14 Communications Technology
Overview
This note covers the full Cambridge International AS & A Level IT syllabus for Topic 14 – Communications Technology. It is organised to help you meet the three assessment objectives:
- AO1 – Knowledge: definitions, key concepts and terminology.
- AO2 – Application: how the concepts are used in real‑world systems.
- AO3 – Analysis & Evaluation: strengths, weaknesses and suitability of different solutions.
14.1 Networks – Types, Topologies & Architectures
Network types (required by the syllabus)
- LAN (Local Area Network) – confined to a single building or campus; high speed, low latency.
- WAN (Wide Area Network) – spans cities, countries or continents; typically uses leased lines, MPLS or the Internet.
- MAN (Metropolitan Area Network) – covers a city or large campus; often a fibre‑optic ring or mesh.
- VPN (Virtual Private Network) – creates an encrypted “tunnel” over a public network, allowing remote users or sites to appear as part of a private LAN.
- Wireless networks – Wi‑Fi (IEEE 802.11), Bluetooth, infrared, microwave, radio, NFC.
- Peer‑to‑Peer (P2P) – each node can act as both client and server (e.g., file‑sharing, BitTorrent).
- Client‑Server – dedicated servers provide resources to client devices (e.g., web, mail, file services).
Common topologies
| Topology | Structure | Advantages | Disadvantages |
|---|
| Star | All devices connect to a central switch/hub | Easy to manage; failure limited to the central device | More cabling; hub/switch can become a bottleneck if not switched |
| Bus | All devices share a single backbone cable | Simple, cheap cabling | Backbone failure stops the whole network; limited scalability |
| Ring | Each device connects to two neighbours forming a closed loop | Predictable performance; fault isolation | Single break disables the network; more complex to configure |
| Mesh | Multiple redundant paths between devices | High reliability and fault tolerance | Expensive, complex cabling and management |
| Hybrid | Combination of two or more basic topologies | Flexibility to meet specific needs | Design and management can be complex |
Network architectures (AO2)
- Two‑tier (client‑server) – direct communication between client devices and a single server layer (e.g., a small office file server).
- Three‑tier architecture – presentation, application and data tiers; common in large enterprises for scalability and security.
- Cloud‑centric architecture – core services hosted in the cloud, accessed via the Internet; on‑premise devices act as thin clients.
- Client‑server vs. P2P distinction – client‑server centralises control and security; P2P distributes load but can be harder to manage.
14.2 Network Components
| Component | OSI layer(s) | Function | Typical example |
|---|
| NIC (Network Interface Card) | 1–2 | Provides physical & data‑link connectivity for a device | Gigabit Ethernet card in a PC |
| Hub | 1 | Repeats incoming signals to all ports (no filtering) | Small office “star” hub |
| Switch | 2 | Forwards frames based on MAC addresses; can also route (Layer 3) | 48‑port Gigabit Ethernet switch |
| Router | 3 | Routes packets between different IP networks; performs NAT and ACLs | Edge router connecting a LAN to the Internet |
| Bridge | 2 | Connects two LAN segments, filtering traffic by MAC address | Wireless bridge linking two buildings |
| Access Point (AP) | 1–2 | Provides Wi‑Fi connectivity to wireless clients | Ceiling‑mounted AP in a classroom |
| Gateway | 7 (application) | Translates between different network protocols (e.g., LAN ↔ Internet, SMTP ↔ SMTPS) | SMTP gateway for outbound mail |
| Firewall | 3–7 | Enforces security policies by filtering traffic (packet‑filter, stateful, proxy) | Perimeter firewall between Internet and LAN |
Typical campus layout (text description)
Internet → edge router → firewall → core switch. From the core switch, distribution switches feed access switches that connect PCs, printers, APs and servers. A DMZ (demilitarised zone) sits between the firewall and core switch for public‑facing services (web, mail, DNS).
14.3 Network Servers
- File server – stores and shares files (e.g., Windows Server with shared folders).
