chapter [3] computer network and network security created by manish mathur
TRANSCRIPT
Created By Manish Mathur
Chapter [3]
Computer Network
and Network Security
Created By Manish Mathur
Definition :~Collection of all types of computers, Terminals and peripheral
devices connected together by a communication system is
called “Computer Network”.
• File Sharing• E-Mail• Remote Access• Fault Tolerance• Security• Better customer
service
• Printer Sharing• Fax Sharing• Data Organization• Internet Access• Communication• Reduced Cost
Benefits
Created By Manish Mathur
Function based Network
Data network Voice network Multimedia network
Classification of Network
Created By Manish Mathur
Coverage area based
LAN MAN WAN
Classification of Network
Created By Manish Mathur
Forwarding based
Switched Shared Hybrid
Classification of Network
Created By Manish Mathur
Ownership based
Public PrivateVirtual Private
Leased
Classification of Network
Created By Manish Mathur
Communication media based
Wired Wireless
Classification of Network
Created By Manish Mathur
[1] LAN :~
• Limited geographic area• Privately owned & operated• Physical interconnection
• High speed• Low error rate
[2] MAN :~
• Covers area larger then LAN• Fiber-Optic transmission• Physical interconnection
• Slower speed• High error rate
Created By Manish Mathur
[3] WAN :~
• Unrestricted geographic area• Wireless inter-connection• Third party Communication channel• Slow speed• High Error rate
Created By Manish Mathur
Network Models
• There is a centralized, NOS based computer called server.• Server is connected to many other computers called clients.• Clients makes the request for service and server provides
the requested service.• Advantage ~
– Resource efficiency.– High degree of security.– Server can be scaled upto many services.– Single updation for all.
• Disadvantage ~– Dependency on single computer.– Large setup cost of server.– Server speed can slow down.
[1] Client – Server models :~
Created By Manish Mathur
• There is no dedicated server instead all computers are of equal status and called Peer.
• Every computer works as both client and server.• Suitable with limited no. of users and where unrestricted
communication is required.• Advantage ~
– No dependency on single computer– Simplicity in design and maintenance– Less cable requirement
• Disadvantage ~– Poor resource requirement– Security is not important
[1] Peer - to - Peer model :~
Created By Manish Mathur
Components of a Network
1Sender computer
2Interface device
4Receiver computer
Interface device
3Communication Channel
5Communication Software
Created By Manish Mathur
Communication Devices1. NIC :~
- Connectivity - Memory- Protocol - Remote booting
2. Switches and Routers :~- Switches creates temp. point to point link between nodes. It makes
routing decision on the basis of physical address. It can also regenerate incoming signals.
- Routers selects the appropriate link from the existing path. It makes routing decision on the basis of network address.
3. Hub :~- Multi port connecting device that is used to interconnect devices by means of TPC.- Active hub can re-generate signals and Passive hub can sent incoming signals as it is.
Created By Manish Mathur
4. Bridge and Gateway :~Bridge allow communication between similar networks that
employee same protocol, architecture and cabling where as Gateway allows communication between dissimilar networks.
5. Repeater :~Amplifies the weak signals coming from one section of cable and pass strong signals to the other section.
6. Modem :~- Used when data are communicated through phone lines.
- Converts data from digital to analog (Modulation) and analog to digital (De-modulation).
- It is connected to Serial or Parallel port of CPU.
- Speed measured in terms of kbps and mbps.- Types
Place : Internal v/s ExternalCommand acceptance : Standard v/s IntelligentTransmission : Short Haul v/s Wireless.
Created By Manish Mathur
Internal v/s External ~Card v/s Device
Standard v/s Intelligent ~User command v/s microprocessor chip
Short Haul v/s Wireless ~Land line v/s Cell phone
7. Multiplexer :~
Allows sharing of communication line between 2 or more nodes.
Created By Manish Mathur
8. Front-end communication processor :~- Computer connected to the server of a network to reduce the work load.- It leaves Storage and Processing to the server and performs other functions like : User identification, terminal recognition, code
conversion, data validation, control of line etc.
