Orientation to Computing — I

Unit 4: Computer Network, Communication & Security Essentials

From sending a WhatsApp message to securing a UPI payment — understand how computers talk to each other across the globe, how data finds its destination, and how to protect it from the bad guys.

🏢 Industry-Aligned | 📝 15 MCQs (Bloom's Taxonomy) | 🔬 5 Lab Exercises | 💼 Interview & Career Prep

Section 1

Why This Chapter Changes How You Think About the Digital World

Every time you book a ticket on IRCTC, scan a QR code on PhonePe, or stream a video on YouTube — data is travelling through a network. The message you sent on WhatsApp? It left your phone, travelled through your Wi-Fi router, bounced through Jio's fibre-optic backbone, crossed undersea cables, reached Meta's data centre, and arrived on your friend's device — all in under 200 milliseconds. Understanding how this works is the difference between being a user and being an engineer.

And here's the scary part: in 2023, cybercrime cost the world $8 trillion — more than the GDP of Japan. India alone saw 1.39 million cybersecurity incidents reported to CERT-In that year. AIIMS Delhi's servers were locked by ransomware for 15 days. CoWIN vaccination data was allegedly leaked. UPI fraud complaints crossed 95,000 cases in a single quarter. If you build systems without understanding security, you're building a house with no locks.

🏢 Industry Snapshot — Who Uses This Knowledge Daily?

Jio (Reliance) — India's largest telecom manages a network that carries 10+ exabytes of data per month. Their network engineers configure routers, design IP addressing schemes, and deploy firewalls across 400,000+ cell towers. Every concept in this chapter — from LAN/WAN to TCP/IP — is their daily bread.

CERT-In (Indian Computer Emergency Response Team) — India's cybersecurity agency handles real incident responses: the AIIMS ransomware attack, banking Trojan alerts, phishing campaign take-downs. They issue advisories based on the exact threat categories you'll study in Section 3.

Razorpay / PhonePe — Every UPI transaction passes through firewalls, TLS encryption, and multi-factor authentication. Their security teams defend against phishing, credential stuffing, and API abuse — using the exact defense mechanisms covered in this chapter.

🇮🇳 Jio🇮🇳 CERT-In🇮🇳 Razorpay🇮🇳 PhonePe🇮🇳 IRCTC🇮🇳 SBI

Prerequisite Checklist ✅

✅ You've used Wi-Fi, mobile data, or a wired internet connection
✅ You know what an IP address is (even vaguely — we'll build on it)
✅ You've heard of hacking, viruses, or phishing — even from news headlines
✅ You understand basic hardware components (CPU, RAM, NIC from Unit 1)
✅ No programming experience needed — this chapter is about concepts and architecture

The first message ever sent over ARPANET (the ancestor of the internet) in 1969 was "LO" — the system crashed before they could complete "LOGIN." A network failure on day one! Since then, the internet has grown to connect 5.4 billion people across 40,000+ networks.

Section 2

Learning Outcomes — Bloom's Taxonomy

Bloom's Level	Learning Outcome
L1 — Remember	List the 7 layers of the OSI model, name 7 types of computer networks (PAN–SAN), and identify common malware categories (virus, worm, trojan, ransomware, spyware)
L2 — Understand	Explain how data flows from a browser to a web server using the TCP/IP model, describe the difference between IPv4 and IPv6, and explain why MFA is more secure than passwords alone
L3 — Apply	Trace a packet's journey through network devices (NIC → switch → router → ISP → server), apply subnet concepts to determine network vs host portions, and configure basic Windows Firewall rules
L4 — Analyze	Compare Star vs Mesh topologies for a college campus network considering cost, fault tolerance, and scalability; analyze how the AIIMS ransomware attack propagated through the hospital network
L5 — Evaluate	Justify the selection of firewall type (packet filtering vs WAF) for an e-commerce platform like Flipkart; evaluate whether a VPN or Zero Trust architecture is better for a remote-first startup
L6 — Create	Design a secure network topology for a 500-student college campus including VLANs, firewall placement, and Wi-Fi coverage; create a cybersecurity incident response plan for a hospital

Section 3

Concept Explanations — Theory, Earned

Part A — Computer Networks & Communication

3.1 What Is a Computer Network?

📌 Computer Network — Connecting the World

📌 WHAT IT IS

A computer network is a collection of two or more interconnected devices (computers, phones, servers, printers) that can share data and resources. The connection can be wired (Ethernet cables, fibre optics) or wireless (Wi-Fi, Bluetooth, 5G). The purpose is simple: enable communication and resource sharing between devices that would otherwise be isolated islands.

🌍 REAL-WORLD ANALOGY

A network is like India's railway system. Individual cities (computers) are connected by tracks (cables/wireless links). Trains (data packets) carry passengers (information) from source to destination through stations (switches/routers). Without the railway, every city would be isolated — just like computers without a network. The railway schedule (protocols) ensures trains don't collide and reach the right destination.

⚙️ WHY DO WE NEED NETWORKS?

Need	Without Network	With Network	Indian Example
Resource Sharing	Each employee needs their own printer	50 employees share 2 network printers	TCS offices — 1 printer per floor, not per desk
Communication	Walk to colleague's desk for every message	Instant email, chat, video call	Slack/Teams at Infosys for 3 lakh employees
Data Sharing	Copy files to USB, physically carry them	Shared drives, cloud storage, instant transfer	Google Workspace at IITs — students share project files
Centralized Management	Update software on each PC individually	Push updates to all PCs from a server	Windows Update Server at SBI — 22,000+ branches
Internet Access	No access to global information	Billions of websites, services, APIs	IRCTC serves 25 million users through its network

🏢 INDUSTRY USE

Every modern organisation runs on networks. SBI's 22,000+ branches are connected via a WAN to process transactions. Flipkart's warehouses communicate with delivery partners through networks. Even your local chai shop uses a network when it accepts UPI payments via PhonePe — the phone connects to a Jio tower, which connects to NPCI's payment servers, which connect to your bank.

⚠️ COMMON MISCONCEPTION

"Network = Internet." No. The Internet is just one specific network — the world's largest public network. But a network can be as small as two laptops connected via Bluetooth (PAN) or a private corporate network that never touches the Internet (Intranet). Your home Wi-Fi is a local network (LAN) that connects to the Internet through your ISP.

3.2 Types of Computer Networks

📌 Network Types — From Personal to Global

Type	Full Form	Range	Speed	Indian Example
PAN	Personal Area Network	~10 metres	1-3 Mbps	Your phone ↔ Bluetooth earbuds ↔ smartwatch
LAN	Local Area Network	Building/campus	100 Mbps–10 Gbps	College computer lab, TCS office floor, cyber café
WLAN	Wireless LAN	~50-100 metres	100 Mbps–1 Gbps	Jio Fiber router at home, Starbucks free Wi-Fi
MAN	Metropolitan Area Network	City-wide	10-100 Gbps	Mumbai's MTNL network, Bangalore smart city network
WAN	Wide Area Network	Country/global	Variable	SBI connecting 22,000+ branches, BSNL backbone, Internet
VPN	Virtual Private Network	Over Internet	Depends on ISP	TCS employees WFH accessing office servers securely
SAN	Storage Area Network	Data centre	16-128 Gbps	IRCTC's database servers, SBI ATM data storage

📌 REAL-WORLD MAPPING

Network Types in Your Daily Life
Your Day →  Network Encountered

☀️ Morning:  Phone ↔ Bluetooth speaker (earbuds)     →  PAN
🏠 Home:     Laptop ↔ Wi-Fi Router ↔ Smart TV         →  WLAN (Wireless LAN)
🏫 College:  Lab PCs ↔ Switch ↔ Server (Ethernet)     →  LAN
🏙️ City:     CCTV cameras ↔ Traffic HQ (fibre)        →  MAN
💳 ATM:      SBI ATM Mumbai ↔ SBI Data Centre Delhi    →  WAN
🏠 WFH:      Your laptop → encrypted tunnel → office   →  VPN
💾 Server:   Database server ↔ shared storage array     →  SAN
🌐 Always:   Your ISP → submarine cable → Google        →  Internet (WAN)

⚠️ COMMON MISCONCEPTION

"Wi-Fi IS the Internet." No. Wi-Fi is a wireless LAN technology (WLAN) that connects your device to a local router. The router then connects to the Internet through your ISP (Jio, Airtel, BSNL). If your ISP is down, your Wi-Fi will still work for local file sharing, printing, and casting to your smart TV — but you won't have Internet access.

VPN (Virtual Private Network) — Creates an encrypted "tunnel" over the public Internet, making it act like a private network. When TCS employees work from home, they connect to TCS's VPN — their traffic is encrypted so no one on the public Internet can read it. It's like sending a sealed, locked box through the regular postal system — the postman can carry it but can't open it.

India is connected to the global Internet through 17+ submarine cables landing at Mumbai, Chennai, Kochi, and Tuticorin. The Mumbai-Chennai cable alone carries 80+ Tbps of data. If a ship's anchor accidentally cuts one of these cables (which happens!), India's internet speed drops noticeably.

3.3 Network Topologies — How Devices Are Arranged

📌 Topology — The Blueprint of a Network

📌 WHAT IT IS

Network topology is the arrangement or layout of devices (nodes) and connections (links) in a network. It defines how data flows between devices. Choosing the right topology affects cost, performance, fault tolerance, and scalability.

🌍 REAL-WORLD ANALOGY

Topology is like the road layout of a city. Some cities have all roads leading to a central square (Star). Some have a circular ring road (Ring). Some have a grid where every intersection connects to every other (Mesh). The road layout determines traffic flow, what happens when a road is blocked, and how easy it is to add new roads.