- Web server – hosts web pages; uses HTTP/HTTPS (e.g., Apache, IIS).
- Mail server – handles email (SMTP for sending, POP3/IMAP for retrieval).
- Application server – runs business applications (e.g., Java EE, .NET).
- Print server – manages network printers and print queues.
- FTP server – provides file transfer over TCP.
- Proxy server – forwards client requests, can cache content and enforce policy.
- Virtual server – multiple VMs on a single physical host (VMware, Hyper‑V).
DMZ and service‑level considerations (AO3)
A DMZ isolates public services from the internal LAN, reducing the impact of a breach. Service‑level decisions (e.g., using a dedicated web server vs. a shared virtual server) affect performance, cost and security.
Example scenario
A secondary school runs a file server for staff documents, a web server for the school website, and a mail server (Microsoft Exchange) on separate virtual machines hosted on a single physical server. The DMZ contains the web server, while the file and mail servers remain on the internal LAN behind the firewall.
14.4 Cloud Computing
Characteristics (AO1)
- On‑demand self‑service
- Broad network access
- Resource pooling
- Rapid elasticity
- Measured service (pay‑as‑you‑go)
Service models (AO2)
- SaaS (Software‑as‑a‑Service) – applications delivered over the web (Google Workspace, Microsoft 365).
- PaaS (Platform‑as‑a‑Service) – development platforms and runtime environments (Microsoft Azure App Service, Google App Engine).
- IaaS (Infrastructure‑as‑a‑Service) – virtual machines, storage and networking (Amazon EC2, OpenStack).
Deployment models (AO1)
- Public cloud – services owned and operated by a third‑party provider (e.g., AWS).
- Private cloud – infrastructure dedicated to a single organisation, often on‑premise.
- Hybrid cloud – combination of public and private clouds, with data and applications moving between them.
Pros & Cons (AO3)
| Pros | Cons |
|---|
| Scalability, reduced capital expenditure, automatic updates, global accessibility | Dependence on Internet connectivity, data‑privacy concerns, possible vendor lock‑in, variable performance |
Practical exam example
Students collaborate on a spreadsheet using Google Sheets (SaaS). The teacher sets sharing permissions (view‑only vs. edit) and checks the version history, demonstrating both security (access control) and cloud benefits (real‑time collaboration).
14.5 Data Transmission
Key performance terms (AO1)
- Bandwidth – maximum data‑rate a link can carry (bits s⁻¹).
- Bit‑rate – actual data‑rate achieved; may be lower than bandwidth because of protocol overhead.
- Latency – time for a single bit (or packet) to travel from source to destination.
- Throughput – amount of useful data transferred per unit time (bits s⁻¹).
- Goodput – throughput of *application‑level* data after removing protocol overhead and retransmissions.
Error‑control mechanisms (AO2)
- Parity bits & checksums – simple error detection.
- CRC (Cyclic Redundancy Check) – used in Ethernet frames.
- ARQ (Automatic Repeat reQuest) – e.g., Stop‑and‑Wait, Go‑Back‑N, Selective Repeat (used by TCP).
- Forward Error Correction (FEC) – adds redundant data so the receiver can correct errors without retransmission (used in satellite links).
