Have you ever wondered what actually happens anytime you open up your Web browser (Chrome, Firefox, Mozilla, Safari, etc) and then type google.com?
Most of us don’t understand the concept behind this and that’s what I’ll be covering in this post.
At the end of this post, you should have an understanding of the following concept:
DNS request
TCP/IP
Firewall
HTTPS/SSL
Load-balancer
Web server
Application server
Database
Web Applications are deployed on Web Servers. But when we’re talking about Web Servers’, it can refer to either Hardware or Software or both of them working together. All the information is retrieved or fetched directly from the Web Server to your browser through the TCP/IP protocol.
TCP/IP (Transmission Control Protocol/Internet Protocol) allows internet computers to communicate and interact together. TCP is the component that collects and reassembles packets of data while IP is responsible for making sure the packets are sent to the right destination.
The abstract method is called the OSI/Model which is the Operating system Interconnection Model and it includes 7 communication layers each connected and dependent on each other either sending or retrieving data.
Application layer — It provides protocols that allow the software to send and receive information and present meaningful data to users. They include the HTTP(HyperText Transfer Protocol), FTP(File Transfer Protocol), POP(Post Office Protocol), SMTP(Simple Mail Transfer Protocol), and DNS(Domain Name System).
Presentation Layer — It allows for encoding, encrypting, and data compression in order to be received correctly on the other end. It prepares data for the application layer.
Session Layer — Creates communication channels called sessions between devices. It’s responsible for opening sessions, ensuring that they remain open and functional while data is being transferred, and closing them when communication ends.
Transport Layer — Takes data transferred by the session layer and breaks it into “segments” on the transmitting end. It also reassembles the segments on the receiving end, turning them back into data that can be used by the session layer.
Network Layer — The network layer mainly does two things. One is breaking up segments into network packets and reassembling the packets on the receiving end. Secondly, it routes packets by discovering the best path across a physical network.
Data link layer — Helps to establish and terminate a connection between two physically connected nodes on a network. Breaking up packets into frames and sending them from source to destination. It comprises two parts-LLC(Logical Link Control) and MAC-(Media Access Control).
Physical layer — It’s responsible for the physical cable or wireless connection between network nodes.
In order to avoid data stealing by Hackers whenever your Web Browser says Chrome requests a piece of information from a Web Server, the SSL/TSL is used which allows your information to be secured. The way this works is that the web server will send a public key back to your web browser and your browser will have to encrypt it back to the web server it’s requesting the information from which is the concept of HTTPS(HyperText Transfer Protocol Secure). Then the Web server decrypts with its private key. So even if a Hacker at the other end is checking the information, what they’ll see is packets of data split or broken down into pieces.
But this is not the only way Hackers can steal information or attack a Web Server. Other means include password hacking. Password hacking is a method used by hackers to steal information from a database. The database is an archive that helps to store all information of Web applications like our user's details (email, phone number, passwords, etc).
There are two types of password-hacking; The first is the Brute-force attack whereby a hacker tries different passwords at a time aggressively and the second is the Rainbow Tables which includes a large list of tables containing commonly used passwords. One of the ways Web application owners prevent password hacking is by using salt.
In Cryptography, a salt is random data that is used as an additional input to a one-way function that hashes data, a password, or a passphrase. They are mainly used to safeguard passwords in storage. So anytime a user creates a new password, a new salt is randomly generated for each user's password, then it’s concatenated with the user's password and fed to a cryptographic function which then generates a hash value(not the original password). The hash value is what will then be stored in the database. So even if a Hacker was able to get into the database, what they’ll see is the hashed values not the original password of the users.
Botnet Hacking is another method used by aggressive hackers in which they send loads of traffic to a Web Server concurrently mainly to overload the server’s load. The way hackers achieve this is by having different devices connected together that can communicate together and are controlled directly from a single source(in this case the Hacker’s Command Center). The hacker can then keep on sending traffic to the targeted server to overwhelm it.
Load Balancing, Firewall, and DNS are one of some techniques that can be used to avoid hackings like Botnets.
Let’s quickly talk about Load Balancing and what it means.
Load Balancing refers to efficiently distributing incoming network traffic across a group of backend servers, also known as a server farm or server pool. Modern high-traffic websites must serve hundreds of thousands, if not millions of concurrent requests from users or clients and return the correct test, images, video, or application data, all in a fast and reliable manner. To cost-effectively scale to meet these high volumes, modern computing best practice generally requires adding more servers.
There are different Load Balancing Algorithms like Round Robin, Least Connections, Least Time, Hash, Random with choices, etc.
DNS(Domain Name Server) also helps in load balancing for a Web Server and makes data easily accessible for clients very fast. Without a DNS Provider, assuming am in Nigeria and I build an application on a server located here. If two clients say one is living in South Africa and the other one in Europe was to request data from my application, if it takes 30secs for the data to be shown to the user in South Africa, it might take 90secs for that same data to be shown to the client in Europe.
DNS Providers solve this problem by having servers in different locations all around the world. So, as a Web Developer, I can pay the DNS provider to distribute my data’s to different locations all around the world making it easier and faster for people to access and request data from my web server anywhere around they are in the world.
Firewall also helps to prevent hacking and foster load balancing for web servers. It involves placing multiple firewall systems behind Server load balancers.
Before I end this post, I will like to differentiate between Web Server and Application Server. Web servers are responsible for accessing HTTP requests from the client and serving back that HTTP response whereas the Application server exposes the business logic to the clients, thus generating dynamic content.
Let me know your thoughts in the comments below. If you’ve learned one or two things, give me a clap, and don’t forget to follow me on Twitter.