⚙️ TOPOLOGY DIAGRAMS

Bus Topology
All devices share a single cable (backbone)

  [PC1]──┬──[PC2]──┬──[PC3]──┬──[PC4]──┬──[PC5]
         │         │         │         │
  ═══════╧═════════╧═════════╧═════════╧════════  ← Backbone cable
                                                    (Terminator at each end)
Pros:  Cheap, easy to install for small networks
Cons:  Single point of failure (cable breaks = entire network down)
       Collisions increase with more devices
Used:  Obsolete for modern networks. Was used in early Ethernet (10BASE2)

Star Topology
All devices connect to a central switch/hub

          [PC1]     [PC2]
            \       /
             \     /
         [PC5]──[SWITCH]──[PC3]
                  |
                [PC4]
                  |
              [Printer]

Pros:  Easy to add/remove devices; one device failure doesn't affect others;
       easy to troubleshoot (check cable from device to switch)
Cons:  Central switch is single point of failure; more cabling needed
Used:  Most common topology today! Every home Wi-Fi, college lab, office LAN

Ring Topology
Each device connects to exactly two neighbours, forming a circle

        [PC1] ──→ [PC2]
          ↑          │
          │          ↓
        [PC4] ←── [PC3]

        Data travels in one direction (unidirectional)
        or both directions (bidirectional / dual ring)

Pros:  Equal access for all devices; predictable performance;
       no collisions (token passing)
Cons:  One device/link failure breaks the ring; difficult to add devices;
       slow (data may travel through multiple nodes)
Used:  SONET/SDH fibre rings for telecom (Jio, Airtel backbone)

Mesh Topology
Every device connects to every other device

        [PC1] ──── [PC2]
         │ \      / │
         │   \  /   │
         │    \/    │
         │    /\    │
         │  /    \  │
        [PC4] ──── [PC3]

Full Mesh:  Every node connects to every other node
            Links = n(n-1)/2  (4 nodes = 6 links)
Partial Mesh: Some nodes connect to all, others to a few

Pros:  Maximum fault tolerance (multiple paths); no single point of failure;
       if one link fails, data takes another path
Cons:  Very expensive (cables + ports); complex to manage
Used:  Internet backbone, ISP core networks, military communications,
       SBI's inter-data-centre links

Tree (Hierarchical) Topology
Star topologies connected in a hierarchy — like an org chart

                    [Core Switch]
                   /             \
          [Dept Switch A]    [Dept Switch B]
          /     |     \       /     |     \
       [PC1] [PC2] [PC3]  [PC4] [PC5] [PC6]

Pros:  Scalable (add branches easily); hierarchical management
Cons:  Root switch failure = entire network down; more cabling
Used:  Large campus networks (IITs, NIT Trichy), corporate offices (Infosys)

Hybrid Topology
Combination of two or more topologies

     [Star LAN]──[Router]──[Mesh WAN]──[Router]──[Star LAN]
      (Office A)          (Internet)           (Office B)

Pros:  Flexible; best topology for each segment; scalable
Cons:  Complex to design and manage; expensive
Used:  Every real-world enterprise network is hybrid!
       TCS: Star (office) + Mesh (backbone) + VPN (WFH)

"Star topology has a single point of failure, so it's bad." In practice, enterprise networks use redundant switches (two core switches with failover), redundant power supplies, and link aggregation. Star topology with redundancy is the industry standard. Pure mesh is too expensive for most use cases. The key is designing for the right level of redundancy.

3.4 Network Devices — The Hardware That Moves Data

📌 Network Devices — Each With a Specific Job

📌 ROUTER — The Traffic Policeman

What: A router connects different networks and forwards data packets between them. It reads the destination IP address of each packet and decides the best path to send it.

Analogy: A traffic policeman at an intersection who reads the address on each truck and directs it to the correct highway.

Types: (1) Home router — Jio Fiber, Airtel Xstream (combines router + switch + Wi-Fi AP + NAT). (2) Enterprise router — Cisco ISR at TCS offices. (3) ISP core router — Juniper MX at Jio's backbone, handles millions of packets/second.

Key feature — NAT (Network Address Translation): Your home has one public IP (given by Jio), but 10 devices. The router uses NAT to share that single public IP among all devices by assigning private IPs internally.

📌 SWITCH — The Mail Sorter

What: A switch connects devices within the same network (LAN) and forwards frames based on MAC addresses. It maintains a MAC address table that maps which device is on which port.

Analogy: A post office sorter who reads the recipient's flat number (MAC address) and puts the letter in the correct mailbox (port).

Types: (1) Layer 2 switch — forwards based on MAC (most common). (2) Layer 3 switch — can also route based on IP. (3) PoE switch (Power over Ethernet) — powers devices like IP cameras and Wi-Fi APs through the Ethernet cable itself.

📌 HUB — The Loudspeaker (Obsolete)

What: A hub receives data on one port and broadcasts it to ALL other ports — regardless of the intended recipient. Every device hears every message.

Analogy: A teacher using a loudspeaker in a room — everyone hears every announcement, even if it's only for one student.

📌 MODEM — The Translator

What: A modem converts digital signals from your computer to analog signals for transmission (MOdulator-DEModulator). Different types for different connections: DSL modem (BSNL landline), cable modem (Hathway), 4G/5G modem (Jio dongle), fibre ONT (Jio Fiber).

📌 OTHER DEVICES

Device	Function	Analogy	Indian Example
Access Point (AP)	Extends wired LAN to wireless devices	A window that lets Wi-Fi signals "escape" the wired network	Wi-Fi APs mounted on ceilings at IIT Bombay campus
NIC	Network Interface Card — hardware that lets a device connect to a network	Your mouth and ears — enables you to participate in a conversation	Every laptop has a built-in NIC (Ethernet + Wi-Fi)
Repeater	Amplifies/regenerates weak signals to extend range	A relay runner passing the baton (signal) to the next runner	Jio uses repeaters in rural areas to extend coverage
Bridge	Connects two LANs and filters traffic by MAC address	A border checkpoint between two cities	Connecting two department LANs at NIT Trichy
Gateway	Connects networks using different protocols (translates between them)	An interpreter between two people speaking different languages	Payment gateway (Razorpay) translates between bank protocols and merchant APIs

Network Device Hierarchy
┌──────────────────────────────────────────────────────────┐
│                      INTERNET                             │
│                    (WAN / Mesh)                            │
├──────────────────────────────────────────────────────────┤
│                                                           │
│    [ISP Core Router] ←── Juniper/Cisco, Jio backbone      │
│            │                                              │
│    [MODEM / ONT] ←── Converts signals (fibre ↔ digital)  │
│            │                                              │
│    [HOME ROUTER] ←── NAT, DHCP, firewall, Wi-Fi          │
│       │        │                                          │
│    [SWITCH]  [Wi-Fi AP] ←── Wireless extension            │
│    │  │  │      │                                         │
│  [PC][PC][Printer] [Phone][Laptop][Smart TV]              │
│                                                           │
│    ← WIRED LAN →  ←── WIRELESS LAN (WLAN) ──→            │
└──────────────────────────────────────────────────────────┘

Hubs are effectively extinct in modern networking. They waste bandwidth (broadcasting everything) and cause collisions. Every port-based network device sold today is a switch. If you see a "hub" in a store, it's almost certainly a switch being mislabelled. Don't buy actual hubs — they haven't been manufactured in meaningful quantities since the early 2000s.

For interviews: When asked "What's the difference between a hub, switch, and router?", structure your answer as: "A hub operates at Layer 1 (broadcasts to all ports), a switch operates at Layer 2 (forwards by MAC address to the correct port), and a router operates at Layer 3 (routes between different networks using IP addresses). Hub → dumb repeater, Switch → smart within LAN, Router → connects LANs."

3.5 Client-Server Model & Peer-to-Peer

📌 Client-Server — How the Internet Works

📌 WHAT IT IS

In the client-server model, a client (your browser, app) sends a request to a server (a powerful computer running 24/7), and the server sends back a response. This request-response pattern is the foundation of the web, email, UPI, and virtually every online service.

🌍 REAL-WORLD ANALOGY

A restaurant. You (client) place an order (request) with the waiter (network). The kitchen (server) prepares the food (processes the request) and the waiter brings it back (response). Multiple customers can order simultaneously — the kitchen handles many requests concurrently.

Client-Server Model
┌──────────┐                                    ┌──────────────┐
│  CLIENT   │   ── HTTP Request ──────────────→  │    SERVER     │
│ (Browser) │   "GET /train/status?pnr=48291"   │  (IRCTC App)  │
│           │                                    │               │
│  Chrome   │   ←── HTTP Response ─────────────  │  Processes    │
│  on your  │   { status: "Confirmed",           │  request,     │
│  laptop   │     coach: "S4", seat: 32 }        │  queries DB   │
└──────────┘                                    └──────────────┘
     |                                                |
     └──── Connected via INTERNET (TCP/IP) ──────────┘

📌 KEY PROTOCOLS IN CLIENT-SERVER

Protocol	Purpose	Example
HTTP/HTTPS	Web pages and APIs	Browsing irctc.co.in (HTTPS = encrypted)
FTP/SFTP	File transfer	Uploading website files to a hosting server
SMTP	Sending email	Gmail sending an email to Yahoo
POP3/IMAP	Receiving email	Your Outlook app downloading emails
DNS	Domain name → IP address	`irctc.co.in` → `14.139.60.85`

📌 PEER-TO-PEER (P2P)

What: In P2P, every device is both a client and a server. No central server exists. Devices communicate directly with each other.

Examples: BitTorrent (file sharing), Bitcoin/blockchain (decentralised ledger), LAN file sharing (Windows Network Neighbourhood). Skype's early architecture was P2P.

Key difference: Client-Server has a central authority (easier to manage, single point of failure). P2P is decentralised (no single point of failure, harder to manage/secure).

3.6 Network Protocols — OSI & TCP/IP Models

📌 Protocols & Layers — The Rules of Communication

📌 WHAT IS A PROTOCOL?

A protocol is a set of rules that governs how data is formatted, transmitted, and received over a network. Without protocols, devices couldn't understand each other — like two people speaking different languages with no translator.

