What is TCP/IP

TCP/IP is the communication protocol for communication between computers on the Internet.
TCP/IP stands for Transmission Control Protocol / Internet Protocol.
TCP/IP defines how electronic devices (like computers) should be connected to the Internet, and
how data should be transmitted between them.
Inside the TCP/IP standard there are several protocols for handling data communication:

• TCP (Transmission Control Protocol) communication between applications

• UDP (User Datagram Protocol) simple communication between applications
• IP (Internet Protocol) communication between computers
• ICMP (Internet Control Message Protocol) for errors and statistics
• DHCP (Dynamic Host Configuration Protocol) for dynamic addressing

the TCP/IP model consists of four layer these are theLink Layer, the Internet Layer,
the Transport Layer, and the Application Layer.

Routers
When an IP packet is sent from a computer, it arrives at an IP router.
The IP router is responsible for "routing" the packet to the correct destination, directly or via
another router.
The path the packet will follow might be different from other packets of the same communication.
The router is responsible for the right addressing, depending on traffic volume, errors in the
network, or other parameters.

In computer security, a DMZ, or demilitarized zone is a physical or

logical subnetwork that contains and exposes an organization's external services to a
larger untrusted network, usually the Internet. The term is normally referred to as
a DMZ by IT professionals. It is sometimes referred to as a Perimeter Network. The
purpose of a DMZ is to add an additional layer of security to an organization's Local Area
Network (LAN); an external attacker only has access to equipment in the DMZ, rather
than any other part of the network.

Generally, any service that is being provided to users from an external network could be
placed in the DMZ. The most common of these services are web servers, mail servers,
FTP servers, VoIP servers and DNS servers. In some situations, additional steps need
to be taken to be able to provide secure services.

Web servers
Web servers may need to communicate with an internal database to provide some
specialized services. Since the database server is not publicly accessible and may
contain sensitive information, it should not be in the DMZ. Generally, it is not a good idea
to allow the web server to communicate directly with the internal database server.
Instead, an application firewall can be used to act as a medium for communication
between the web server and the database server. This may be more complicated, but
provides another layer of security.

E-mail servers
Because of the confidential nature of e-mail, storing it in the DMZ is a poor idea, and it is
also a poor idea to store the user database there. Instead, e-mail should be stored on an
internal e-mail server placed in a hidden area inside the DMZ (an area that cannot be
accessed from the internet, but can be accessed from the e-mail server). Some people
place the internal e-mail server in a LAN area, which is not good practice, because it
does not allow for the best performance. Also it can be a security problem, because
although this configuration provides security from external attacks, it does not protect
from internal attacks (for example communication could be sniffed or spoofed).

The mail server inside the DMZ should pass incoming mail to the secured/internal mail
servers and this mail server should pass outgoing mail to the external mail servers.

ADSL (Asymmetric Digital Subscriber Line) is a technology for

transmitting digital information at a high bandwidth on existing phone lines to homes and
businesses. Unlike regular dialup phone service, ADSL provides continously-available,
"always on" connection. ADSL is asymmetric in that it uses most of the channel to
transmit downstream to the user and only a small part to receive information from the
user. ADSL simultaneously accommodates analog (voice) information on the same line.

A virtual private network (VPN) is a private communications network often used within a
company, or by several different companies or organizations, to communicate confidentially over
a publicly accessible network. VPN message traffic can be carried over a public networking
infrastructure (e.g. the Internet) on top of standard protocols, or over a service provider's private
network with a defined Service Level Agreement (SLA) between the VPN customer and the VPN
service provider.

A well-designed VPN can provide great benefits for an organization. It can:

Extend geographic connectivity.

Improve security where data lines have not been ciphered.
Reduce operational costs versus traditional WAN.
Reduce transit time and transportation costs for remote users.
Simplify network topology in certain scenarios.
Provide global networking opportunities.
Provide telecommuter support.
Provide broadband networking compatibility.
Provide faster ROI (return on investment) than traditional carrier leased/owned WAN lines.
Show a good economy of scale.
Scale well, when used with a public key infrastructure.

Site-to-Site VPN
Through the use of dedicated equipment and large-scale encryption, a company can
connect multiple fixed sites over a public network such as the Internet. Site-to-site VPNs
can be one of two types:
• Intranet-based - If a company has one or more remote locations that they
wish to join in a single private network, they can create an intranet VPN to
connect LAN to LAN.
• Extranet-based - When a company has a close relationship with another
company (for example, a partner, supplier or customer), they can build an extranet
VPN that connects LAN to LAN, and that allows all of the various companies to work
in a shared environment.