomain of the local network of the cit information technology center, which is a subdomain of the NGASU (Sibstrin) network in the domain of Russian-language servers ru.

Unique correspondence between physical and domain names is ensured by a special domain name system Internet - DNS (English Domain Name System), consisting of computers called DNS servers(each domain has a DNS server serving it). The user deals with domain names, and data transfer between computers is carried out using physical addresses that are automatically determined by contacting the appropriate DNS servers.

Table 4. Some top-level domains

At the top of the DNS server hierarchy are root zone servers with names a.root_servers.net, b.root_servers.net, etc., duplicating each other’s information. The local server, having received a connection request with a certain address from the client machine, passes it to the local DNS server, which will extract the domain name from the request and either find the corresponding IP in its database or contact one of the root zone servers. The latter will return a pointer to the DNS server of the domain known to it, which includes the requested address, and will completely eliminate itself from the process. These nested queries can be repeated, with each time the local DNS server accesses a lower-level name server. Only after this multi-step process is completed, the DNS server will return the translated address to the computer that made the request, and the user will finally be able to see on his monitor what kind of information is located at the address he entered.

Domain names and physical IP addresses are distributed by the International Coordination Center for Domain Names and IP Addresses (ICANN), which includes 5 representatives from each continent (Internet address www.icann.org).

To access a file (program, document) on the Internet, you need to specify a URL (Uniform Resource Locator), consisting of:

· the name of the protocol used to access the file and separated from the subsequent part by a colon and two forward slashes;

· computer domain name, separated from subsequent contents by a slash;

· the full name of the file on the computer (without specifying the logical drive), including (possibly) the access path (list of subdirectories), the actual file name and extension.

The URL can only use Latin letters (lowercase and uppercase letters are considered different) without spaces. The path and file name may be missing, which corresponds to access to the computer (server) itself.

For example, a URL like http://www.students.informatika.ru/library/txt/klassika.htm means that the klassika file with the htm extension is located in the txt subdirectory of the library directory on the students server of the informatika.ru domain. This server belongs to the www service, and the http protocol is used to access the file.

The address ftp://ftp.netscape.com/books/history.doc is used when retrieving the history.doc file located on the netscape server of the commercial Internet domain using the ftp file transfer protocol (ftp service).

Quite often you will come across URLs that do not contain the name of the html file, however, when you enter such a URL, you still get to a specific Web page. This means that the document has a default name, which can be assigned during server administration. Most often this name is index.html, so the URL http://www.host.ru can mean exactly the same thing as http://www.host.ru/index.html. The default http:// protocol prefix is ​​also usually omitted when writing the full URL.

To work with e-mail, you must register your account on one of the Internet mail servers. Mailbox, to which is assigned email address. This address consists of the server’s domain name and the login(the name of the mailbox, it is selected by the user during registration). These two parts of the address are separated by the symbol @ (read “et”, in Russia they often use the slang expression “dog”).

For example, [email protected]– mailbox of the subscriber who selected the director name on the contora.ru server.

As stated above, the leading and most widely used Internet service today is the World Wide Web (www), which covers a large volume of information resources. In this system it is easy to find news, reference and regulatory materials, books, articles, abstracts, software, opinions and expert advice on almost any topic. www also contains a huge amount multimedia content, such as graphics and animation, video and audio recordings, online games, etc.

The www service is based on the presentation of documents in the form hypertext– a text that allows not only sequential reading. The essence of the matter is that elements of hypertext, such as phrases, individual words, pictures, can refer to other fragments of the same text or other documents, located, perhaps, on another computer on another server. The physical location of the server addressed by the link does not matter. Links ( hyperlinks, hyperlinks) are usually marked with a special color and font, and are navigated automatically after clicking on the label. Thus, various information turns out to be interconnected by an intertwining web of links, and the collective knowledge of humanity introduced into the system is to a certain extent likened to individual memory, woven into one whole by associations and semantic connections.

The hypertext-based www concept was developed in 1989 by the English scientist Timothy Berners-Lee for the European Particle Physics Laboratory, based in Switzerland and uniting physicists from around the world. The concept of hypertext itself was proposed by the American scientist Theodore Holm Nelson in 1965.

A document presented on the WWW is called Web page, and the computer on which such documents are located is Web server. Web pages are created using hypertext markup language HTML(English HyperText Markup Language) or more powerful XML language(English e X tensible M arkup L anguage is an extended markup language), there are other markup formats.