⚙️ OSI MODEL (7 LAYERS) vs TCP/IP MODEL (4 LAYERS)

OSI vs TCP/IP Comparison
┌──────────────────────────────────────────────────────────────────┐
│        OSI MODEL (Theory)    │    TCP/IP MODEL (Practical)       │
│        7 Layers              │    4 Layers                       │
├──────────────────────────────┼──────────────────────────────────┤
│                              │                                   │
│  Layer 7: Application        │                                   │
│    (HTTP, FTP, SMTP, DNS)    │    Layer 4: Application           │
│  Layer 6: Presentation       │    (HTTP, FTP, SMTP, DNS,        │
│    (Encryption, JPEG, ASCII) │     SSH, DHCP)                    │
│  Layer 5: Session            │                                   │
│    (Establish/maintain conn) │                                   │
│                              │                                   │
├──────────────────────────────┼──────────────────────────────────┤
│  Layer 4: Transport          │    Layer 3: Transport             │
│    (TCP, UDP)                │    (TCP, UDP)                     │
│    Segmentation, flow ctrl   │    End-to-end delivery            │
│                              │                                   │
├──────────────────────────────┼──────────────────────────────────┤
│  Layer 3: Network            │    Layer 2: Internet              │
│    (IP, ICMP, ARP)           │    (IP, ICMP, ARP)               │
│    Routing, IP addressing    │    Routing, addressing            │
│                              │                                   │
├──────────────────────────────┼──────────────────────────────────┤
│  Layer 2: Data Link          │                                   │
│    (Ethernet, Wi-Fi, PPP)    │    Layer 1: Network Access        │
│    MAC addressing, frames    │    (Ethernet, Wi-Fi, ARP)        │
│  Layer 1: Physical           │    Physical transmission          │
│    (Cables, signals, bits)   │                                   │
│                              │                                   │
└──────────────────────────────┴──────────────────────────────────┘

Memory trick for OSI (top→bottom): "All People Seem To Need Data Processing"
                   Application, Presentation, Session, Transport, Network, Data Link, Physical

📌 TCP vs UDP

Feature	TCP (Transmission Control Protocol)	UDP (User Datagram Protocol)
Connection	Connection-oriented (3-way handshake: SYN → SYN-ACK → ACK)	Connectionless (just send!)
Reliability	Guaranteed delivery, ordering, error-checking, retransmission	No guarantee — packets may arrive out of order or be lost
Speed	Slower (overhead of reliability)	Faster (no handshake, no retransmission)
Analogy	Registered post with tracking — guaranteed delivery with confirmation	Dropping a postcard in a mailbox — hope it arrives, no confirmation
Used For	Web (HTTP), email (SMTP), file transfer (FTP), UPI payments	Video calls (Zoom), live streaming (YouTube Live), online gaming, DNS queries
Indian Example	IRCTC booking — every byte must arrive correctly (₹2,000 ticket!)	Hotstar IPL live stream — dropping a frame is OK, lag is not

🏢 INDUSTRY USE

The TCP/IP model is what actually runs the Internet. The OSI model is a teaching and reference framework. In practice, network engineers at Jio, Airtel, and BSNL think in terms of TCP/IP layers. When a Razorpay payment fails, the debugging process goes: "Is it a DNS issue (Application layer)? A dropped TCP connection (Transport)? A routing problem (Internet)? A broken cable (Network Access)?"

"The OSI model is used in real networks." Not quite. The OSI model was designed by ISO as a theoretical framework. The actual Internet runs on TCP/IP, which has only 4 layers. OSI is used for teaching, vendor documentation, and troubleshooting frameworks — but no protocol stack implements all 7 OSI layers exactly. Think of OSI as the "textbook" and TCP/IP as the "real exam."

3.7 IP Addressing, DNS & DHCP

📌 IP Addressing — Every Device Needs an Address

📌 WHAT IS AN IP ADDRESS?

An IP (Internet Protocol) address is a unique numerical label assigned to every device on a network. It serves two purposes: (1) identification (who are you?) and (2) location (where are you?). Without an IP address, a router has no idea where to send your data — like a letter without an address.

📌 IPv4 vs IPv6

Feature	IPv4	IPv6
Format	32-bit, dotted decimal: `192.168.1.100`	128-bit, hexadecimal: `2001:0db8:85a3::8a2e:0370:7334`
Total Addresses	~4.3 billion (2³²)	~340 undecillion (2¹²⁸) — enough for every atom on Earth
Status	Running out! (exhausted in 2011)	Gradually replacing IPv4
NAT Needed?	Yes — to share limited public IPs	No — every device gets a unique global IP
Indian Adoption	Still dominant (90%+ of Indian traffic)	Jio leads IPv6 adoption (~70% of Jio traffic is IPv6)

📌 IPv4 CLASSES & PRIVATE vs PUBLIC

IPv4 Address Classes
┌────────┬──────────────────────┬─────────────────┬──────────────────┐
│ Class  │ Range                │ Default Subnet  │ Use              │
├────────┼──────────────────────┼─────────────────┼──────────────────┤
│ A      │ 1.0.0.0–126.x.x.x   │ 255.0.0.0  /8   │ Very large orgs  │
│ B      │ 128.0.x.x–191.255.x │ 255.255.0.0 /16 │ Medium orgs      │
│ C      │ 192.0.0.x–223.255.x │ 255.255.255.0/24│ Small networks   │
│ D      │ 224.x.x.x–239.x.x.x│ —               │ Multicast        │
│ E      │ 240.x.x.x–255.x.x.x│ —               │ Reserved/research│
└────────┴──────────────────────┴─────────────────┴──────────────────┘

Private IP Ranges (NOT routable on Internet):
  Class A:  10.0.0.0    – 10.255.255.255     (TCS internal network)
  Class B:  172.16.0.0  – 172.31.255.255     (College campus LAN)
  Class C:  192.168.0.0 – 192.168.255.255   (Your home Wi-Fi!)

Public IP:  Assigned by ISP (Jio, Airtel). Globally unique. Routable.
  Example: Your Jio router's public IP might be 49.36.128.42

Your phone's IP: 192.168.1.5 (private) → Router NAT → 49.36.128.42 (public) → Internet

📌 DHCP — Automatic IP Assignment

DHCP (Dynamic Host Configuration Protocol) automatically assigns IP addresses to devices when they connect to a network. Without DHCP, you'd have to manually type an IP address into every phone, laptop, and smart device — a nightmare in a network with hundreds of devices. Your Jio Fiber router runs a built-in DHCP server.

📌 DNS — The Internet's Phone Book

DNS (Domain Name System) translates human-readable domain names (irctc.co.in) into IP addresses (14.139.60.85) that routers can understand. You type a name → DNS returns the IP → your browser connects to that IP.

DNS Resolution Process
You type: irctc.co.in

1. Browser checks its cache       → Not found
2. OS checks local DNS cache       → Not found
3. Query goes to Jio's DNS server  → Not found
4. Jio asks Root DNS server        → "Ask .in TLD server"
5. .in TLD server                  → "Ask co.in nameserver"
6. co.in nameserver                → "14.139.60.85"
7. IP returned to your browser     → Connection established!

Total time: ~20-100ms (cached results: <1ms)

Jio is the world's #1 carrier for IPv6 adoption, with about 70% of its traffic running on IPv6. India ranks among the top 3 countries globally for IPv6 deployment, largely thanks to Jio's network being built IPv6-first from day one in 2016.

3.8 Internet vs Intranet vs Extranet

Feature	Internet	Intranet	Extranet
Access	Public — anyone worldwide	Private — only employees	Semi-private — employees + authorized partners
Scope	Global (billions of users)	Within one organisation	Selected external access to internal resources
Security	Varies (HTTPS, VPN)	High (behind firewall, VPN)	High (firewall + authentication for partners)
Example	google.com, irctc.co.in	TCS Ultimatix (internal portal)	Flipkart's supplier portal (vendors access inventory)
Indian Context	JioFiber → global websites	SBI's internal banking tools	IRCTC ↔ Railway zone portals

Intranet — A private network within an organisation that uses the same technologies as the Internet (HTTP, browsers, servers) but is not accessible from outside. Think of it as a "mini-Internet" for one company. TCS Ultimatix, Infosys Sparsh, and Wipro's internal portals are all intranets — employees can only access them via VPN or from the office network.

Part B — Security Essentials

3.9 Why Cybersecurity Matters — The Threat Landscape

📌 Cybersecurity — Protecting the Digital World

📌 THE NUMBERS ARE TERRIFYING

$8 trillion — estimated global cost of cybercrime in 2023 (Cybersecurity Ventures). If cybercrime were a country, it would be the 3rd-largest economy after the US and China.
AIIMS Delhi (Nov 2022) — ransomware locked all 5 servers and 1.3 crore patient records for 15 days. Doctors went back to pen-and-paper. Estimated cost: ₹200+ crore in recovery + reputational damage.
CoWIN breach (June 2023) — personal data of vaccinated citizens allegedly leaked on Telegram, including names, Aadhaar numbers, passport details.
UPI fraud (2023) — RBI reported 95,000+ UPI fraud complaints in Q3 2023 alone. Phishing, fake payment requests, and social engineering were the top methods.
WannaCry (2017) — ransomware worm infected 300,000+ computers across 150 countries in 4 days. Indian systems including some police stations and telecom infrastructure were affected.

🏢 WHY THIS MATTERS FOR YOU

If you're building the next Zepto, PhonePe, or IRCTC — one security breach can destroy your company. Customers lose trust, regulators impose penalties (CERT-In mandates 6-hour incident reporting), and lawsuits follow. Security is not a feature you "add later" — it's a foundation you build from day one.

