|We invite you to send your information systems audit, control and security questions to:|
Fax to: +1.847.253.1443
|Or mail to:|
3701 Algonquin Road, Suite 1010
Rolling Meadows, IL 60008 USA
Can you please explain the difference between packet switching and circuit switching? I was doing some reading on network audit and got confused about the above terms.
I am sure you will be familiar with the term “topology.” Let us start there. The topology of a network is nothing but a list or set of rules governing the physical connectivity and communication on a given network medium. Whilst physical topology relates to how the transmission media are wired together, logical topology refers to the rules of communication that stations should use when communicating with each other.
For example, the logical topology specifications determine how each station should decide whether to transmit data or what a station should do when another station tries to transmit data at the same time as itself. The logical topology rules make sure that the data get transmitted quickly with minimum or nil errors. This is similar to a moderator or facilitator in a panel discussion. His/her role is to make sure everyone in the panel gets a chance to speak and, if two or more speakers try to make a point at the same time, make sure that prioritisation occurs. Logical topologies are defined by the Institute of Electrical and Electronic Engineers (IEEE).
So, what are packet switching and circuit switching then?
They are some of the methods used by the logical topologies for creating connections between the stations in the network. A third type—message switching—also exists.
In the case of circuit switching, a dedicated connection is created between two stations or systems, whenever data need to be transferred between them. The best example is making a telephone call. Telephone calls use circuit switching. The entire bandwidth is dedicated to the particular communication session and remains available as long as the session remains active.
Continuing our example on telephony, whenever a call is made, a connection is established from the phone where the call is originated to the phone where the call is received. The best route is selected and the entire bandwidth is made available throughout the duration of the call, until it is ended. All the data follow the same path. It is very useful in cases where the data must be received in the same order that they are sent. Real-time audio and video transmission require the data in the same order that they are sent without any delay.
At the same time, there is a downside to circuit switching. The circuit will remain active until it is disconnected, even though actual data transmission might not take place between the two stations.
Some examples of circuit-switched networks are:
- Analog dial-up lines
- Leased lines
Packet switching, one of the most widely used methods in the current networking topologies, is yet another method of connecting stations in a network. The key feature of packet-switching technology is that the data, divided into smaller components called “frames,” can traverse through different paths within the network and possibly arrive at the destination in a different order. The receiving station, using the sequence numbers in the data frames, reassembles the data in the appropriate order, making them meaningful. Factors such as the routing protocols determine the feature regarding the traversing through different paths. Unlike circuit switching, packet switching does not consume or reserve the whole bandwidth for a particular transmission.
Packet-switched networks are used to transmit data, such as files for storage or print within a network, or for cruising the web. In general, all activities that can be correlated or associated with network usage will run well in a packet-switched environment. Packet switching is not ideal for the delivery of live audio or video. However, it is extremely efficient for delivering information that is not time-sensitive or where timeliness of delivery and order of delivery of the packets are not critical.
Some examples of packet-switched network are:
- Frame relay
- All Ethernet topologies
Even though the question related only to packet switching and circuit switching, I will also try to explain a related concept, i.e., message switching.
In the case of message switching, a store-and-forward type of connection is established amongst the devices along the message path/route. The first device establishes a connection to the next one and transmits the entire message in full and so on. Once the transmission is completed, the connection is severed and the second device continues to repeat the process, if necessary. The classic example of message switching is e-mail transmission.
Let us analyse e-mail transmission. When a message is typed, the computer queues the information until the message is complete. When the sender clicks the “send” button, the computer sends the entire message at once to the sender’s local mail server, which again queues the message. The mail server sends it to the corresponding mail server of the destination address, and the mail server at the destination end delivers the entire message to the recipient using the same process. (This is a simplified explanation of the process.)
Windows 2003, I know that many companies have moved to but I work in an organisation that still uses Windows NT and Windows 2000. Can you explain to me the difference between Windows NT Policy Editor and Windows 2000 Group Policy Editor?
I am assuming that the question is about Systems Policy Editor of Windows NT and the Group Policy Snap-in and its associated extensions to control the group policy objects (GPOs).
Windows NT had a tool called the System Policy Editor that enabled the administrator to specify user and computer configurations for the settings stored in the registry entries, which were mainly related to the user’s desktop environment.
Windows 2000, on the other hand, introduced the Group Policy infrastructure and the Group Policy Snap-in, extending the function of the System Policy Editor and enabling the creation of specific desktop configurations for a particular group of computers or users. The Group Policy Snap-in has built-in features that can be used to create a Group Policy, to be stored in a GPO.
However, there are significant differences between the infrastructure and the facilities provided by the Windows NT Systems Policy and Windows 2000 Group Policy. Windows NT allows specification of policies using the Systems Policy Editor, and such policy would have the following features:
- It is controlled by user membership in security groups.
- It is applied to domains.
- It is not very secure because a user could potentially use a registry editor and make a change.
- It remains persistent in user profiles until the user changes it via registry editor or the administrator reverses the policy setting.
- It is, in essence, limited to desktop lockdown.
In Windows 2000, the GPOs are distributed using Active Directory. The following are key features of Windows 2000 Group Policy:
- It can be associated with sites, domains or organisation units (OU).
- It impacts all users and computers in the specified Active Directory container.
- It can be further controlled by user or computer memberships in security groups.
- The user cannot make changes, unlike NT, and only the administrator can change the settings.
- Its default policy settings are not persistent. The following registry keys are cleaned when GPO no longer applies:
In simple terms, it is the main method for enabling centralised change and configuration management.
Gan Subramaniam, CISA, CIA, CISSP, SSCP, CCNA, CCSA, BS 7799 LA, is the head of information security of Homeloan Management Limited, one of the largest UK-based providers of BPO services to major banks and financial institutions, handling more than £27 billion of mortgages.
With more than 13 years of IT development, audit and security experience, he holds a master’s degree in computer applications (MCA) and master’s degree in financial management (MFM). His former employers include Ernst & Young, London, Thomas Cook (India) and Hindustan Petroleum Corporation Ltd. As a visiting faculty member at one of the top management schools in India, he has taught IT management, and as an international speaker, he has addressed a number of conferences in various countries, including Singapore, South Africa, The Netherlands, Switzerland and the UK.
Information Systems Control Journal, formerly the IS Audit & Control Journal, is published by ISACA®, Inc.. Membership in the association, a voluntary organization of persons interested in information systems (IS) auditing, control and security, entitles one to receive an annual subscription to the Information Systems Control Journal.
Opinions expressed in the Information Systems Control Journal represent the views of the authors and advertisers. They may differ from policies and official statements of ISACA® and/or the IT Governance Institute® and their committees, and from opinions endorsed by authors' employers, or the editors of this Journal. Information Systems Control Journal does not attest to the originality of authors' content.
© Copyright 2005 by ISACA® Inc., formerly the EDP Auditors Association. All rights res erved. ISCATM Information Systems Control AssociationTM
Instructors are permitted to photocopy isolated articles for noncommercial classroom use without fee. For other copying, reprint or republication, permission must be obtained in writing from the association. Where necessary, permission is granted by the copyright owners for those registered with the Copyright Clearance Center (CCC), 27 Congress St., Salem, Mass. 01970, to photocopy articles owned by ISACA® Inc., for a flat fee of US $2.50 per article plus 25¢ per page. Send payment to the CCC stating the ISSN (1526-7407), date, volume, and first and last page number of each article. Copying for other than personal use or internal reference, or of articles or columns not owned by the association without express permission of the association or the copyright owner is expressly prohibited.
INFORMATION SYSTEMS CONTROL JOURNAL, VOLUME 2, 2005