|
| Pricing |
| Download |
| Case Studies |
| Order |
| Upgrade |
|
Add-on Products |
|
|
Internetworking: A Ten Minute Guide
Pendragon SyncServer enables handheld devices to synchronize securely across the Internet. However, before you setup a publicly available server, you’ll need to know something about the Internet’s primary communication mechanism, TCP/IP.
What is TCP/IP?
The Internet is based on a standard called Internet Protocol (IP). In this protocol, one device can talk to another by specifying two pieces of information: a destination address (called an IP address) and a port number. IP addresses are usually written as four numbers with periods between them, e.g., 123.45.67.89.
TCP stands for Transfer Control Program, and it adds the concept of a connection to the IP protocol. TCP works by sending extra packets of data across the network that signal the making and breaking of connections. Two devices that are connected with TCP/IP agree to set up a communications link from one IP address and port to another IP address and port. TCP connections are always asymmetric in the sense that one side of the connection starts by listening for connections from other devices (this is the server side), and the other side starts by establishing a connection (this is the client side).
Suppose my Palm Treo 650 smartphone wants to connect to my Pendragon SyncServer at the office. The SyncServer is always listening at address 63.169.167.43 on port 201. The Treo 650 is assigned a random IP address by my Internet provider (Sprint in this case). When I initiate a synchronization, the Treo itself uses a random port number on the client side. The Treo creates a connection from 210.112.4.28 on port 4329 to the server at 63.169.167.43 on port 201. As you can see, the client’s IP address and port number are usually random, but the destination server address and port are always fixed. This is analogous to a public, toll-free phone line. The toll-free number must be fixed and publicly known, but it doesn’t really matter what numbers people call in from.
Firewalls and Security
The Internet is connected together by routers which direct data packets to the appropriate destinations. When you connect your smartphone to a server, your data packets may travel along different routes depending on activity on the network. There’s also a chance that your packets may pass through a computer that has been compromised by hackers. You can encrypt the contents of data on the connection so that even if a hostile agent is looking at your transmission, the agent cannot get at your data.
Not all information on a network is encrypted. For example, email is rarely encrypted as it makes its way across the Internet. Since people don’t regard email as secure, this isn’t a problem.
However, some unencrypted information within corporate networks is
sensitive. This is one reason why companies create firewalls. A firewall is
a router or a software program that isolates a private IP network from the
Internet. Only connections that meet certain criteria are allowed to pass
through the firewall. The company Web site is a good example. Incoming
connections to the Web site are allowed to pass through the firewall, so
that client browsers can read the information on the site.
A typical small business firewall is setup like this:
|
# |
Packet Incoming From |
Packet Going To |
Allowed |
|
1 |
Any IP address, any port |
Company Web server on port 80 |
Yes |
|
2 |
Any IP address, any port |
Company Mail Server on port 25 |
Yes |
|
3 |
Any IP address, any port |
Company Mail Server on port 110 |
Yes |
|
4 |
Corporate desktop IP address, any port |
Any IP address on any port |
Yes |
|
5 |
Outside Internet IP address on any port |
Any non-public IP address in the company |
No |
These rules allow the public to reach the company's public Internet servers, and allow employees to reach public Internet sites, but it prevents public Internet users from reaching non-public company machines like the average employee desktop PC.
In some, high-security installations, a firewall may be designed to prevent corporate desktops from reaching public Internet sites (rule #4 is disallowed).
Some firewalls are especially clever. Not only do they place rules on the IP parameters of the connection, but they can also look at the data being shared on the connection to see if the information being passed is consistent with the intended use of the server. For example, some firewalls can stop external machines from accessing the mail server if they try to transmit anything other than email to the server. This kind of defense is designed to prevent hostile machines from transmitting requests that are crafted to breaking public servers.
It is now common for both sides of any Internet connection to be protected by firewalls. In fact, Windows XP has a built-in firewall.
If you want to use Pendragon SyncServer to synchronize across the Internet, you may need to make a few modifications to your firewall rules to allow connections on Port 201. See Pendragon Forms Wiireless Synchronization for more information about setting up Pendragon SyncServer.
Related Topics:
Pendragon Forms Synchronization
© 2001-2005 Pendragon Software Corporation. All rights reserved. Copyright and trademark information.