Course: Introduction to Cybercrime Investigation Course (ICIC)

MODULE 3. Computer Network Basic

Lesson Plan

Topic: Computer Network

Lesson Plan Number: 3.1

Target Audience: PNP Personnel

(PCOs, PNCOs and NUP)

Venue: PNP Training Service

Training Day Number: 4

Time Allotted: 4 Hours

Instructional Method: Lecture Discussion PE

Training Aids: Laptop, Multi-media projector,

PA System

Trainee Requirements: Notebook and Ball pen

Issue Items: Handouts

Required Instructor Qualification: General Instructor

Specialized Instructor
Master Instructor

Coordination: Not necessary

Training Reference Used: ATAP Facilitator Guide on

Understanding Computer Network
Basics, Google ask.com, Google
Dictionary.com

Lesson Goal: This lesson aims to enhance the

knowledge of the participants on
computer networks.

Lesson Objectives:

After this lesson, the participants must be able to:

Course: ICIC Page 1 of 12 Lesson Plan 3.1

L.O.1. Define computer networks as a mechanism to exchange data
between two or more computers or other network devices;

L.O.2. Describes the network characteristics of a computer which includes

communication, configuration, size, and access; and

L.O.3. Define the list of network terminology that law enforcement

investigators must understand when responding to an incident.

Presentation Outline:

Topic Time Methodology

I. Introduction 5 mins
II. Computer Network
TP - 1: Data Exchange 30 mins
III. Computer Network Characteristics 30 mins Lecture
TP - 1: Network Communication 30 mins Discussion
TP - 2: Network Configuration 30 mins Demonstration
TP - 3: Network Size 25 mins
TP - 4: Network Access 30mins
TP - 5: Network Terminologies 60 mins
Total 4 Hours

Course: ICIC Page 2 of 12 Lesson Plan 3.1

 Lesson Plan 3.1

Lesson Topic – Computer Network

I. Introduction (5 mins)
1. Introduce Instructor to the participants.
 Name
 Designation/present unit assignment/work experience
 Educational background

2. The lesson aims to enhance the knowledge of the participants

on computer networks.

II. Computer Network (25 mins)

Computer Network
- is a group of two or more computers and other devices that
are connected together, allowing the exchange of data. The most common
source today is the connection to the Internet. The Internet itself can be
considered a computer network.

- A computer network facilitates interpersonal communications

allowing users to communicate efficiently and easily via various means
like email, instant messaging, online chat, telephone, video calls and video
conferencing.

- A network allows sharing of files, data and other types of

information giving authorized users the ability to access information stored
on other computers on the network.

- A computer network may be used by security hackers to

deploy computer viruses or computer worms on devices connected to the
network, or preventing these devices from accessing the network via a
denial-of-service attack.

TP - 1: Data Exchange
- allows data to be shared between different computer
programs

- Checking or reading an email on a smartphone is another

example of an exchange of data between the phone and a mail server.

- Typing a URL to load a website is a good example of a

“data exchange” that many people can relate to is sitting in front of a
computer, typing a uniform resource locator (URL) such as
www.google.com into the Web browser, and having Google’s home
page load.

Course: ICIC Page 3 of 12 Lesson Plan 3.1

 - Submitting an expense report in a scenario shows two
groups in a company have their own networks—accounting and
operations. For operations people to be able to submit their expense
reports to the accounting group, the operations network computers
would need to be able to exchange data with the accounting group’s
computers.

III. Computer Network Characteristics (30 mins)

Instructor’s Note: Ask the participants in their own words what are the
features of a computer network.

 Sharing resources from one computer to another computer over a

network;
 Performance by measuring the speed of data transmission with
number of users, connectivity and the software used;
 Reliability makes easy to use an alternative source for data
communication;
 Scalability increases the system performance by increasing the
processors; and
 Security which is the main characteristic of a computer network,
necessary steps need to be taken in order to protect the data from
unauthorized access.

Common Network Characteristics:

TP – 1: Network Communication (30 mins)

- Depicted by several conceptual network models that are

widely accepted in the information technology community. These
models define the functions required to connect one computer to any
other computer or device on the network. The models group similar
functions and illustrate how they rely on other functions to exchange
data. Familiarity with models helps law enforcement investigators
communicate effectively with network stakeholders.