9. Protocol converter :~- Converts one protocol signals into another protocol signals.
10. RAD :~
- A Modem bank that serves as gateway to the NET.- Also does the routing of incoming and out going messages.
Created By Manish Mathur
Communication ChannelsCommunication
Channels
Guided Media
Twisted Pair Cable
Co-axial Cable
Fiber Optical Cable
Unguided Media
Radio Wave
Micro Wave
Infrared Wave
Created By Manish Mathur
[1] Twisted-Pair Cable :~
Oldest Cheapest Slowest
Short distance High error rate Low band width
[2] Co-axial Cable :~
Costlier Faster Cover long distances
Low error rate High security Higher band width
[3] Optical-fiber cable :~
Costliest Fastest Long distance
Low error rate High security Highest band width
Light weight Can be used in hostile environment
Created By Manish Mathur
[4] Radio wave :~ It is an Electronic-Magnetic radiation created as beam of energy. It travels in a straight path. wave length 1mm to 100,000km
[5] Micro Wave :~ It is also a radio wave. wave length : 1mm to 1m.
[6] Infrared wave :~ It is wave of light. Used in medical and scientific application; Night vision devices etc.
Created By Manish Mathur
Selection of Channel
• Reliability• Cost• Security• Speed• Band width
Created By Manish Mathur
Communication Software
• Access Control– Linking and de-linking of devices.– Auto dialing– Checking user authorisation.
• Networking Management– Checking devices for data – Queuing the data – Routing the message
Created By Manish Mathur
• Data & File Transmission–Allowing file transfer as attachment–Text and Binary file can be attached
• Error detection and control–Send acknowledgement back to sender–Re-send the data when lost in transit
• Data Security–Employ ID system to protect data from
unauthorised discloser.
Created By Manish Mathur
Network TopologyThe geometric arrangement of nodes in the network is called Network Topology.
[1] STAR Topology
Advantages ~ - Easy to add and remove nodes. - Node failure does not turn down the network. - Easy to diagnose problem
Disadvantages ~ - High dependency on server. - High cabling cost.
Created By Manish Mathur
[2] RING Topology
Advantages ~ - Nodes has similar work load. - Easy to expand.
Disadvantages ~ - Expensive. - Difficult to install. - Node failure turn down the network. - Difficult to troubleshoot. - Adding and removing node disturb the network.
Created By Manish Mathur
[3] BUS Topology
Advantages ~ - Easy to use & form the network. - Minimum cable requirement. - Easy to expand.
Disadvantages ~ - Heavy network traffic can slow down bus transmission. - Each connection between weaken the signals. - Difficult to troubleshoot.
Created By Manish Mathur
[4] MESH Topology
Advantages ~ - Redundancy of communication path. - Highly reliable. - Network problems are easy to diagnose.
Disadvantages ~ - Cost of installation and maintenance is high.
Created By Manish Mathur
Transmission Techniques
Serial Transmission
• Single communication path.
• Bits travels along a single path.
• Cheaper mode• Covers long
distance• Slow in speed.
Parallel Transmission
• 8 Communication paths
• All bits of a byte travels together.
• Costly• Not practical for
long distance• Faster transmission
Created By Manish Mathur
Synchronous
• Sender and Receiver know in advance.
• Data are send in multi - word block.
• Start and Stop bytes are used.
• Transmission is fast.• Costly device.
Asynchronous
• Only sender know the time of transmission.
• Data are send character by character.
• Each character is delimited by Start and Stop bit.
• High reliable.• Transmission is slow.
00000000 1101101010010111110101101101010100111001 11111111
0 11011001 1 0 10101100 1 0 10011001 1 0 11000011 1 0 10101100
Created By Manish Mathur
Transmission Mode
Created By Manish Mathur
Transmission Techniques
[1] Circuit Switching :~
It uses single fixed bandwidth channel between nodes to communicate.
First the communication path is selected based on resource-optimizing algorithm.
For the communication session the path is dedicated and exclusive.
Created By Manish Mathur
[2] Message Switching :~
There is no direct connection between source and destination.
When the message is routed from source to destination, each intermediate node stores the entire message and transmit further.