3.10 Types of Malware & Attacks

📌 Malware — Software Designed to Harm

Malware Type	How It Works	Analogy	Real Case
Virus	Attaches to legitimate files/programs. Requires user action (opening file) to spread. Replicates by infecting other files.	A biological virus — needs a host cell (file) to reproduce and spread	ILOVEYOU virus (2000) — spread via email attachments, caused $10B damage
Worm	Self-replicating malware that spreads across networks without user action. Exploits vulnerabilities.	A contagious disease spreading through air — you don't need to touch anything	WannaCry (2017) — exploited Windows SMB vulnerability, encrypted files, demanded Bitcoin ransom
Trojan	Disguises itself as legitimate software. Once installed, gives attacker remote access or steals data.	The Trojan Horse from Greek mythology — looks like a gift, soldiers hide inside	Fake "Aadhaar Update" apps on Play Store that stole biometric data
Spyware	Silently monitors user activity — keystrokes, browsing history, screenshots. Sends data to attacker.	A hidden CCTV camera in your room recording everything you do	Pegasus spyware (NSO Group) — infected phones of journalists and politicians worldwide
Ransomware	Encrypts victim's files and demands payment (usually cryptocurrency) for the decryption key.	Someone locks your house and demands ₹10 lakh for the key	AIIMS Delhi (2022) — all patient records encrypted, hospital paralyzed for 15 days
Adware	Displays unwanted advertisements, often bundled with free software.	Someone pasting ads all over your house walls	Bundled with free PDF converters and "cleaner" apps

📌 SOCIAL ENGINEERING ATTACKS

Attack	Method	Indian Example
Phishing	Fake emails/SMS that impersonate trusted entities (banks, government) to steal credentials	"Dear SBI customer, your account will be blocked. Click here to verify KYC" — leads to fake SBI login page
UPI Phishing	Scammer sends a "collect request" instead of payment, victim approves thinking they'll receive money	"I'm sending ₹5,000 for the item, please accept the request" — victim accepts and ₹5,000 is DEBITED, not credited
Vishing	Voice phishing — phone calls impersonating bank officials	"This is SBI fraud department, your card has been compromised, share your OTP to block it"
Pretexting	Creating a fake scenario to gain trust and extract information	"I'm calling from IT department to update your Aadhaar, please share your 12-digit number"

📌 PASSWORD ATTACKS

Method	How It Works	Defense
Brute Force	Try every possible password combination (a, b, c...aa, ab...)	Long passwords (12+ chars), account lockout after 5 attempts
Dictionary Attack	Try common words and passwords ("password123", "qwerty", "iloveyou")	Avoid common words, use random passphrases
Rainbow Table	Pre-computed table of password hashes. Match stolen hash to plaintext password.	Salt hashing — add random data to password before hashing
Credential Stuffing	Use leaked username/password from one site on other sites (people reuse passwords!)	Unique password per site, use a password manager

"I'm not important enough to be hacked." Attackers don't target individuals — they target everyone. Automated bots scan millions of IPs, send millions of phishing emails, and try millions of passwords. You don't need to be "important" — you just need to have a weak password, an unpatched system, or a moment of inattention clicking a phishing link. 73% of cyberattacks target small businesses and individuals, not large corporations.

3.11 Defense Mechanisms — How to Protect Systems

📌 Defense in Depth — Multiple Layers of Security

📌 MULTI-FACTOR AUTHENTICATION (MFA)

What: Requires two or more verification methods from different categories: (1) Something you know — password, PIN. (2) Something you have — phone (OTP), hardware key. (3) Something you are — fingerprint, face, iris.

Indian Examples:

PhonePe/GPay: UPI PIN (know) + phone possession (have) = 2FA
Aadhaar: Fingerprint (are) + Aadhaar number (know) = biometric 2FA
SBI Net Banking: Password (know) + OTP on registered mobile (have)

📌 USER PRIVILEGES — Principle of Least Privilege

User Type	Permissions	Example
Administrator	Full control — install software, change settings, access all files	IT admin at TCS who manages servers
Standard User	Use applications, access own files. Cannot install system software.	Regular employee at Infosys using their assigned laptop
Guest	Minimal access — browse web, basic tasks. No persistent storage.	Visitor using a shared PC at a hotel business centre

Principle of Least Privilege: Every user and program should have only the minimum access needed to do their job. A billing clerk doesn't need admin access to the database server. If their account is compromised, the damage is limited.

📌 FIREWALLS — The Security Guard

What: A firewall monitors and filters network traffic based on predetermined rules. It sits between your network and the outside world, deciding what's allowed in and what's blocked.

Firewall Placement
┌──────────────────────────────────────────────────────────────────┐
│                         INTERNET                                  │
│                      (Untrusted Zone)                             │
│                            │                                      │
│                    ┌───────┴────────┐                             │
│                    │    FIREWALL     │  ← Rules: Allow HTTPS (443)│
│                    │  (Packet Filter │     Block Telnet (23)       │
│                    │   + Stateful    │     Allow DNS (53)          │
│                    │   Inspection)   │     Block unknown inbound   │
│                    └───────┬────────┘                             │
│                            │                                      │
│                    ┌───────┴────────┐                             │
│                    │   DMZ (Web      │  ← Public-facing servers   │
│                    │   Server, API)  │     (IRCTC website, API)   │
│                    └───────┬────────┘                             │
│                            │                                      │
│                    ┌───────┴────────┐                             │
│                    │  INTERNAL LAN   │  ← Employee PCs, database  │
│                    │  (Trusted Zone) │     servers, printers       │
│                    └────────────────┘                             │
└──────────────────────────────────────────────────────────────────┘

Firewall Type	How It Works	Example
Packet Filtering	Checks each packet's IP, port, protocol against rules. Stateless — no connection tracking.	Linux `iptables`, basic router ACLs
Stateful Inspection	Tracks active connections. Allows return traffic for established connections only.	Windows Defender Firewall, pfSense
Application Layer / WAF	Inspects application-level data (HTTP content, SQL queries). Blocks attacks like SQL injection, XSS.	Cloudflare WAF (protects Zepto, CRED), AWS WAF
NGFW	Next-Gen Firewall — combines all above + deep packet inspection + IDS/IPS	Palo Alto, Fortinet (used at SBI, Jio)

📌 OTHER DEFENSE MECHANISMS

Mechanism	What It Does	Indian Context
Antivirus / EDR	Scans files for known malware signatures; EDR adds behavioral analysis and response	Quick Heal (Indian company!), CrowdStrike at HDFC Bank
HTTPS / SSL / TLS	Encrypts data between browser and server — prevents eavesdropping and tampering	Every UPI transaction, IRCTC login, SBI Net Banking uses TLS 1.3
Software Updates	Patches vulnerabilities that attackers exploit. WannaCry exploited a Windows bug that was patched 2 months before the attack.	CERT-In regularly issues patch advisories for Indian government systems
Social Engineering Awareness	Training employees to recognize phishing, vishing, pretexting attacks	RBI's awareness campaigns: "Never share OTP, PIN, or CVV with anyone"

For your career: Cybersecurity is the fastest-growing tech domain in India. NASSCOM estimates India needs 1 million cybersecurity professionals by 2025 but has only ~300,000. Entry paths: CompTIA Security+ certification → SOC Analyst role → penetration testing / incident response. Starting salary: ₹4-8 LPA. 3-5 years: ₹15-30 LPA.

3.12 Security in 2025 — What's New

Zero Trust Architecture — The old model was "trust everything inside the network." Zero Trust says "never trust, always verify" — every request must be authenticated and authorized, regardless of whether it comes from inside or outside the network. Google's BeyondCorp is the gold standard — Google employees access internal tools without a VPN; instead, every request is authenticated via identity, device health, and context. Indian companies like Infosys and Wipro are adopting Zero Trust for their remote workforce.

Passkeys (FIDO2) — Passwords are dying. Passkeys use public-key cryptography tied to your device's biometric sensor (fingerprint, face). No password to steal, no phishing possible (the key is bound to the specific website's domain). Google, Apple, and Microsoft now support passkeys. Indian apps like PhonePe and Paytm are exploring passkey integration.

AI-Powered Threat Detection — Machine learning models analyse network traffic patterns and detect anomalies that signature-based antivirus misses. CrowdStrike Falcon, used by major Indian banks, can detect a novel ransomware variant within seconds based on behavioral patterns — without needing a signature update.

CERT-In Guidelines (2022-2025) — India's cybersecurity agency now mandates: (1) Report cybersecurity incidents within 6 hours of detection. (2) Maintain logs for 180 days. (3) VPN providers must store user data for 5 years. (4) Cloud service providers must register with CERT-In. These regulations apply to all Indian companies and are enforced under the IT Act 2000 (amended).

IT Act 2000 (Amended) — India's primary cyber law. Key sections: §43 (penalty for unauthorized access — up to ₹1 crore), §66 (hacking — up to 3 years imprisonment), §66C (identity theft), §67 (publishing obscene material), §69 (government power to intercept data). The Digital Personal Data Protection Act 2023 adds data privacy requirements similar to GDPR.

Section 4

Industry Problems — Real-World Scenarios

🏥 Case Study 1: AIIMS-Style Hospital Ransomware — Trace the Attack

Scenario: A 500-bed government hospital's network has been hit by ransomware. All patient records, lab reports, and billing systems are encrypted. The attackers demand 200 Bitcoin (~₹100 crore). The hospital has been running on pen-and-paper for 3 days. You are called in as a cybersecurity consultant.

Phase 1: Incident Trace — How Did It Happen?

Reconstruct the attack chain using network and security knowledge:

Ransomware Attack Chain (Kill Chain)
Step 1: INITIAL ACCESS
   └── A receptionist clicked a phishing email: "MoHFW COVID Guidelines.pdf.exe"
       (Trojan disguised as a government health ministry document)

Step 2: EXECUTION
   └── The .exe dropped a PowerShell script that downloaded the ransomware payload
       from a command-and-control (C2) server: 185.142.xx.xx

Step 3: LATERAL MOVEMENT
   └── The receptionist's PC was on the same flat network (no VLANs) as the
       database server. Ransomware used SMB protocol to spread to ALL devices.
       No network segmentation = entire hospital compromised.

Step 4: ENCRYPTION
   └── AES-256 encryption applied to all files on network shares.
       Ransom note: "Send 200 BTC to bc1q9x2h5... within 72 hours."

Step 5: IMPACT
   └── 1.3 crore patient records locked. OPD, labs, pharmacy — all offline.
       15 days to recover from offline backups (which were also on the network!).