Common Models

a. Open Systems Interconnect (OSI)- a theoretical

framework for understanding network communication; and

b. Transmission Control Protocol/Internet Protocol

(TCP/IP)- set of rules (protocol) used along with the Internet
Protocol (IP) to send data in the form of message units
between computers over the Internet.

- Achieved through the use of standardized protocols—sets of

detailed rules for network communication in order to exchange data.
Course: ICIC Page 4 of 12 Lesson Plan 3.1
 Protocols function as a common “language” between
devices and applications on the network. If both the client and the
server understand the protocol, communications can be established.

a. Hyper Text Transfer Protocol (HTTP) – is a set of

rules for transferring files (text graphic images, video,
sound and other multi-media files). It is an application
protocol that runs on top of the suite of protocols.

b. Simple Mail Transfer Protocol (SMTP) – used in

sending and receiving email but it is limited in its ability
to queue messages at the receiving end, it is usually
used with one of two other protocols.

- It is an application-layer protocol that enables the

transmission and delivery of email over the Internet , It is also known
as RFC 821 and RFC 2821.

- The SMTP composed of four key components:

 Local user or client-end utility known as the mail
user agent (MUA)
 Server known as mail submission agent (MSA)
 Mail transfer agent (MTA)
 Mail delivery agent (MDA)

- The SMTP works by initiating a session between the user and

server, whereas the MTA and MDA provide domain searching and
local delivery services.

TP – 2: Network Configuration (30 mins)

- Is the process of setting a network’s control, flow and

operation to support the network communication of an organization
and/or network owner. It is also known as network setup.

- all computer networks are composed of common types of

hardware devices, such as computers, wired or wireless
communication media, and wired or wireless routing devices.

- It allows a system administrator to set up a network to meet

communication objectives. The process involves the
following tasks:

 Router Configuration: specifies the correct IP addresses

and route settings, etc.
 Host Configuration: sets up a network connection on a
host computer/laptop by logging the default network
settings.

Course: ICIC Page 5 of 12 Lesson Plan 3.1

  Software Configuration: any network-based software
which provides appropriate credentials to access and
monitor network traffic.

TP – 3: Network Size (25 mins)

- The size of the network can be described by the geographic

area they occupy and the number of computers that are part of the
network. Networks can span from as few as two devices to millions of
devices. In its simplest form, a network may consist of two computers
physically connected with a network cable.

Different networks based on size are:

 Personal area Network, or PAN a computer network
organized around an individual person within a single
area like a small office or residence. Sometimes it is
referred as home area network, or HAN.
 Local area Network, or LAN a computer network at a
single site like an office building, it is very useful for
sharing resources, such as data storage and printers
 Metropolitan area Network, or MAN a computer
network across an entire city, college campus or small
region. This type of network covers an area several
mile to tens of miles, it this type of network is designed
for a college campus it is referred as campus area
network, or CAN.
 Wide area Network, or WAN occupies a very large
area, an entire country or entire world, contains
multiple smaller networks.

- Network servers are expandable to meet the storage and

data processing needs of the organization. Law enforcement
investigators may be asked to respond to incidents at corporate data
centers involving a warehouse-sized collection of servers,
workstations, and other network devices.

TP – 4: Network Access (30 mins)

- the last characteristic is access wherein networks can be

considered private or public.

1. Private- internal environment connected through an

Intranet or local area network (LAN). It restricts access
to that network through the use of passwords and other
security controls and communications never goes over the
internet. Good example is PAN and LAN.

Course: ICIC Page 6 of 12 Lesson Plan 3.1

 2. Public- connected through the Internet and the best-
known example is the wide area network (WAN).
Anyone can reach the devices attached to a public
network; it can also dedicate computers on a public
network to serve websites on the Internet. Websites
stored on such computers would be visible to any other
computer on the Internet.

TP – 5: Network Terminologies (60 mins)

- To provide an initial list of terms investigators may encounter

during incident response in a network environment.