When congestion occurs the nodes stores and delay the transmission.
Created By Manish Mathur
[3] Packet Switching :~
Every user gets a pre-defined time to access the network.
Message is divided into small units, called data packets, before they are transmitted.
Every packet has header containing destination address and sequence number.
Each packet may take a different route to reach destination.
At destination the packets are reassembled in the original message.
Created By Manish Mathur
Transmission Protocol
• Definition– Language of communication.– Set of rule for inter-computer communication.– Standards of communication.– Software to perform actions in communication.
• Functions– Physical aspect of communication– Linking and de-linking of devices– Syntax ~ character set, coding, format– Semantics ~ type and order– Timing ~
Created By Manish Mathur
• Types ~– Ready-made
• X.12 (EDI), Ethernet (LAN), TCP/IP (Internet)
– User Defined (OSI model)
Application
Presentation
Session
Transport
Network
Data Link
Physical
Created By Manish Mathur
• Physical– Voltage determination, Topology
• Data Link– Access control, data integrity
• Network– Route determination, linking and de-linking
• Transport– Assembling and dissembling of message– Error recovery, multiplexing, encryption
• Session– Establishing and termination of session
• Presentation– Display of message, application interface
• Application– User services, Database concurrency, Deadlocks
Created By Manish Mathur
TCP/IP
(Transmission
Control Protocol/Internet
Protocol)
•Provides services to user•FTP, HTTP, SMTP
Application
•Transmission of data packet•Verify be acknowledgement•TCP, UDP
Transport
•Routing, Error checking•Data integrity•IP, ARP
Internet
•Provides interface to network hardware and software.•PPP, FDDI
Network Interface
Created By Manish Mathur
LAN
Micro computer based network. Inexpensive transmission device. Physical interconnection . High data transmission rate. Limited geographical area. Several topologies possible. Transmission speed is independent of
attached devices. Central computer provides only storage. Protected mode transmission. Freedom of communication.
LAN is a inter-connection of 2 or more computers and associated devices within restricted geographic area
Created By Manish Mathur
Benefits
Created By Manish Mathur
Pre-requisites of LAN
Created By Manish Mathur
LAN C O M
P O N E N T
Created By Manish Mathur
WLAN
The LAN which does not require any physical media for data transmission.
It employ Radio waves or Infrared signals. A transceiver device, called access point, is
connected to server and support a small group of users.
End user access WLAN through WLAN adapter installed in their computer.
Created By Manish Mathur
Client – Server Technology
Created By Manish Mathur
C/S Architecture
C/S divides the processing task and processing power between client and server.
Server sends only that record which is required by the client thereby support database concurrency.
C/s software is based on versatile, message-based and modular infrastructure to improve usability, flexibility, interoperability, scalability.
Created By Manish Mathur
Reasons and Benefits to C/S computing Easy use of MIS Better customer services Lowering IT cost Direct access to required data. Better connectivity (OFC) Easy implementation and use Increased data security Direct centralised control of NOS Distributed processing Software cost benefits (purchase & upgrade) Platform independent Easy adaptability to new hardware.
Created By Manish Mathur
Characteristics of C/S computing
• Consist of client and server process that can be distinguished.
• Client and server process can operate on different computer.
• Any plate form can be upgraded individually.• Server can service multiple client and client can avail
services of multiple servers.• Some part of application logic resides at client end.• Actions are initiated by client.• GUI based interface.• SQL capability.• DB Security• Network capability.
Created By Manish Mathur
Components of C/S computing• Client ~
– Non-GUI based– GUI based– OOUI based
• Server ~– Printer, Modem, Database, Processing server
• Middleware ~– 4 layers
• Service layer Back-end processing layer• NOS layer Transport layer
• Fat client/server ~– Fat client : 2-tier system– Fat server : 3-tier system
• Network
Created By Manish Mathur
Virtual Private Network
• VPN is a privately operated network of an organization that uses a public server.
• Types ~– Remote-access VPN– Site-to-site VPN
• Intranet based• Extranet based
Created By Manish Mathur
Broad Band Network (ISDN)
• It is a system of combining voice and data transmission.