Phase 2: Root Cause Analysis

Failure	What Should Have Been Done
No email filtering	Email gateway with attachment sandboxing (detonate suspicious files in VM)
Flat network (no segmentation)	VLANs: separate medical devices, admin PCs, servers, and guest Wi-Fi
No endpoint protection	EDR (CrowdStrike, Quick Heal) on every endpoint with behavioral detection
Backups on same network	Offline/air-gapped backups + cloud backup with immutable storage
No MFA on critical systems	MFA for server access, admin accounts, VPN
No incident response plan	CERT-In notification within 6 hours, predefined containment procedures

Phase 3: Your Task

Draw the hospital's network topology (before and after the fix) showing VLAN segmentation
Write 5 firewall rules that would have prevented lateral movement
Create a 1-page incident response checklist for the hospital's IT team

🏫 Case Study 2: Design a College Campus Network

Scenario: A new engineering college in Pune (2,000 students, 200 faculty, 50 admin staff) needs a complete network design. Budget: ₹50 lakhs for networking equipment. Requirements:

5 computer labs (40 PCs each) — need wired Ethernet
Wi-Fi in all classrooms, hostels, and library
Central server room: LDAP, file server, web server, CCTV storage
Internet connection: 1 Gbps leased line from Jio
Separate network for students, faculty, admin, and CCTV
Guest Wi-Fi for visitors (isolated from internal network)

Your Design Tasks:

Task	What to Design	Key Decision
1. Topology	Choose topology for each segment	Star for labs, Tree for campus hierarchy, Ring for server redundancy?
2. IP Addressing	Design IP scheme with VLANs	VLAN 10: Students (192.168.10.0/24), VLAN 20: Faculty (192.168.20.0/24), etc.
3. Device Selection	List all network devices needed	Core switch, access switches, routers, APs, firewall
4. Security	Firewall rules, Wi-Fi security, content filtering	Block torrents, restrict social media during class hours, HTTPS filtering
5. Budget	Estimate costs for each component	TP-Link/Ubiquiti for budget, Cisco for premium

Campus Network Design (Simplified)
                         [INTERNET]
                             │
                    [Firewall + Router]  ← Jio 1 Gbps leased line
                             │
                    [Core L3 Switch]     ← 10 Gbps backbone
                    /    |    |    \
                   /     |    |     \
          [VLAN 10] [VLAN 20] [VLAN 30] [VLAN 40]
          Students   Faculty    Admin     CCTV
           /   \       |         |         |
      [Lab SW] [AP]  [AP]    [Admin SW] [NVR]
      /||\      |      |      /||         |
    PCs...   Phones  Laptops  PCs    IP Cameras

🚀 Case Study 3: Startup Firewall & Security Configuration

Scenario: You're the first DevOps engineer at a 15-person fintech startup in Bangalore (think: early-stage Razorpay). The startup processes UPI payments and stores sensitive customer data (PAN, bank account numbers). CERT-In compliance is mandatory. Your cloud infra is on AWS.

Security Requirements:

Web application accessible to customers (HTTPS only)
API server for merchant integrations
PostgreSQL database (must NOT be accessible from the Internet)
Employee access to internal tools (Slack, Jira, admin dashboard)
6-hour incident reporting to CERT-In
PCI-DSS compliance (payment card industry standard)

Your Task — Configure Security Rules:

AWS Security Group Rules (Simplified Firewall)
# Web Server Security Group
Inbound:
  Allow  TCP  443   (HTTPS)    from  0.0.0.0/0    # Public web access
  Allow  TCP  80    (HTTP)     from  0.0.0.0/0    # Redirect to HTTPS
  Deny   ALL  ALL              from  0.0.0.0/0    # Block everything else

# Database Security Group
Inbound:
  Allow  TCP  5432  (PostgreSQL) from 10.0.1.0/24 # Only from app server subnet
  Deny   ALL  ALL              from  0.0.0.0/0    # NO public access

# Admin Dashboard Security Group
Inbound:
  Allow  TCP  443   (HTTPS)    from  VPN IP range # Only via VPN
  Deny   ALL  ALL              from  0.0.0.0/0    # No public access

Additional Tasks:

Design a MFA policy for all employees (which factors for which role?)
Write an incident response plan that meets CERT-In's 6-hour reporting rule
Implement the principle of least privilege: define IAM roles for Developer, QA, DevOps, CEO
Choose between VPN and Zero Trust for employee access — justify your decision

Section 5

Lab Exercises — Hands-On Learning

Lab 1: Trace Your Data's Journey — Network Path Discovery

⏱ 30 minutes🟢 Beginner

Objective: Understand how data travels from your computer to a destination server using real network tools.

Part A: Find Your Network Configuration

Windows Command Prompt
# Step 1: View your IP configuration
ipconfig /all

# Look for these values:
# - IPv4 Address: 192.168.1.5 (your private IP)
# - Subnet Mask: 255.255.255.0
# - Default Gateway: 192.168.1.1 (your router)
# - DNS Server: 8.8.8.8 (Google DNS) or your ISP's DNS
# - DHCP Enabled: Yes (IP assigned automatically)
# - MAC Address: A4-B1-C1-2D-3E-4F (your NIC's unique hardware address)

Part B: Trace the Route to IRCTC

Windows Command Prompt
# Step 2: Trace the network path to IRCTC
tracert irctc.co.in

# Expected output (simplified):
#  1   1ms     192.168.1.1      ← Your router (gateway)
#  2   5ms     10.0.0.1         ← ISP's first router
#  3   12ms    49.44.128.1      ← ISP backbone (Jio/Airtel)
#  4   25ms    72.14.209.81     ← Internet exchange point
#  5   35ms    14.139.60.85     ← IRCTC's server (NIC data centre)

Part C: DNS Lookup

Windows Command Prompt
# Step 3: Resolve domain names to IP addresses
nslookup irctc.co.in
nslookup google.com
nslookup flipkart.com

# Step 4: Test connectivity
ping google.com -n 5

# Record: response time, TTL, packet loss percentage

Deliverable: A table showing: destination, IP address, number of hops, average latency (ms), and which hop has the highest latency (likely your ISP!).

Reflection Questions:

Why does tracert sometimes show * * * Request timed out for some hops? (Routers blocking ICMP)
Is your DNS server your ISP's or a public one (8.8.8.8 / 1.1.1.1)?
What happens if you change your DNS to 8.8.8.8? Does website loading speed change?

Lab 2: Subnet Calculation & IP Address Design

⏱ 40 minutes🟡 Intermediate

Objective: Calculate subnet masks, identify network and host portions, and design an IP addressing scheme for a small organisation.

Part A: IPv4 Address Breakdown

Subnet Calculation Exercise
# Given: IP Address 192.168.10.50 / Subnet Mask 255.255.255.0 (/24)

Step 1: Convert to binary
  IP:     11000000.10101000.00001010.00110010
  Mask:   11111111.11111111.11111111.00000000
          ├── Network portion ──────┤├ Host ┤

Step 2: Identify
  Network Address:  192.168.10.0    (all host bits = 0)
  Broadcast Address:192.168.10.255  (all host bits = 1)
  Usable Host Range:192.168.10.1 to 192.168.10.254
  Total Usable Hosts:254           (2⁸ - 2 = 254)

Step 3: Which class?
  First octet 192 → Class C (range 192-223)

Part B: Design an IP Scheme

Design the IP addressing for this college network:

VLAN	Department	Devices	Your IP Range
10	Students	200 PCs + laptops	?
20	Faculty	50 laptops + phones	?
30	Admin	30 PCs	?
40	Servers	10 servers	?
50	CCTV	40 IP cameras	?
99	Guest Wi-Fi	Variable (up to 100)	?

Constraints: Use the 10.0.0.0/8 private range. Each VLAN must have enough addresses for its devices + 20% growth. VLANs must not overlap.

Lab 3: Windows Firewall Configuration

⏱ 35 minutes🟡 Intermediate

Objective: Understand firewall rules by configuring Windows Defender Firewall to allow/block specific traffic.

Part A: View Current Firewall Status

PowerShell (Run as Administrator)
# Step 1: Check firewall status
Get-NetFirewallProfile | Format-Table Name, Enabled

# Step 2: List all active rules (there will be many!)
Get-NetFirewallRule -Enabled True | Select-Object DisplayName, Direction, Action | Format-Table

# Step 3: Check a specific rule
Get-NetFirewallRule -DisplayName "File and Printer Sharing*"

Part B: Create Custom Rules

PowerShell (Run as Administrator)
# Rule 1: Block all inbound connections on port 23 (Telnet - insecure)
New-NetFirewallRule -DisplayName "Block Telnet" `
    -Direction Inbound -Protocol TCP -LocalPort 23 `
    -Action Block -Profile Any

# Rule 2: Allow inbound HTTPS (port 443) - for a local web server
New-NetFirewallRule -DisplayName "Allow HTTPS Inbound" `
    -Direction Inbound -Protocol TCP -LocalPort 443 `
    -Action Allow -Profile Domain,Private

# Rule 3: Block outbound connections to a specific IP
New-NetFirewallRule -DisplayName "Block Suspicious IP" `
    -Direction Outbound -RemoteAddress "185.142.236.0/24" `
    -Action Block

# Verify your rules were created
Get-NetFirewallRule -DisplayName "Block Telnet"

# Clean up: Remove the test rules when done
Remove-NetFirewallRule -DisplayName "Block Telnet"

Deliverable: Screenshot of your custom rules and a 1-page explanation of why each rule matters in a real-world scenario.

Reflection: How is this similar to AWS Security Groups from Case Study 3? How is it different?

Lab 4: Phishing Email Analysis — Spot the Fake

⏱ 30 minutes🟢 Beginner

Objective: Develop the skill to identify phishing emails and understand social engineering techniques.

Analyse These Emails — Which Are Phishing?

#	Sender	Subject	Suspicious Elements	Verdict
1	noreply@sbi-security-verify.com	"Urgent: Your SBI account will be blocked in 24 hours"	?	?
2	careers@infosys.com	"Interview scheduled for 15th January 2025"	?	?
3	support@irctc.co.in.payment-update.xyz	"IRCTC refund of ₹2,450 pending — click to claim"	?	?
4	it-helpdesk@tcs.com	"Mandatory password reset — click link below"	?	?
5	amazonprime@email-amazon.in	"Your Amazon Prime subscription expires today"	?	?

For Each Email, Check:

Sender domain: Is it the real domain? (sbi.co.in vs sbi-security-verify.com)
Urgency: Does it pressure you to act immediately?
Link destination: Hover over links — does the URL match the claimed sender?
Grammar/spelling: Professional organisations don't make basic errors
Request for sensitive data: No legitimate company asks for OTP, password, or CVV via email

Deliverable: A completed analysis table with detailed reasoning for each verdict, plus 5 personal rules for identifying phishing that you'll follow.

Lab 5: Network Topology Design for a Real Organisation

⏱ 60 minutes🔴 Advanced

Objective: Apply all networking and security concepts to design a complete network for a multi-branch organisation.