- Emphasize that as law enforcement investigators, the

participants must understand these terms and be prepared to speak
knowledgeably about network concepts when working with system
administrators and other stakeholders.

Abbreviations/Acronyms

Abbreviation/Acronym Description
GUI Graphical User Interface
HTTP Hyper Text Transfer Protocol
LAN Local Area Network
MAC Media Access Control
OS Operating System
OSI Open Systems Interconnect
OUI Organizationally Unique Identifier
SMTP Simple Mail Transfer Protocol
TCP/IP Transmission Control Protocol/Internet
Protocol
URL Uniform Resource Locator
WAN Wide Area Network
WAP Wireless Access Point or Wireless
Application Protocol
WWW World Wide Web

Key Terms

Key Term Description

Application An executable program that exists to perform a
particular function (or functions). For example,
Microsoft Word is an application that allows users
to create and edit electronic documents. Mozilla
Firefox is an application that allows users to browse
and interact with websites.
Course: ICIC Page 7 of 12 Lesson Plan 3.1
 Key Term Description
Bridge A device that interconnects local area networks,
filtering and forwarding frames according to media
access control (MAC) addresses
Client Computer or program that requests a service from
another computer across a network
Cloud Network access to shared data, usually used to
refer to cloud computing. Cloud computing utilizes
one or more computers, referred to as servers,
connected through a network such as the Internet,
an intranet, a local area network (LAN), or wide
area network (WAN).
Computer A group of two or more computers and other
Network devices that are connected together, allowing the
exchange of data
Demarcation The location at which the telecommunication
Point provider’s network ends and connects with the
customer’s on-premises wiring
Ethernet A system for connecting a number of computer
systems to form a local area network, with
protocols to control the passing of information and
to avoid simultaneous transmission by two or more
systems
Firewall A system or combination of systems that enforces
an access policy between two or more networks.
A firewall is the primary method for keeping a
computer secure from intruders. A firewall allows or
blocks traffic into and out of a private network or the
user’s computer. Firewalls are widely used to give
users secure access to the Internet as well as to
separate a company’s public Web server from its
internal network. Firewalls are also used to keep
internal network segments secure; for example, the
accounting network might be vulnerable to
snooping from within the enterprise.
Graphical User The common method of interacting with a computer
Interface (GUI) that allows any graphics image to be displayed on
screen. Except for entering text on the keyboard,
the primary way the computer is operated is with a
mouse or touchpad pointing device. The
mouse/touchpad is used to select icons and menu
options as well as move and resize windows that
frame the application and elements within it. GUIs
replaced the character-based display with a
graphics display and eliminated the need to enter
cryptic commands in a required sequence.

Course: ICIC Page 8 of 12 Lesson Plan 3.1

 Key Term Description
However, all major operating systems still include a
command line interface that lets programmers and
power users enter commands to perform certain
tasks faster and more easily than with a mouse.
Hub An intermediary device that allows multiple network
devices to connect to the same network segment
over Ethernet. A hub transmits incoming data to all
connected ports.
Hyper Text The protocol for moving hypertext files across the
Transfer Internet requires an HTTP client program on one
Protocol (HTTP) end and an HTTP server program on the other end.
HTTP is the most important protocol used in the
World Wide Web (WWW).
Internet A global system of interconnected computer
networks that use the standard Transmission
Control Protocol/Internet Protocol (TCP/IP) suite to
link several billion devices worldwide
Intranet A private computer network within an organization
Local Area A computer network that connects computers within
Network (LAN) a limited area such as a home, school, or office
building
Network Any person who can affect change or is affected by
Stakeholder changes to a network system. Examples include
the business owner or organization executives,
network administrators, systems administrators, or
other technical resources.
Open Systems The OSI model is a theoretical framework for
Interconnect understanding network communication—it is not
(OSI) Model actually implemented. The OSI model contains
seven layers, arranged as visual representations of
a network stack.
Operating Software that provides the primary user interface
System (OS) and environment that humans use to interact with a
computer system. The operating system (OS)
initially loads when a computer system boots up.
The OS manages many different aspects of the
computer system, including interfacing with the
underlying hardware, managing the computer’s
memory, managing how files are stored on the file
system, and providing other services that installed
applications rely on to function effectively.
Organizationally A 24-bit number that uniquely identifies a vendor,
Unique Identifier manufacturer, or other organization globally or
(OUI) worldwide