• Bandwidth 64kbps.
• Types ~– BRI : 2voice and 1 data channel– PRI : 3 voice and 1 data channel
• Advantages ~– Allows multiple digital channels to operate on regular
phone line.– Easy routing to the proper destination.– Keep noise and interference out, even after combining.– Does not disturb the established connection.
Created By Manish Mathur
Type of Server[1] Data base server :~
• The central computer of a network which stores, updates and manage Data Base of an organization.
• User interface and Processing logic resides on the Client’s PC.• It is found in the networks with 2-tier architecture.
[2] Printer Server :~
• The central computer of a network which is connected to a printer and allows shared access of printer to its clients.
• It can be Dedicated or Non-dedicated.
[3] Transaction Server :~
• It provides centralized, on-line processing of transactions.
Created By Manish Mathur
[4] Application Server :~
The central computer of a network which provides logic for processing of data of the database.
It is found in the networks with 3-tier architecture.
First tier - Front end - Client (UI)Second tier - Middle end - Application ServerThird tier - Back end - Data Base Server
Features ~• Component Management• Fault Tolerance• Load Balancing• Transaction Management• Operator’s Console• High Security
Types ~
• Web information server : Server with web script of HTML• Component server : Server with application software• Active application server : Server with decision processing
S/w
Created By Manish Mathur
Internet Servers [1] File Server ~ It stores user files centrally and allows shared access. It also provides regular backup.
[2] Mail Server ~ They are used to receive and store e-mails. It provides 24 * 365 hrs. access.
[3] DNS Server ~ It is Internet wide distributed database system. It stores host name and associated IP address.
[4] Gopher Server ~ They are search engines used to locate information on the NET. It prompts user for the site address that interests them.
[5] Web Server ~ The provides cyber space to host users site. HTML is used to prepare web document and browser program is used to
view them.
Created By Manish Mathur
[6] FTP Server ~ They are used to send and receive files from the users. They are of 2 types –
(i) Anonymous server (ii) Named server
[7] News Server ~ They provides world wide discussion system. Users may read and post their articles .
[8] Chat Server ~ They provide communication facility to users. They are of 2 types –
(i) Moderated (ii) Un-moderated
[9] Caching Server ~ They maintain a library of web pages and there by reducing no. of NET
accesses.
[10] Proxy Server ~ They restrict access to information on the NET, by refusing or passing
the request to the server. It operates on a list of rules given by system administrator.
Created By Manish Mathur
Tier Architecture
Tier system
Single tier system
Two tier system
Three tier system
N-tier system
Created By Manish Mathur
Single tier Architecture• A single computer containing database to store the data and
applications to process the data is called Single tier system.
• In other words, when all the three component viz. User Interface, Database and Application logic resides in one computer, this is called Single Tier Architecture.
• Advantages ~ It requires only one stand alone computer. It requires only one installation for licensed software.
• Disadvantage ~ It can be used by only one user at a time. It is impractical for an organization which requires many users
to access data concurrently.
Created By Manish Mathur
Two tier ArchitectureDefinition ~
• A 2TA consists of two computers : Client and Server.• DB is stored on the server and UI resides on the client. PL can
be either on the client or on server.
Purpose ~• To improve usability by supporting user friendly interface.• To improve scalability by supporting upto 100 users.• To support simple, non-time critical system by minimizing
operator’s intervention.
Technical details ~• If processing load is on the client, such client is called Fat
Client and if it is on the server then such server is called Fat Server.
Created By Manish Mathur
Two tier Architecture
Advantages ~ More users can interact with the system concurrently.
Disadvantage ~ Performance deteriorates if number of users > 100. Limited flexibility due to shifting processing capability to
server. Not cost-effective in terms of software if processing
capability is shifted to client.
Created By Manish Mathur
Three tier ArchitectureDefinition ~• Emerged in 1990s, 3-TA is designed by adding a third tier (middle
tier server) to 2-TA.• The middle tier provides process management and can accommodate
hundreds of users.
Purpose ~• To provide increased performance, flexibility, maintainability and
scalability, while holding complexity away from the user.