Scenario: A hospital chain with 3 branches (Delhi, Mumbai, Chennai) needs a secure network. Each branch has:

100 PCs across OPD, labs, pharmacy, billing, and admin
20 medical IoT devices (patient monitors, ventilators) that need isolated network
Wi-Fi for doctors (secure) and patients (guest, isolated)
Central EHR (Electronic Health Records) server at Delhi data centre
Inter-branch connectivity for record sharing and video consultations
CERT-In compliance required (6-hour incident reporting, 180-day log retention)

Your Deliverables:

Network Diagram: Complete topology for one branch + inter-branch WAN design
IP Addressing Table: VLAN assignments, IP ranges, gateway IPs
Security Architecture: Firewall rules, MFA policy, VLAN segmentation, backup strategy
Device List & Budget: All network hardware with estimated costs (use TP-Link/Ubiquiti for budget calculation)
Incident Response Plan: Step-by-step procedure for ransomware, data breach, and insider threat scenarios

Evaluation Criteria:

Criterion	Weight	What's Evaluated
Technical Accuracy	30%	Correct IP addressing, proper VLAN design, valid firewall rules
Security Depth	30%	Defense in depth, medical IoT isolation, CERT-In compliance
Practicality	20%	Realistic budget, available hardware, scalability
Documentation	20%	Clear diagrams, professional presentation, justification for decisions

Section 6

MCQ Assessment Bank — 15 Questions

Hover over any question to reveal the answer and full explanation.

Which network type covers a city-wide area?

✅ C. MAN (Metropolitan Area Network) — A MAN covers a metropolitan area (city-wide), typically 10-100 km. Examples include cable TV networks, city-wide Wi-Fi, and Mumbai's MTNL network. LAN covers a building/campus, PAN covers ~10 metres (Bluetooth), and SAN is for storage within a data centre.
🏢 Industry: Bangalore's smart city infrastructure uses a MAN to connect traffic signals, CCTV, and emergency services across the city.

L1 — RememberNetwork Types

Which layer of the OSI model is responsible for routing and IP addressing?

Layer 1 — Physical
Layer 2 — Data Link
Layer 3 — Network
Layer 4 — Transport

✅ C. Layer 3 — Network — The Network layer handles logical addressing (IP addresses) and routing (finding the best path for data packets across networks). Routers operate at Layer 3. Layer 1 deals with physical signals, Layer 2 with MAC addressing (switches), and Layer 4 with end-to-end delivery (TCP/UDP).
🏢 Industry: When a Jio engineer troubleshoots "packets not reaching destination," they start at Layer 3 — checking routing tables and IP configurations.

L1 — RememberOSI Model

Which type of malware encrypts files and demands payment for the decryption key?

Spyware
Worm
Ransomware
Adware

✅ C. Ransomware — Ransomware encrypts victim's files using strong encryption (AES-256) and demands a ransom (usually in cryptocurrency) for the decryption key. Unlike viruses (which damage files) or spyware (which steals data), ransomware holds data hostage. The AIIMS Delhi attack (2022) is a textbook example — 1.3 crore patient records were encrypted.
🏢 Industry: Ransomware attacks cost Indian organisations ₹17.5 crore on average per incident (including downtime, recovery, and reputational damage).

L1 — RememberMalware

Why does a switch forward data only to the intended recipient, while a hub sends data to all connected devices?

Switches are newer and therefore faster
Switches maintain a MAC address table that maps each device's MAC to a specific port, enabling targeted forwarding. Hubs have no such intelligence — they simply broadcast.
Hubs can only connect 4 devices
Switches use wireless and hubs use wired

✅ B. A switch learns which MAC address is connected to which port by observing incoming frames. It builds a MAC address table (also called CAM table). When a frame arrives for MAC AA:BB:CC:DD:EE:FF, the switch looks up the table and forwards it only to the port where that MAC is connected. A hub has no table and no intelligence — it's just an electrical repeater that copies signals to all ports.
🏢 Industry: This is why hubs are extinct. In a hub-based network with 100 devices, every device would receive all traffic — causing collisions, wasted bandwidth, and security risks (anyone can sniff all traffic).

L2 — UnderstandNetwork Devices

What is the purpose of NAT (Network Address Translation) in a home router?

To speed up internet connections
To convert between IPv4 and IPv6
To allow multiple devices to share a single public IP address by translating between private and public IPs
To encrypt network traffic

✅ C. Your ISP gives you one public IP (e.g., 49.36.128.42). But you have 10 devices at home. NAT lets all devices use private IPs (192.168.1.x) internally, and the router translates them to the single public IP when communicating with the Internet. It keeps a translation table to route responses back to the correct device. This also provides a basic security layer — external attackers can't directly reach your private IP devices.
🏢 Industry: Without NAT, IPv4 addresses would have been exhausted even earlier. NAT is a key reason IPv4 (4.3 billion addresses) can serve 15+ billion devices worldwide.

L2 — UnderstandIP Addressing

Why is MFA (Multi-Factor Authentication) more secure than using just a password?

MFA uses longer passwords
MFA combines factors from different categories (knowledge + possession + biometrics), so even if one factor is compromised, the attacker still can't gain access without the others
MFA doesn't use the Internet
MFA works only on government websites

✅ B. With password-only authentication, a leaked password = full access. With MFA, even if your password is stolen (phishing), the attacker also needs your phone (for OTP) or your fingerprint (biometric). Three categories: Knowledge (password, PIN), Possession (phone, hardware key), Inherence (fingerprint, face). Each from a different category makes attacks exponentially harder.
🏢 Industry: After the CoWIN breach concerns, CERT-In mandated MFA for all government portals. PhonePe uses UPI PIN (knowledge) + registered device (possession) for every transaction.

L2 — UnderstandSecurity

A college has 200 PCs in its computer lab on the network 192.168.10.0/24. A new PC is added with the IP 192.168.10.260. What will happen?

The PC will connect normally
The IP is invalid — IPv4 octets can only range from 0-255, so 260 is impossible. The admin must assign an IP within the valid range.
The PC will connect but with slower speed
The router will automatically fix the IP

✅ B. Each octet of an IPv4 address is 8 bits, so its maximum value is 2⁸-1 = 255. The value 260 exceeds this limit and is therefore an invalid IP address. The OS will reject this configuration. The admin should use an IP within 192.168.10.1 to 192.168.10.254. Better yet, use DHCP to automatically assign valid IPs and avoid such errors.
🏢 Industry: IP misconfigurations are a top-5 cause of network outages. DHCP exists precisely to prevent human errors in IP assignment.

L3 — ApplyIP Addressing

You run tracert google.com and see 12 hops. Hop 5 shows 150ms latency while all others show <20ms. What does this indicate?

Google's server is slow
Your computer is slow
The router at hop 5 is either congested, geographically distant, or has a slow link — this is the network bottleneck
Hop 5 is a firewall blocking your traffic

✅ C. In tracert, each hop is a router between you and the destination. A spike in latency at a specific hop indicates that router is congested (handling too much traffic), geographically distant (data crossing continents adds 50-150ms per ocean), or connected via a slow link. If hop 6 and beyond also show 150ms+, the bottleneck is at hop 5. If only hop 5 is slow but 6+ are fast, the router might just be slow at responding to ICMP (tracert) packets specifically.
🏢 Industry: Network engineers at Jio use traceroute daily to identify bottleneck routers and reroute traffic for better performance.

L3 — ApplyNetwork Tools

An employee receives an email from support@sbi-banking-verify.com asking to "verify KYC by clicking the link." The employee notices the real SBI website is sbi.co.in. What should the employee do?

Click the link and enter details — it looks official
Forward it to colleagues so they can also verify their KYC
Do NOT click the link. Report the email as phishing to the IT security team. The domain sbi-banking-verify.com is not SBI's official domain. This is a phishing attack.
Reply to the email asking if it's genuine

✅ C. The domain sbi-banking-verify.com is NOT sbi.co.in. Phishing emails use domains that look similar to fool victims. Red flags: (1) Unofficial domain, (2) urgency ("verify now or account blocked"), (3) generic greeting, (4) link URL doesn't match claimed sender. The employee should report to IT, delete the email, and NEVER click links in suspicious emails.
🏢 Industry: RBI reports that phishing is the #1 method of banking fraud in India. SBI regularly issues advisories: "We never ask for OTP, password, or CVV via email, SMS, or phone."

L3 — ApplyPhishing

Q10

A college is choosing between Star and Mesh topology for its 5 computer labs. Each lab has 40 PCs. Which topology is more suitable and why?

Mesh — because it's the most reliable
Star — because it offers good fault isolation (one PC failure doesn't affect others), easy troubleshooting (check cable from PC to switch), lower cost (40 cables + 1 switch per lab), and simple management. Mesh would require 40×39/2 = 780 connections per lab, which is impractical and prohibitively expensive.
Ring — because tokens ensure fair access
Bus — because it uses less cable

✅ B. Star Topology — In a 40-PC lab, star topology needs: 40 Ethernet cables + 1 switch (48-port). Total: ~₹25,000. Mesh would need 780 direct connections — requiring each PC to have 39 network ports. Cost: impractical. Star also offers: (1) Easy troubleshooting (if PC15 can't connect, check cable/port 15), (2) fault isolation (PC15 failure doesn't affect PC16), (3) simple management (the switch handles all forwarding). The only downside — switch failure — is addressed by having a spare switch.
🏢 Industry: Every college, office, and data centre uses Star topology for end-device connections. Mesh is used only for backbone/core network links where redundancy is critical.

L4 — AnalyzeTopology

Q11

The AIIMS ransomware spread from a receptionist's PC to the database server within minutes. What network design flaw allowed this?

The hospital used Wi-Fi instead of wired connections
The entire hospital network was flat (no VLAN segmentation). The receptionist's PC, medical devices, and database servers were all on the same network segment, allowing the ransomware to reach critical systems via SMB protocol without crossing any firewall.
The hospital didn't use IPv6
The hospital used Linux instead of Windows

✅ B. A flat network means all devices share the same broadcast domain with no internal segmentation. The ransomware on the receptionist's PC could directly access the database server's SMB ports because there was no internal firewall or VLAN boundary. Proper design: VLAN 10 (admin PCs), VLAN 20 (medical devices), VLAN 30 (servers), with firewall rules between VLANs. The receptionist's VLAN should never have direct SMB access to the server VLAN.
🏢 Industry: Network segmentation (VLANs + internal firewalls) is Requirement 1 of PCI-DSS and is recommended by CERT-In for all critical infrastructure. Post-AIIMS, many Indian hospitals are implementing VLAN segmentation.