Course: ICIC Page 9 of 12 Lesson Plan 3.1

 Key Term Description
Platform The underlying computing system, which typically
refers to the combination of the hardware and
operating system, on which application programs
run
Power The process of maintaining a consistent flow of
Distribution electric power to network server equipment. Power
distribution systems range in complexity from a
simple power strip with surge protection to
computerized monitoring systems with
uninterruptable power supply units.

Protocol Set of rules that define how a specific type of network

communication must occur.
Clients and servers use different protocols depending
upon the type of data being exchanged. For example,
web browsing functions through Hyper Text Transfer
Protocol (HTTP). Email functions through many
protocols, such as Simple Mail Transfer Protocol
(SMTP). If both the client and server understand the
protocol, communications can be established.
There are thousands of protocols in use throughout
the world.
Rack A metal frame designed to hold network server
equipment
Router Hardware device or computer software that
interconnects various access methods and protocols.
A router performs the same functions as a bridge, but
has greater functionality. For example, a router can
plot a path for packets across multiple networks,
depending on its knowledge of neighboring networks.
It also directs traffic between networks based on IP
addressing, rather than the MAC addresses used by
bridges and switches. A router is used in wide area
networks (WANs) and is the primary device for
directing IP packets across the Internet.
Server Computer or program that provides services to other
computers or programs across a network
Simple Mail The standard email protocol on the Internet and part
Transfer of the TCP/IP protocol suite, as defined by IETF RFC
Protocol (SMTP) 2821. SMTP defines the message format and the
message transfer agent (MTA), which stores and
forwards the mail. SMTP was originally designed for
only plain text (ASCII text), but MIME and other
encoding methods enable executable programs and
multimedia files to be attached to and transported with
the email message.
Course: ICIC Page 10 of 12 Lesson Plan 3.1
 Key Term Description
Switch An intermediary network device that allows multiple
devices to connect to the same network segment over
Ethernet. A switch transmits incoming data only to its
intended port.
Topology The physical layout of a network is usually less
important. The manner in which various devices are
arranged (physically or logically) and connected to
each other in a computer network
Transmission TCP is known as a connection-oriented protocol,
Control which means that a connection is established and
Protocol/Interne maintained until such time as the message or
t Protocol messages to be exchanged by the application
(TCP/IP) programs at each end have been exchanged.
TCP is one of the main protocols in TCP/IP networks.
Whereas IP deals only with packets, TCP enables two
hosts to establish a connection and exchange
streams of data. TCP guarantees delivery of data and
also guarantees that packets will be delivered in the
same order in which they were sent.
Uniform A reference to a resource that specifies the location of
Resource the resource on a computer network and a
Locator (URL) mechanism for retrieving it. A URL is a specific type of
uniform resource identifier (URI).
Uninterruptible A device that prevents power surges and contains a
Power Supply backup battery to operate the server for a short period
of time if the primary power source is lost or
disconnected
UNIX A computer operating system designed to be used by
many people simultaneously. UNIX has Transmission
Control Protocol/Internet Protocol (TCP/IP) built in. It
is the most common operating system for servers on
the Internet.
Wide Area A computer network that covers a large geographical
Network (WAN) area
Windows A database that contains information necessary to
Registry configure a Windows system for one or more users,
applications, and/or hardware devices. Windows
continually references registry information during
operation, such as user profiles and information about
system hardware, installed programs and settings,
and ports in use.
Wireless Access A base station that connects a wireless system to a
Point (WAP) wired land-based system. The acronym “WAP” is
sometimes used, but WAP is more widely used to
mean the Wireless Application Protocol.

Course: ICIC Page 11 of 12 Lesson Plan 3.1

Instructor’s Note: Ask participants which terminologies are they
familiar with and if they can define it in their own words.

Course: ICIC Page 12 of 12 Lesson Plan 3.1