Client 1 Client 1 Client 1
Application Server
Data Base Server
Created By Manish Mathur
Three tier Architecture
Advantages ~
• Clear separation of User Interface, Database, Process logic.
• Dynamic load balancing
• Change management
Disadvantages ~
• Increased need for traffic management, load balancing and fault tolerance.
• Costly tools.
• Server library maintenance tools are inadequate to promote code sharing.
Created By Manish Mathur
Data CentreData Centre
• It is a on-line, centralized, highly secured and fault resistant repository for the storage and management of database.
• The primary goal of DC is to deploy redundant infrastructure to maximize availability and prevent down time.
• Types ~- Public Data centre - Private Data centre
• Tiers ~- Tier 1 - Tier 2
- Tier 3 - Tier 4
Created By Manish Mathur
Services of Data Centre
Created By Manish Mathur
Features of Data Centre
Size (Land, server, people)
Data Security(IDS, DRP)
Data Availability (B&R)
Security(Physical &
logical)
Electrical system(UPS)
Backup System
Continuous monitoring
Environment control (cool, dust free)
Created By Manish Mathur
Leveraging the Data Centers
• DC infrastructure need to be exploited to maximize ROI.
• Client of the public DC prefer to choose that DC which provides them benefits of cost saving as well as one-stop provider of value added services.
• Therefore, DC need to ready with additional infrastructure for the customers who wish to increase their requirement without advance notice.
• DC must ensure that bloated inventories of technical infrastructure lead to large amount of sunken capital and when not used in time can become obsolete.
Created By Manish Mathur
Challenges faced by Management
Challenges
High data growth
Performance and scalability
Congestion & Connectivity
IT Administration
Inadequate DRP
Data protection
Technology
Resource balancing
Created By Manish Mathur
1) Controlling high data growth ~ It is the biggest h/w infrastructure challenge. Data de-duplication techniques(DDT) are used to face it. DDT replaces redundant data with a pointer to unique data copy.
2) System performance and scalability ~ It is relate to technology obsolescence. Obsolete systems consumes more space, power, cooling and
require more maintenance. To avoid this IT managers must do heavy initial planning(3-5 yrs)
to accommodate performance and capacity need without adding new systems.
3) Network Congestion and Connectivity ~ The new generation servers support high I/O operation but the
tradition LAN switches are not able to meet this increase network demand.
This creates a big network challenge.
Created By Manish Mathur
4) IT administration and staff time ~Security administrator have to protect more data and meet high security standard while staying limited budget. They have to invest in the following ~
Automatic load balancing and tuning Automatic monitoring and proactive identification of h/w problem. Provide centralized dashboard to monitor and report on the status of
B&R, Duplication and de-duplication.
5) Inadequate DRP ~ DC that uses tapes for backup and dissimilar disk based system for on-
line storage are vulnerable to data loss in the event of disaster. IT managers should consider the use of consistent storage platform.
6) Adopting new data protection technology ~ With limited budget and resources DC managers are challenged to
protect their investment. The cost and risk of migration to new technology poses a great
challenge.
7) Resource balancing ~
Created By Manish Mathur
Disaster Recovery Site
Created By Manish Mathur
Business Continuity Planning
Components ~1 : Requirement Definition
2 : Identification of Critical Resources
3 : Planning of use of resources
4 : Definition of Role & Responsibility
5 : Testing
6 : Maintenance
Created By Manish Mathur
Life cycle of BCP~
Analysis
Solution design
ImplementationTesting
Maintenance
Created By Manish Mathur
Phase-I : Analysis
Impact Analysis
Threat Analysis
Impact Scenario
Recovery Requirement
Created By Manish Mathur
Impact Analysis
• Identification of critical and non-critical business functions.• For each critical function assign two values ~• RPO (Recovery point objective) –
• to ensure MTDL (Maximum tolerable data loss)• RTO (Recovery time objective) –
• to ensure MTPD (Maximum tolerable period of disruption)
Threat Analysis
Identification of Threat What can occur in general What is likely to occur
Created By Manish Mathur
Impact Scenario
Assessment of loss/exposure due to materialization of threat. Such as – Antenna damage, cable burn, database crash, building loss etc.