L4 — AnalyzeNetwork Security

Q12

A startup processes UPI payments. They must choose between a basic packet-filtering firewall (₹20,000) and a Web Application Firewall (WAF) (₹2,00,000/year). Budget is tight. What should they choose?

Packet-filtering firewall — it's cheaper and blocks unwanted traffic
WAF — it inspects application-layer attacks (SQL injection, XSS, API abuse) that packet filters can't detect. For a payment processing company, PCI-DSS compliance requires application-layer protection. A ₹2 lakh/year WAF is insignificant compared to the cost of a data breach (₹10+ crore in penalties, lawsuits, and lost customers).
No firewall — the cloud provider handles security
Both, but only enable the packet filter

✅ B. WAF — A packet-filtering firewall checks IP addresses and ports but cannot inspect HTTP content. It would allow a perfectly valid HTTPS request (port 443) that contains a SQL injection payload: '; DROP TABLE users;--. A WAF inspects the content of HTTP requests, detects attack patterns, and blocks malicious payloads. For PCI-DSS compliance (mandatory for payment processing), application-level security is required. Cloud WAF options (Cloudflare, AWS WAF) start at ~₹1.5 lakh/year — cheaper than a single breach.
🏢 Industry: Razorpay, PhonePe, and Paytm all use WAF + packet filtering (defense in depth). The 2024 RBI guidelines mandate application-layer security for all payment aggregators.

L5 — EvaluateFirewall Selection

Q13

A company is debating between traditional VPN and Zero Trust architecture for securing employee access to internal applications. 60% of employees work remotely. Which approach is better?

VPN — tried and tested, employees are familiar with it, cheaper to implement
Zero Trust — because remote-majority work makes the traditional perimeter ("inside the network = trusted") obsolete. Zero Trust verifies every request based on user identity, device health, and context, regardless of network location. VPN gives full network access once connected, which is dangerous if credentials are compromised.
No security needed — cloud apps handle everything
VPN with MFA — combines both approaches

✅ B. Zero Trust — With 60% remote workers, the traditional "castle and moat" VPN model is problematic: (1) VPN gives broad network access — a compromised VPN credential = attacker has full internal access. (2) VPN creates bottleneck — all remote traffic routes through VPN servers. (3) Zero Trust authenticates each individual request (not just the network connection), checks device compliance, and grants least-privilege access per application. Google BeyondCorp proved this at scale. Option D (VPN+MFA) is better than plain VPN but still doesn't provide per-request verification.
🏢 Industry: Infosys and Wipro are migrating from VPN to Zero Trust for their 300,000+ employee remote workforce. Google, Microsoft, and Cloudflare all offer Zero Trust solutions.

L5 — EvaluateSecurity Architecture

Q14

Design a VLAN scheme for a hospital to prevent ransomware lateral movement. The hospital has: admin PCs, doctor workstations, medical IoT devices (ventilators, monitors), CCTV cameras, and a guest Wi-Fi for patients. Which VLAN design is MOST secure?

All devices on one VLAN — simpler to manage
Two VLANs: staff (all PCs) and guests (Wi-Fi)
Five VLANs with inter-VLAN firewall rules: (1) Admin PCs, (2) Clinical workstations, (3) Medical IoT (isolated — no Internet access), (4) CCTV (isolated), (5) Guest Wi-Fi (Internet-only, no access to any internal VLAN). Each VLAN can only communicate with others through a firewall with specific allow rules.
Three VLANs: PCs, devices, and guest

✅ C. Five separate VLANs with inter-VLAN firewall — Medical IoT devices (ventilators, monitors) are critical and often run outdated, unpatched operating systems — they MUST be isolated. If ransomware hits an admin PC, it cannot reach the ventilator VLAN. CCTV should also be isolated — compromised cameras shouldn't access patient data. Guest Wi-Fi should have Internet access only (no internal routing). The firewall between VLANs enforces the principle of least privilege at the network level.
🏢 Industry: Post-AIIMS incident, CERT-In issued specific guidelines for hospital network segmentation. Medical IoT isolation is also required by HIPAA (US) and upcoming Indian healthcare data protection guidelines.

L6 — CreateNetwork Design

Q15

You are designing the cybersecurity policy for a new Indian fintech startup. Which combination of security measures provides the BEST defense-in-depth?

Antivirus + strong passwords
Firewall + VPN
WAF (application layer) + NGFW (network layer) + MFA (identity) + EDR (endpoint) + encrypted backups (recovery) + employee security training (human layer) + CERT-In incident response plan (compliance)
Cloud hosting — the cloud provider handles all security

✅ C. Defense in Depth — Multiple Layers — Security is not a single product but a layered strategy: (1) WAF — stops SQL injection, XSS at application level. (2) NGFW — controls network traffic. (3) MFA — prevents credential-based attacks. (4) EDR — detects malware on endpoints. (5) Encrypted backups — ensures recovery from ransomware. (6) Training — humans are the weakest link; training prevents phishing. (7) CERT-In plan — regulatory compliance + structured response. Each layer catches what the previous one misses.
🏢 Industry: This is exactly the security stack used by Razorpay, CRED, and PhonePe. RBI and CERT-In mandate defense-in-depth for all financial services companies.

L6 — CreateSecurity Architecture

Section 7

Chapter Summary

Mind Map — All Chapter Concepts

COMPUTER NETWORK, COMMUNICATION & SECURITY │ ├── COMPUTER NETWORKS │ ├── Definition: Interconnected devices sharing data & resources │ │ │ ├── Types │ │ ├── PAN — Bluetooth, ~10m (earbuds, smartwatch) │ │ ├── LAN — Building/campus (college lab, office) │ │ ├── WLAN — Wireless LAN (Wi-Fi at home/café) │ │ ├── MAN — City-wide (Mumbai MTNL, smart city) │ │ ├── WAN — Country/global (SBI branches, Internet) │ │ ├── VPN — Encrypted tunnel over Internet (TCS WFH) │ │ └── SAN — Storage network (data centre, IRCTC DB) │ │ │ ├── Topologies │ │ ├── Bus — shared backbone (obsolete) │ │ ├── Star — central switch (most common today!) ⭐ │ │ ├── Ring — circular, token passing (SONET telecom) │ │ ├── Mesh — full/partial redundancy (ISP backbone) │ │ ├── Tree — hierarchical (campus networks) │ │ └── Hybrid — combination (every real network) │ │ │ ├── Devices │ │ ├── Router — connects networks, IP routing, NAT │ │ ├── Switch — connects LAN devices, MAC table │ │ ├── Hub — broadcasts all (obsolete) ⚠️ │ │ ├── Modem — signal conversion (DSL/cable/fibre/5G) │ │ ├── Access Point — extends LAN to wireless │ │ ├── NIC — hardware interface (Ethernet/Wi-Fi) │ │ ├── Repeater — signal amplifier │ │ ├── Bridge — connects 2 LANs │ │ └── Gateway — protocol translator │ │ │ ├── Client-Server Model │ │ ├── Request-Response pattern (HTTP, FTP, SMTP, DNS) │ │ └── vs P2P (BitTorrent, blockchain) │ │ │ ├── Protocols & Layers │ │ ├── OSI: 7 layers (Application → Physical) │ │ ├── TCP/IP: 4 layers (Application → Network Access) │ │ ├── TCP — reliable, ordered (web, email, UPI) │ │ └── UDP — fast, unordered (video, gaming, DNS) │ │ │ ├── IP Addressing │ │ ├── IPv4: 32-bit, 4.3B addresses (running out) │ │ ├── IPv6: 128-bit, unlimited (Jio leads adoption) │ │ ├── Classes: A (large), B (medium), C (small) │ │ ├── Private: 10.x.x.x, 172.16.x.x, 192.168.x.x │ │ ├── DHCP: auto IP assignment │ │ └── DNS: domain → IP translation │ │ │ └── Internet vs Intranet vs Extranet │ ├── Internet: public, global │ ├── Intranet: private, one org (TCS Ultimatix) │ └── Extranet: semi-private, partners (supplier portal) │ └── SECURITY ESSENTIALS ├── Threat Landscape │ ├── $8 trillion global cybercrime cost │ ├── AIIMS ransomware 2022 (15 days down) │ ├── CoWIN breach 2023 │ └── UPI fraud 95K+ cases/quarter │ ├── Malware Types │ ├── Virus — needs host file, user action │ ├── Worm — self-replicating, no user action (WannaCry) │ ├── Trojan — disguised as legit software │ ├── Spyware — monitors activity (Pegasus) │ ├── Ransomware — encrypts files, demands payment (AIIMS) │ └── Adware — unwanted advertisements │ ├── Social Engineering │ ├── Phishing (fake emails/SMS) │ ├── UPI Phishing (fake collect requests) │ ├── Vishing (phone calls) │ └── Pretexting (fake scenarios) │ ├── Password Attacks │ ├── Brute force, Dictionary, Rainbow table │ └── Credential stuffing │ ├── Defense Mechanisms │ ├── MFA — knowledge + possession + biometrics │ ├── Least Privilege — min access per role │ ├── Firewalls — packet filter, stateful, WAF, NGFW │ ├── Antivirus / EDR — signature + behavioral │ ├── HTTPS / TLS — encrypted communication │ ├── Software updates — patch vulnerabilities │ └── Security awareness training │ └── 2025 Updates 🆕 ├── Zero Trust (Google BeyondCorp) — never trust, always verify ├── Passkeys (FIDO2) — replacing passwords ├── AI threat detection — behavioral analysis ├── CERT-In — 6-hour reporting, 180-day logs └── IT Act 2000 + DPDP Act 2023

🎯 3 Things Industry Expects You to Know From This Chapter

How Data Travels — From your browser through switches, routers, ISP backbone, and servers. When a website is slow, you need to know WHERE the bottleneck is: DNS? Network path? Server? This is troubleshooting 101 at every IT company.
Network Segmentation (VLANs) — The #1 lesson from the AIIMS attack. A flat network is an open highway for malware. VLANs + firewalls between segments is mandatory for any network handling sensitive data — hospitals, banks, e-commerce.
Defense in Depth — Security is not one product, it's layers. Firewall + MFA + EDR + encryption + training + backups + incident response. Every layer catches what the previous one misses. This is how Razorpay, PhonePe, and SBI protect billions of transactions.