Typically, the markup format allows you to define hyperlinks and text organization by including control characters - tags(from the English tag - label, label). The formatting of a Web page on a monitor is determined both by tags that control markup and by specific computer settings. You can place pictures on Web pages in one of the three main Web graphic formats: gif, jpg(jpeg), png, multimedia objects (flash animation, sound and video files), forms for dialogue with the user, controls ( ActiveX), launching programs. Such programs are most often written in a programming language Java (Java), designed to support Web pages. Translators from this language are interpreters, which allows you to write universal programs that run on different computers and different operating systems.

Used to access web pages Hypertext Transfer Protocol HTTP(Hyper Text Transfer Protocol).

Viewing Web pages and moving between them in the network information space using hyperlinks ( web navigation) provide special programs Web browsers ("navigators", the most common name is browsers, from English browse – look, scroll through). Browsers are the main programs - clients service www. Currently, the most commonly used browsers are Mozilla Firefox, Opera, Google Chrome (Google company), Safari, Internet Explorer (Microsoft company). In the recent past, there were only two popular browsers - Internet Explorer and Netscape Navigator (from Netscape).

Browsers have continually evolved since the dawn of the WWW, becoming an increasingly important program on the typical personal computer. A modern browser is a complex application both for processing and displaying various components of a web page, and for providing an interface between the website and its visitors. Almost all popular browsers are distributed free of charge or bundled with other applications, for example, the Internet Explorer browser is included in the Windows operating system, the latest versions of the Mozilla Firefox and Opera browsers are free programs, and the Safari browser is distributed as part of the Mac OS operating system.

Control of any modern browser is quite standardized. At a minimum, the following tools are required to work comfortably in the browser:

· address bar(address bar, navigation bar, Toolbar) contains and allows you to enter the URL of the required page or the path to a locally located document, and also places standard page navigation buttons ("Forward", "Back", "Refresh", "Stop", "Home"). In some browsers, standard buttons are placed on a separate toolbar;

· status bar (status line) is the bottom information field of the browser window containing important additional information. Thus, while a web page is loading, information about its progress is displayed in the status bar, and when you hover the mouse cursor over a link, the URL corresponding to the link is displayed in the status bar;

· tab bar(sometimes the bookmarks bar, Tab bar) - allows you to open additional web pages in the current window and switch between them. The concept of tabs allows you to more conveniently manage sets of simultaneously open web pages without giving up the ability to open a link in a new browser window.

These toolbars are usually enabled out of the box and can be controlled from the browser's View menu.

As a rule, apart from personal preferences, most often Internet users work with sites search engines. Their use is very simple - Web search servers return a selection of all www documents known to them, containing keywords from a query made by the user, and the query is made in natural language. The most famous and effective in Runet(Russian-language segment of the Internet) search engines - Google, Yandex and Mail.Ru.

The speed of searching for information in such systems is ensured by the invisible work of special programs (“search robots”) that continuously scan various websites and update lists of terms found on them ( search engine indexes). Thus, in reality the search takes place not on “all Internet servers,” which would be technically impossible, but on the search engine database, and the absence of suitable information found upon request does not mean that it is not on the Internet - you can try using another search tool or resource directory. Search server databases are not only replenished automatically. Any major search engine has the ability to index your site and add it to the database. The advantage of the search server is the ease of working with it, the disadvantage is the low degree of selection of documents upon request.

Both search servers and individual Web site developers also form rubricators or catalogs– hierarchical structures of topics and concepts, by moving through which the user can find the necessary documents or sites. The catalog is usually replenished by the users themselves after checking the data they entered by the server administration. A resource catalog is always better organized and structured, but it takes time to find the right category, which, moreover, is not always easy to define. In addition, the volume of the catalog is always significantly less than the number of sites indexed by the search engine.

Web sites can also be classified in terms of the technology used to develop them. The phrase “HTML language,” historically established in the Russian language, does not reflect the fact that HTML and XML are not programming languages. However, more often than not, a modern Web page is dynamic, that is, is the result of a server program that generates a page in response to a user request for a particular URL address (as opposed to static pages in HTML markup stored on the server as a file with the extension .htm or .html). The main server programming languages ​​are PHP, Perl, Python and a number of others. There are also client Web programming languages ​​such as Javascript and VB Script. A program in such a language, included in the text of a Web page, is executed not on the server, but on the client computer, using an interpreter included in the user’s browser or installed separately.

Basic provisions of the international standard ISO/IEC 17799.

Part 19: Access control. Continuation.