Recovery Requirement
Hardware, Software, Data/Database, Furniture, Peripheral equipments, personnel etc.
Created By Manish Mathur
Phase-II : DesignThe activities involved here are ~ Team Building and assignment of Role and Responsibility Selection of Recovery site Telecommunication architecture Backup and Recovery methodology for Data Backup and Recovery methodology for Application
Phase-III : Implementation Putting plan into action is called implementation.
This phase involve signing contract/agreements with external parties to support in recovery.
Created By Manish Mathur
Phase-IV : Acceptance testing
Testing is conducted to ensure that BCP satisfy all business requirements.
Test is conducted annually or bi-annually
Problem identified are rolled out to maintenance phase.
Testing include ~
Swing test (primary to secondary to primary)
Application test
Business process test
Created By Manish Mathur
Phase-V : Maintenance
Three activities involved ~
Information update and testing
Staffing change, changes in client and their contract, changes in vendors and their contract, changes in the company’s investment portfolio etc.
Testing and verification of technical solution
Virus definition, Application security, Hardware operability, software operability data verification etc.
Testing & verification of organization procedure
Have the system procedure changed ?
Are all the procedures are documented ?
Are all the procedures allow staff to recover the system ?
Created By Manish Mathur
Network Security• To protect network communication from
intruder and to safeguard the assets.• Types ~
– Physical Security– Logical Security
• Security Administrator prepares a security program to ensure safeguarding of assets.
• There are 8 steps of security program development.
Created By Manish Mathur
• Step 1 : Preparing Project Plan
• Step 2 : Assets Classification
• Step 3 : Assets Valuation
• Step 4 : Threat Identification
• Step 5 : Threat Probability
• Step 6 : Exposure Analysis
• Step 7 : Control Adjustment
• Step 8 : Reporting to management
Created By Manish Mathur
Intrusion Detection System (IDS)
Created By Manish Mathur
Threats
Un-Structure
d
StructuredExternal
Internal
Created By Manish Mathur
1) Unstructured Threats This originate from inexperienced individuals using easily available
hacking tools from the internet. E.g. Port scanning tool, Address-swapping tools etc.
These kind of actions are done more out of curiosity rather then bad intention.
2) Structured Threat These originate from highly motivated and technically competent
individuals. They take advantage of system vulnerability and penetrate the security. They target specific business and hired by organized crime, competitors
etc.
3) External Threat These originate from individuals not member of the organization and does not have legitimate access to system.
4) Internal ThreatThese originate from employees or individuals who have authorized access to the network and system.
Created By Manish Mathur
Vulnerability
Software bugs
Timing Window
Insecure default
configuration
Bad Protocol
Trusting unworthy
Info.
End User
Created By Manish Mathur
Software bugsBuffer overflow, failure to handle exception, input validation error etc. These are so common that users have developed ways to work with them.
Timing windowSystem failure to protect the temporary files created on the hard disk.
Insecure default configurationIt occurs when user use vender supplied password.
Bad ProtocolProtocol with poor security control are likely to be exploited by hackers.
Trusting untrustworthy informationIt occurs when computers are not programmed to verify that they are receiving information from a unique host and they allow system access to any body.
Non-professional end usersUnawareness of password protection, backup and recovery operation etc.
Created By Manish Mathur
Virus Attack
• A man-made program developed to perform destructive activities.
• Depending on the intension of its developer it can do any thing.
• 3 Controls ~– Preventive control– Detective control– Corrective control
Created By Manish Mathur
Abuse of software
• Ways ~– Unauthorized copy of proprietary S/W & Database.– Threat to the privacy of individual’s data stored in the
server.– Use of server for personal gain by employee.– Hackers gaining unauthorized entry in the system.– Intruders destructing the communication.
• Controls ~– Logical access controls– General and application controls– Backup & Recovery plan– Insurance coverage
Created By Manish Mathur
Fire Wall• A device acting as a barrier between
company server and outside world.
• Types ~– Network level firewall– Application level firewall