📋 Quick Reference — Key Comparisons

Network Types:
  PAN (10m, Bluetooth) → LAN (building) → MAN (city) → WAN (global)
  VPN = encrypted tunnel | SAN = storage network | WLAN = wireless LAN

Topology Selection:
  Small office/lab → Star (switch-based)
  Campus backbone → Tree (hierarchical switches)
  ISP/data centre → Mesh (redundancy)
  Real networks → Hybrid (combination)

Hub vs Switch vs Router:
  Hub:    Layer 1, broadcasts all, obsolete
  Switch: Layer 2, MAC table, forwards to correct port
  Router: Layer 3, IP routing, connects different networks

OSI vs TCP/IP:
  OSI: 7 layers (theory) — "All People Seem To Need Data Processing"
  TCP/IP: 4 layers (practice) — Application, Transport, Internet, Network Access

TCP vs UDP:
  TCP: Reliable, ordered, slower (web, email, payments)
  UDP: Fast, unreliable, no overhead (video, gaming, DNS)

IPv4 vs IPv6:
  IPv4: 32-bit, 4.3B addresses, NAT required, dotted decimal
  IPv6: 128-bit, unlimited, no NAT, hexadecimal, Jio leads adoption

Private IP Ranges:
  10.0.0.0/8 | 172.16.0.0/12 | 192.168.0.0/16

Malware Categories:
  Virus (host file) | Worm (self-replicate) | Trojan (disguised)
  Spyware (monitor) | Ransomware (encrypt+ransom) | Adware (ads)

Firewall Types:
  Packet filter → Stateful → WAF (application layer) → NGFW (all-in-one)

MFA Factors:
  Know (password) + Have (phone/OTP) + Are (fingerprint/face)

🎓 Certification Roadmap

CompTIA Network+ (N10-009) — Covers all networking concepts in this chapter: topologies, OSI/TCP-IP, IP addressing, devices. The "Networking" domain is the entire exam. Essential for network admin roles.
CompTIA Security+ (SY0-701) — Covers cybersecurity: malware, firewalls, MFA, incident response, social engineering. The most recognized entry-level security certification globally.
Cisco CCNA (200-301) — Deep dive into routing, switching, VLANs, and network design. Industry-standard for network engineer roles at Jio, Airtel, TCS.
CEH (Certified Ethical Hacker) — Offensive security: penetration testing, vulnerability assessment. Popular in Indian cybersecurity job market.

📚 What to Explore Next

YouTube: NetworkChuck (beginner-friendly networking), Professor Messer (CompTIA prep), The Cyber Mentor (ethical hacking), Computerphile (deep dives)
Book: "Computer Networking: A Top-Down Approach" by Kurose & Ross (the gold standard networking textbook used at IITs)
Hands-on: Cisco Packet Tracer (free network simulator — build virtual networks), TryHackMe.com (free cybersecurity labs), HackTheBox (advanced CTF challenges)

Section 8

Interview & Career Preparation

These questions are asked at TCS NQT, Infosys InfyTQ, Wipro NLTH, Cognizant GenC, AMCAT, and GATE CS exams.

Q1: What is a computer network? What are its advantages?

Model Answer: A computer network is a collection of interconnected devices that can communicate and share resources. Advantages: (1) Resource sharing — printers, storage, internet connection shared across devices, reducing cost. (2) Communication — email, chat, video conferencing enable instant collaboration. (3) Data sharing — centralized file servers and cloud storage. (4) Centralized management — push software updates, security policies from one location. (5) Reliability — data redundancy across multiple servers. (6) Cost reduction — shared resources mean lower per-user cost.

Q2: Explain the difference between LAN, MAN, and WAN with examples.

Model Answer: LAN (Local Area Network) covers a small area like a building or campus — example: a college computer lab with 40 PCs connected via Ethernet to a switch. Speed: 100 Mbps–10 Gbps. MAN (Metropolitan Area Network) covers a city — example: Mumbai's cable TV network or a smart city's CCTV system. Speed: 10-100 Gbps. WAN (Wide Area Network) covers large geographical areas (country or global) — example: SBI connecting 22,000+ branches across India, or the Internet itself. Speed: variable, depends on ISP. Key differences: range increases from LAN→MAN→WAN, while cost and complexity also increase.

Q3: What is the difference between a hub, switch, and router?

Model Answer: Hub (Layer 1) — broadcasts data to all ports. No intelligence, no MAC table, causes collisions. Obsolete. Switch (Layer 2) — maintains a MAC address table, forwards data only to the correct port based on destination MAC. Efficient, no collisions (full-duplex). Industry standard for LAN. Router (Layer 3) — connects different networks using IP addresses. Makes routing decisions, performs NAT (shares single public IP), implements firewall rules. Your home Wi-Fi device is actually a router + switch + wireless AP + DHCP server combined.

Q4: Explain the OSI model layers. How is it different from TCP/IP?

Model Answer: OSI has 7 layers (bottom to top): Physical (cables, signals), Data Link (MAC, Ethernet), Network (IP, routing), Transport (TCP/UDP), Session (connection management), Presentation (encryption, format), Application (HTTP, DNS). TCP/IP has 4 layers: Network Access (combines Physical + Data Link), Internet (= Network), Transport (= Transport), Application (combines Session + Presentation + Application). Key difference: OSI is a theoretical reference model; TCP/IP is the practical model that the Internet actually uses. No real protocol implements all 7 OSI layers exactly. OSI is used for teaching and troubleshooting; TCP/IP is used for building networks.

Q5: What is the difference between TCP and UDP?

Model Answer: TCP (Transmission Control Protocol) is connection-oriented — it establishes a connection (3-way handshake: SYN, SYN-ACK, ACK), guarantees delivery, ordering, and error-checking. Slower due to overhead. Used for: web browsing (HTTP), email (SMTP), file transfer (FTP), banking transactions. UDP (User Datagram Protocol) is connectionless — sends packets without establishing a connection. No guarantee of delivery or ordering. Faster, lower overhead. Used for: live video streaming, online gaming, DNS queries, VoIP. Analogy: TCP is registered post (guaranteed delivery with receipt), UDP is dropping a postcard in a mailbox (faster, no confirmation).

Q6: What is an IP address? Explain IPv4 vs IPv6.

Model Answer: An IP address is a unique numerical identifier assigned to every device on a network, used for identification and routing. IPv4 is 32-bit (4 octets in dotted decimal: 192.168.1.1), providing ~4.3 billion addresses — which have been exhausted. IPv6 is 128-bit (8 groups of hexadecimal: 2001:0db8::1), providing 340 undecillion addresses — enough for every device for centuries. IPv4 uses NAT to share limited public IPs; IPv6 gives every device a unique global address, eliminating NAT. Jio leads global IPv6 adoption with ~70% of its traffic on IPv6.

Q7: What is DNS and how does it work?

Model Answer: DNS (Domain Name System) is the Internet's phone book — it translates human-readable domain names (google.com) into machine-readable IP addresses (142.250.182.14). Process: (1) You type a URL. (2) Browser checks its local cache. (3) If not found, OS checks its DNS cache. (4) If still not found, query goes to your ISP's DNS resolver. (5) The resolver queries root DNS servers → TLD servers (.com, .in) → authoritative nameserver for the domain → gets the IP. (6) IP is cached and returned. Without DNS, you'd need to memorize IP addresses for every website.

Q8: What is a firewall? What are the types?

Model Answer: A firewall monitors and filters network traffic based on security rules, sitting between trusted (internal) and untrusted (Internet) networks. Types: (1) Packet Filtering — inspects IP, port, protocol of each packet (stateless). Basic but fast. Example: Linux iptables. (2) Stateful Inspection — tracks connection state, allows return traffic for established connections. Example: Windows Firewall, pfSense. (3) WAF (Web Application Firewall) — inspects HTTP content, blocks SQL injection, XSS. Example: Cloudflare WAF. (4) NGFW (Next-Gen) — combines all above + deep packet inspection + IDS/IPS + application awareness. Example: Palo Alto, Fortinet. Defense in depth uses multiple types together.

Q9: What is phishing? How do you prevent it?

Model Answer: Phishing is a social engineering attack where attackers impersonate trusted entities (banks, government) via fake emails, SMS, or websites to trick victims into revealing credentials, OTPs, or personal data. Prevention: (1) Check sender domain carefully (sbi.co.in vs sbi-verify.com). (2) Never click links in unexpected emails — navigate to the website directly. (3) Look for HTTPS and correct URL. (4) Never share OTP, password, or CVV via phone/email. (5) Enable MFA on all accounts. (6) Use email filtering with anti-phishing capabilities. (7) Regular security awareness training. India-specific: UPI collect-request scam — never approve collect requests you didn't initiate.

Q10: What is the difference between Internet, Intranet, and Extranet?

Model Answer: Internet — global public network accessible to everyone. Billions of users, websites, and services. Example: google.com, irctc.co.in. Intranet — private network within a single organisation using Internet technologies (HTTP, browsers). Not accessible from outside. Example: TCS Ultimatix (employee portal), SBI's internal banking tools. Extranet — extension of an intranet that allows controlled access to specific external partners (vendors, clients). Example: Flipkart's supplier portal where vendors can view inventory and update stock. Key: Internet is public, Intranet is private, Extranet is selectively shared.

💼 "Day 1 at a Tech Job" — What You'll Use From This Chapter

On day 1 at TCS/Infosys: (1) You'll connect to the office network — understanding DHCP, DNS, and VPN is essential for basic connectivity. (2) You'll access internal tools via the Intranet — knowing the difference between Internet and Intranet prevents confusion. (3) You'll encounter firewall restrictions blocking certain websites — understanding why (packet filtering rules) helps you work with IT, not against them. (4) You'll complete mandatory cybersecurity training — phishing awareness, MFA setup, clean desk policy. Everything in this chapter is your day-1 survival kit. (5) If you're in a DevOps/cloud role, you'll configure security groups (firewall rules) from day 1 — the concepts from Section 3 become immediate practical skills.

📂 GitHub Portfolio Tip

Create a repository called network-security-labs with: (1) Your tracert / nslookup output analysis from Lab 1. (2) Your IP addressing scheme for the college campus from Lab 2. (3) Your firewall rules documentation from Lab 3. (4) Your phishing analysis report from Lab 4. (5) Your complete network design from Lab 5. Add a professional README.md with your name, roll number, and the college. This shows recruiters you understand networking and security — not just coding.