Network access control

Access to both internal and external network services should be controlled. This will help ensure that users accessing the network and network services do not compromise the security of those services. The following tools are used for this:

appropriate interfaces between the organization's network and public networks and networks owned by other organizations;

appropriate authentication mechanisms for users and equipment;

control of user access to information services.

Network Services Use Policy

Unsecured connections to network services can impact the security of your entire organization. Users should be given immediate access only to those services for which they have received specific permission to use. This is especially important for network connections to confidential or business-critical applications, and for users operating in high-risk areas, such as public areas and external areas that are outside the scope of the organization's security controls.

Policies regarding the use of networks and network services need to be developed. This policy should cover:

networks and network services to which access is permitted;

administrative rules and means of protecting access to network connections and network services.

This policy should be consistent with the organization's access control policy.

User authentication for external connections

External connections (for example, connections over telephone lines) provide the potential for unauthorized access to an organization's information. Therefore, authentication must be used for remote user access.

There are various authentication methods. Some of these methods provide more effective security than others—for example, encryption-based methods can provide stronger authentication. The required level of protection should be determined through a risk assessment. You will need this information when choosing the appropriate authentication method.

To authenticate remote users, you can use, for example, cryptographic methods, hardware, or challenge-and-acknowledge protocols. In addition, dedicated private lines or means of verifying user network addresses can be used to ensure the authenticity of the connection source.

To protect against unauthorized and unwanted connections to information processing facilities, organizations can use callback facilities, such as modems with a callback function. This control method serves to authenticate users attempting to connect to an organization's network from a remote location. When using this method, you should not use network services that provide call redirection. If you do have the call forwarding feature, you should disable it to avoid vulnerabilities associated with it. In addition, the callback process must include verification that the organization actually terminated the connection. Otherwise, the remote user can remain on the line by spoofing the test by calling back. Callbacks should be carefully tested for this capability.

Node Authentication

Tools for automatically connecting to a remote computer can be used by attackers to gain unauthorized access to business applications. Therefore, connections to remote computer systems must require authentication. This is especially important if the connection is using a network outside of the organization's control.

Peer authentication can provide an alternative means for authenticating groups of remote users when connecting to shared secure computing services.

Protecting remote diagnostic ports

Access to diagnostic ports must be carefully controlled. Many computers and communications systems have a dial-up remote diagnostic system for use by service engineers. If unsecured, such diagnostic ports can be used for unauthorized access. Therefore, they must be secured with an appropriate security mechanism (eg a lock). Rules must be put in place to ensure that these ports are only accessible by agreement between the person responsible for the computer system and the service personnel who require access.

Separation of computer networks

As partnerships emerge that require the integration or sharing of networks and information processing facilities, networks increasingly extend beyond traditional organizational boundaries. This expansion may increase the risk of unauthorized access to network-connected information systems, some of which may require protection from other network users due to their criticality or confidentiality. In such conditions, it is recommended to consider the implementation of network control tools to separate groups of information services, users and information systems.

One method of controlling security in large networks is to divide such networks into separate logical network zones, for example, internal network zones of the organization and external network zones. Each such zone is protected by a certain security perimeter. Such a perimeter can be implemented by installing a secure gateway between the two interconnected networks to control access and information transfer between the two domains. This gateway must be configured to filter traffic between these domains and block unauthorized access in accordance with the organization's access control policy.

A good example of such a gateway is a system commonly called a firewall.

access requirements. Additionally, when implementing network routing and gateways, you must consider the relative cost and performance impact.

Monitoring network connections

Access control policies on shared networks, especially those that extend beyond organizational boundaries, may require the implementation of means to limit the connectivity of users. Such facilities can be implemented using network gateways that filter traffic in accordance with a given table or set of rules. The restrictions imposed should be based on the access policy and the needs of the organization. These limits must be maintained and updated promptly.

Here are examples of areas for which restrictions need to be introduced:

Email;

one-way file transfer;

two-way file transfer;

interactive access;

network access based on time of day or date.

Network routing control

On shared networks, especially those that extend across organizational boundaries, it may be necessary to establish routing controls to ensure that computer connections and data flows do not violate the organization's access control policies. Such control is often necessary for networks that are shared with other users outside the organization.

Routing controls must be based on specific mechanisms for verifying source and destination addresses. In addition, to isolate networks and prevent the emergence of routes between two networks of different organizations, it is very convenient to use the network address translation mechanism. These tools can be implemented both at the software and hardware levels. When implementing, it is necessary to take into account the power of the selected mechanisms.

Standard materials provided by the company