Transmission media comparison (AO1)
| Medium | Typical bandwidth | Maximum segment length | Typical use |
|---|
| Twisted‑pair (Cat 5e) | 100 Mbps – 1 Gbps | 100 m | Office LANs |
| Twisted‑pair (Cat 6a/7) | 10 Gbps | 100 m | Data‑centre uplinks |
| Coaxial cable | 10 Mbps – 1 Gbps | 500 m | Cable TV, legacy Ethernet |
| Fibre‑optic (single‑mode) | 10 Gbps – 100 Gbps+ | 10 km+ (with repeaters) | Backbone, long‑haul ISP links |
| Fibre‑optic (multimode) | 1 Gbps – 10 Gbps | 550 m (OM4) | Campus LANs, data‑centres |
| Wi‑Fi (IEEE 802.11ac/ax) | ~1 Gbps (theoretical) | ~35 m indoor, 100 m outdoor | Student laptops, tablets |
| Bluetooth | 1–3 Mbps | 10 m (typical) | Peripheral devices, short‑range IoT |
| Infrared (IrDA) | 4 Mbps | 1 m line‑of‑sight | Remote controls, simple data exchange |
| Microwave / Radio | 100 Mbps – 1 Gbps | Several km (line‑of‑sight) | Rural backhaul, point‑to‑point links |
| NFC (Near Field Communication) | 424 kbps | ≤ 10 cm | Contactless payment, device pairing |
14.6 Network Protocols
OSI reference model (AO1)
| Layer | Name | Key functions |
|---|
| 7 | Application | Network‑aware software (HTTP, SMTP, DNS) |
| 6 | Presentation | Data translation, encryption, compression |
| 5 | Session | Establishes, manages, terminates sessions |
| 4 | Transport | End‑to‑end reliability (TCP) or best‑effort (UDP) |
| 3 | Network | Logical addressing & routing (IP) |
| 2 | Data‑link | MAC addressing, framing, error detection (Ethernet) |
| 1 | Physical | Electrical/optical signalling, connectors |
TCP/IP suite (core protocols)
- IP (Internet Protocol) – logical addressing (IPv4/IPv6) and routing.
- TCP (Transmission Control Protocol) – reliable, connection‑oriented transport with flow control and error recovery.
- UDP (User Datagram Protocol) – connection‑less, low‑latency transport (e.g., streaming, DNS).
- ICMP (Internet Control Message Protocol) – network diagnostics (ping, traceroute).
- ARP (Address Resolution Protocol) – maps IP addresses to MAC addresses on a LAN.
- DHCP (Dynamic Host Configuration Protocol) – automatic IP address allocation.
Application‑layer protocols (selected)
| Protocol | Port(s) | Purpose |
|---|
| HTTP | 80 | Web page transfer (unencrypted) |
| HTTPS | 443 | Secure web traffic (TLS/SSL) |
| FTP | 21 (control), 20 (data) | File transfer (plaintext) |
| SFTP | 22 | Secure file transfer over SSH |
| SMTP | 25, 587 | Sending email |
| POP3 / IMAP | 110/143 (plain) – 995/993 (TLS) | Retrieving email |
| SSH | 22 | Secure remote shell |
| DNS | 53 | Domain name resolution |
| TLS / SSL | – | Encryption layer for many protocols |
| IPsec | – | Network‑layer encryption for VPNs |
Routing protocols (AO2)
- RIP (Routing Information Protocol) – distance‑vector; max 15 hops, simple but slow convergence.
- OSPF (Open Shortest Path First) – link‑state; hierarchical design, fast convergence, widely used in enterprises.
- BGP (Border Gateway Protocol) – path‑vector; core protocol of the Internet, manages inter‑AS routing.
Firewalls – basic configuration concepts (AO2)
- Packet‑filter firewall – examines header fields (source/destination IP, ports, protocol) against an ACL.
- Stateful inspection firewall – tracks connection state, allowing return traffic automatically.
- Proxy (application‑layer) firewall – terminates the client connection and opens a new one to the server, enabling deep inspection.
- Common rule set example:
- Allow inbound HTTPS (TCP 443) to the DMZ web server.
- Deny all inbound traffic to the internal LAN.
- Allow outbound DNS (UDP 53) and HTTP/HTTPS from internal clients.
14.7 Wireless & Mobile Communication Technologies
Wi‑Fi (IEEE 802.11 families)
- 802.11a/b/g/n/ac/ax – progressive increases in data rate and efficiency.
- Security protocols: WEP (obsolete), WPA, WPA2‑PSK/Enterprise, WPA3.
- Typical range: 30 m indoor, up to 100 m outdoor with line‑of‑sight.
Other short‑range wireless
- Bluetooth – 2.4 GHz, low power, used for peripherals and IoT; security via pairing and encryption.
