Let us say, we want to access the website of Ministry of Communication and Informatics at www.kominfo.go.id, to check the information regarding privacy protection regulation. Assuming we already connected to the Internet, when we clicked the enter button, the system that does not know the website IP address will ask a server called DNS, Domain Name Server. That server contains a map that link a web domain to an IP Address. But, if the information did not exist, DNS will ask its counterpart up to a Root DNS to search the IP Address.
After the destination address acquired, it will then be attached to header. The communication of the Internet based on TCP/IP protocol, relies highly on the movement of internet package from client to server and back to client. The internet package contains header and payload, we put the information about the package (like source and destination address, type, format, security flag, and so on) in the header and the data in the payload.
Routers by the way are the main networking devices that holds a very important role on the flow of internet package. Router routes the package to its destination address. It has a routing table that contains information of its neighbor network and updating it frequently so that depends on routing protocol, it can choose the best route (possibly the fastest one) for the package.
Routers connect with others inside a same network administrative and some routers act as a bridge to other network. One network administrative usually has a unique number identification called AS Number. In Indonesia, Indonesia Internet Exchange (IIX) are built to be connected to all network so that the domestic internet traffic will not route to international network, saving a lot of money and time. IP Addresses allocation management, AS Number, and IIX are managed by APJII/IDNIC and supervised by the Indonesia Government.
When the internet package somehow reached its destination, it will be then filtered based on service request via certain ports. For website access it will go through port 8080, email access on port 25, and downloading files on port 20/21, for example. The payload will be extracted, decrypted (if it uses a secure communication), and red, so that the server can send another package to its client based on the request (the information of privacy protection regulation page, in this case). That is how the Internet works, at the speed of light, or much less, depending the connection.
Connection Modes, Wireline or Wireless
Accessing internet via mobile network comparing with FTTH (fiber to the home) network, is actually the same. The differences are, mobile technology uses many radio architecture to transmit smartphones and tablets data to the provider core system. At the core, the data will be processed at certain servers before the packages can be sent to internet cloud.
If we look at the illustration above, there are many devices processing our package. SGSN/MME (Service GPRS Support Node/Mobile Management Entity) is responsible for communication to mobile devices, GGSN/S-PGW (Gateway GPRS Support Node/Serving - Packet Data Network Gateway) is for connecting to the Internet, DNS-Gi is for domain name server gateway, HLR/HSS (Home Location Registry/Home Subscriber Server) is a client database for authenticating-authorization-accounting, PCRF (Policy and Charging Rule Function) is responsible for billing based on services, and CGNAT (Carrier Grade Network Address Translation) is for internal IP addressing purpose.
There are several devices that focus on delivering content to client. VO (Video Optimizer) compress video content so it can be delivered smoothly and efficiently, GGC and FNO (Google Global Cache and Facebook Network Alliance) focus heavily on delivering their content without burdening the network.
These function and the security function on core network of mobile operator is actually the same with its wireline counterparts. Anti Spam filters and blocks junk email before it reaches the recipient, Anti DDoS (Distributed Denial of Services) protects the system by stopping recognized patterned requests that is suspected as a DDoS attack so that it will not flood the server by incredible amount of requests from many sources around the world. DDoS attack can be very dangerous because it can make the system down unable to offer services anymore.
And then there is a Firewall that is responsible for protecting the system by opening certain ports and observing the internet packages that in-and-out through it. IDC (Intrusion Detecting System) has a library of malicious identified package and using it to check the anomaly and detect an attack. Combining Firewall and IDC function, we have an IPC (Intrusion Prevention System) device.
After a long discussion about devices and their security function, we came to a very important question for us: is that enough for ensuring protection on our data security over Internet? Above discussion tells us how the server protect itself. How about the attack on our side as a client and on data transportation between client and server?
Attack on user is the most efficient and effective way for cyber criminal because usually user does not aware on its data protection. Attack conducting on user premises (laptop, PC, smartphone, tablet), executes by injecting malicious ware (malware) via cookies, email with attachment and or link, files and applications that is already contaminated by computer virus(es).
The purposes of the attack are many things, from stealing credential information to direct asking money by locking the computer, targeted attack or human error. Somehow, we as an Internet user must be aware and educate ourselves about these risks and make a counter measure for it.