Have you ever wondered what actually happens anytime you open up your Web browser (Chrome, Firefox, Mozilla, Safari, etc) and then type google.com?
Most of us don’t understand the concept behind this and that’s what I’ll be covering in this post.
At the end of this post, you should have an understanding of the following concept:
Web Applications are deployed on Web Servers. But when we’re talking about Web Servers’, it can refer to either Hardware or Software or both of them working together. All the information is retrieved or fetched directly from the Web Server to your browser through the TCP/IP protocol.
TCP/IP (Transmission Control Protocol/Internet Protocol) allows internet computers to communicate and interact together. TCP is the component that collects and reassembles packets of data while IP is responsible for making sure the packets are sent to the right destination.
The abstract method is called the OSI/Model which is the Operating system Interconnection Model and it includes 7 communication layers each connected and dependent on each other either sending or retrieving data.
The 7 OSI/Model includes:
Application layer — It provides protocols that allow the software to send and receive information and present meaningful data to users. They include the HTTP(HyperText Transfer Protocol), FTP(File Transfer Protocol), POP(Post Office Protocol), SMTP(Simple Mail Transfer Protocol), and DNS(Domain Name System).
Presentation Layer — It allows for encoding, encrypting, and data compression in order to be received correctly on the other end. It prepares data for the application layer.
Session Layer — Creates communication channels called sessions between devices. It’s responsible for opening sessions, ensuring that they remain open and functional while data is being transferred, and closing them when communication ends.
Transport Layer — Takes data transferred by the session layer and breaks it into “segments” on the transmitting end. It also reassembles the segments on the receiving end, turning them back into data that can be used by the session layer.
Network Layer — The network layer mainly does two things. One is breaking up segments into network packets and reassembling the packets on the receiving end. Secondly, it routes packets by discovering the best path across a physical network.
Data link layer — Helps to establish and terminate a connection between two physically connected nodes on a network. Breaking up packets into frames and sending them from source to destination. It comprises two parts-LLC(Logical Link Control) and MAC-(Media Access Control).
Physical layer — It’s responsible for the physical cable or wireless connection between network nodes.
In order to avoid data stealing by Hackers whenever your Web Browser says Chrome requests a piece of information from a Web Server, the SSL/TSL is used which allows your information to be secured. The way this works is that the web server will send a public key back to your web browser and your browser will have to encrypt it back to the web server it’s requesting the information from which is the concept of HTTPS(HyperText Transfer Protocol Secure). Then the Web server decrypts with its private key. So even if a Hacker at the other end is checking the information, what they’ll see is packets of data split or broken down into pieces.
But this is not the only way Hackers can steal information or attack a Web Server. Other means include password hacking. Password hacking is a method used by hackers to steal information from a database. The database is an archive that helps to store all information of Web applications like our user's details (email, phone number, passwords, etc).
There are two types of password-hacking; The first is the Brute-force attack whereby a hacker tries different passwords at a time aggressively and the second is the Rainbow Tables which includes a large list of tables containing commonly used passwords. One of the ways Web application owners prevent password hacking is by using salt.
In Cryptography, a salt is random data that is used as an additional input to a one-way function that hashes data, a password, or a passphrase. They are mainly used to safeguard passwords in storage. So anytime a user creates a new password, a new salt is randomly generated for each user's password, then it’s concatenated with the user's password and fed to a cryptographic function which then generates a hash value(not the original password). The hash value is what will then be stored in the database. So even if a Hacker was able to get into the database, what they’ll see is the hashed values not the original password of the users.
Botnet Hacking is another method used by aggressive hackers in which they send loads of traffic to a Web Server concurrently mainly to overload the server’s load. The way hackers achieve this is by having different devices connected together that can communicate together and are controlled directly from a single source(in this case the Hacker’s Command Center). The hacker can then keep on sending traffic to the targeted server to overwhelm it.
Load Balancing, Firewall, and DNS are one of some techniques that can be used to avoid hackings like Botnets.
Let’s quickly talk about Load Balancing and what it means.
Load Balancing refers to efficiently distributing incoming network traffic across a group of backend servers, also known as a server farm or server pool. Modern high-traffic websites must serve hundreds of thousands, if not millions of concurrent requests from users or clients and return the correct test, images, video, or application data, all in a fast and reliable manner. To cost-effectively scale to meet these high volumes, modern computing best practice generally requires adding more servers.
There are different Load Balancing Algorithms like Round Robin, Least Connections, Least Time, Hash, Random with choices, etc.
DNS(Domain Name Server) also helps in load balancing for a Web Server and makes data easily accessible for clients very fast. Without a DNS Provider, assuming am in Nigeria and I build an application on a server located here. If two clients say one is living in South Africa and the other one in Europe was to request data from my application, if it takes 30secs for the data to be shown to the user in South Africa, it might take 90secs for that same data to be shown to the client in Europe.
DNS Providers solve this problem by having servers in different locations all around the world. So, as a Web Developer, I can pay the DNS provider to distribute my data’s to different locations all around the world making it easier and faster for people to access and request data from my web server anywhere around they are in the world.
Firewall also helps to prevent hacking and foster load balancing for web servers. It involves placing multiple firewall systems behind Server load balancers.
Before I end this post, I will like to differentiate between Web Server and Application Server. Web servers are responsible for accessing HTTP requests from the client and serving back that HTTP response whereas the Application server exposes the business logic to the clients, thus generating dynamic content.
Let me know your thoughts in the comments below. If you’ve learned one or two things, give me a clap, and don’t forget to follow me on Twitter.