- Infrared (IrDA) – line‑of‑sight, low data rates, used for remote controls.
- NFC – ≤ 10 cm, 424 kbps, used for contactless payment and device pairing.
Cellular mobile communication
| Generation | Typical frequency | Maximum data rate | Key features |
|---|
| 2G (GSM) | 900/1800 MHz | 9.6 kbps (SMS) | Voice, limited data, circuit‑switched. |
| 3G (UMTS/HSPA) | 2100 MHz | 2 Mbps (download) | Packet‑switched data, video calls. |
| 4G (LTE) | 700 MHz‑2600 MHz | 100 Mbps (download) | All‑IP, high‑speed mobile broadband. |
| 5G | Sub‑6 GHz & mmWave (24 GHz+) | 1–10 Gbps | Ultra‑low latency, massive IoT, network slicing. |
Satellite communication (AO2)
- Geostationary (GEO) satellites – ~36 000 km altitude; high latency (~600 ms), used for broadcast and remote broadband.
- Low‑Earth‑Orbit (LEO) constellations (e.g., Starlink) – lower latency (< 50 ms), higher throughput, suitable for mobile broadband in remote areas.
14.8 Network Security Methods
1. Encryption (confidentiality & integrity)
- Symmetric encryption – same key for encrypting and decrypting (fast). Example: AES (128/192/256 bit keys) used in VPNs and file encryption.
- Asymmetric encryption – public‑key encrypts, private‑key decrypts (used for key exchange, digital signatures). Example: RSA (1024–4096 bit) and ECC (256‑bit curve ≈ RSA 3072‑bit security).
- Hash functions – one‑way, fixed‑size output; verify integrity. Example: SHA‑256. Used in password storage (with salt) and digital signatures.
2. Firewalls (access control)
- Packet‑filter, stateful, and proxy firewalls (see 14.6).
- Placement: perimeter (Internet ↔ LAN) and internal segmentation (e.g., between DMZ and LAN).
- Common policies: “default deny” inbound, “allow specific services” outbound.
3. Intrusion Detection & Prevention Systems (IDS/IPS)
- IDS – monitors traffic, generates alerts (signature‑based or anomaly‑based).
- IPS – actively blocks or throttles suspicious traffic based on IDS analysis.
- Often deployed inline with firewalls or behind them for defence‑in‑depth.
4. Authentication & Authorisation
- Passwords + hashing + salting – basic user authentication.
- Two‑factor authentication (2FA) – something you know + something you have (e.g., OTP app).
- Directory services – LDAP, Microsoft Active Directory for centralised authorisation and policy enforcement.
5. Virtual Private Networks (VPNs)
- Creates an encrypted tunnel over a public network.
- Common protocols: IPsec (layer 3), SSL/TLS VPN (layer 7), OpenVPN (UDP/TCP).
- Used for remote‑worker access, site‑to‑site connectivity, and secure transmission of sensitive data.
6. Demilitarised Zone (DMZ)
- Network segment that isolates public‑facing services (web, mail, DNS) from the internal LAN.
- Typically placed between the external firewall and the internal core switch.
- Reduces risk: a compromise of a DMZ server does not give direct access to internal resources.
7. Security policies & best practice (AO3)
- Defence in depth – combine firewalls, IDS/IPS, encryption, strong authentication, and regular patching.
- Least privilege – users and services receive only the permissions they need.
- Regular audits & monitoring – log analysis, vulnerability scanning, penetration testing.
- Backup & disaster recovery – encrypted off‑site backups, tested restoration procedures.
Example exam scenario (AO2/AO3)
A school wants remote teachers to access the internal file server securely. The recommended solution is a site‑to‑site IPsec VPN terminating at the school’s firewall, combined with two‑factor authentication** for each teacher. Traffic is encrypted (AES‑256), the firewall enforces a “default deny” policy, and an IDS alerts the IT admin to any unusual login attempts. This layered approach satisfies confidentiality, integrity, and availability requirements while minimising the risk of unauthorised access.