chapter [3] computer network and network security created by manish mathur

Created By Manish Mathur

Chapter [3]

Computer Network

and Network Security


Definition :~Collection of all types of computers, Terminals and peripheral

devices connected together by a communication system is

called “Computer Network”.

• File Sharing• E-Mail• Remote Access• Fault Tolerance• Security• Better customer

service

• Printer Sharing• Fax Sharing• Data Organization• Internet Access• Communication• Reduced Cost

Benefits


Function based Network

Data network Voice network Multimedia network

Classification of Network


Coverage area based

LAN MAN WAN



Forwarding based

Switched Shared Hybrid



Ownership based

Public PrivateVirtual Private

Leased



Communication media based

Wired Wireless



[1] LAN :~

• Limited geographic area• Privately owned & operated• Physical interconnection

• High speed• Low error rate

[2] MAN :~

• Covers area larger then LAN• Fiber-Optic transmission• Physical interconnection

• Slower speed• High error rate


[3] WAN :~

• Unrestricted geographic area• Wireless inter-connection• Third party Communication channel• Slow speed• High Error rate


Network Models

• There is a centralized, NOS based computer called server.• Server is connected to many other computers called clients.• Clients makes the request for service and server provides

the requested service.• Advantage ~

– Resource efficiency.– High degree of security.– Server can be scaled upto many services.– Single updation for all.

• Disadvantage ~– Dependency on single computer.– Large setup cost of server.– Server speed can slow down.

[1] Client – Server models :~


• There is no dedicated server instead all computers are of equal status and called Peer.

• Every computer works as both client and server.• Suitable with limited no. of users and where unrestricted

communication is required.• Advantage ~

– No dependency on single computer– Simplicity in design and maintenance– Less cable requirement

• Disadvantage ~– Poor resource requirement– Security is not important

[1] Peer - to - Peer model :~


Components of a Network

1Sender computer

2Interface device

4Receiver computer

Interface device

3Communication Channel

5Communication Software


Communication Devices1. NIC :~

- Connectivity - Memory- Protocol - Remote booting

2. Switches and Routers :~- Switches creates temp. point to point link between nodes. It makes

routing decision on the basis of physical address. It can also regenerate incoming signals.

- Routers selects the appropriate link from the existing path. It makes routing decision on the basis of network address.

3. Hub :~- Multi port connecting device that is used to interconnect devices by means of TPC.- Active hub can re-generate signals and Passive hub can sent incoming signals as it is.


4. Bridge and Gateway :~Bridge allow communication between similar networks that

employee same protocol, architecture and cabling where as Gateway allows communication between dissimilar networks.

5. Repeater :~Amplifies the weak signals coming from one section of cable and pass strong signals to the other section.

6. Modem :~- Used when data are communicated through phone lines.

- Converts data from digital to analog (Modulation) and analog to digital (De-modulation).

- It is connected to Serial or Parallel port of CPU.

- Speed measured in terms of kbps and mbps.- Types

Place : Internal v/s ExternalCommand acceptance : Standard v/s IntelligentTransmission : Short Haul v/s Wireless.


Internal v/s External ~Card v/s Device

Standard v/s Intelligent ~User command v/s microprocessor chip

Short Haul v/s Wireless ~Land line v/s Cell phone

7. Multiplexer :~

Allows sharing of communication line between 2 or more nodes.


8. Front-end communication processor :~- Computer connected to the server of a network to reduce the work load.- It leaves Storage and Processing to the server and performs other functions like : User identification, terminal recognition, code

conversion, data validation, control of line etc.

9. Protocol converter :~- Converts one protocol signals into another protocol signals.

10. RAD :~

- A Modem bank that serves as gateway to the NET.- Also does the routing of incoming and out going messages.


Communication ChannelsCommunication

Channels

Guided Media

Twisted Pair Cable

Co-axial Cable

Fiber Optical Cable

Unguided Media

Radio Wave

Micro Wave

Infrared Wave


[1] Twisted-Pair Cable :~

Oldest Cheapest Slowest

Short distance High error rate Low band width

[2] Co-axial Cable :~

Costlier Faster Cover long distances

Low error rate High security Higher band width

[3] Optical-fiber cable :~

Costliest Fastest Long distance

Low error rate High security Highest band width

Light weight Can be used in hostile environment


[4] Radio wave :~ It is an Electronic-Magnetic radiation created as beam of energy. It travels in a straight path. wave length 1mm to 100,000km

[5] Micro Wave :~ It is also a radio wave. wave length : 1mm to 1m.

[6] Infrared wave :~ It is wave of light. Used in medical and scientific application; Night vision devices etc.


Selection of Channel

• Reliability• Cost• Security• Speed• Band width


Communication Software

• Access Control– Linking and de-linking of devices.– Auto dialing– Checking user authorisation.

• Networking Management– Checking devices for data – Queuing the data – Routing the message


• Data & File Transmission–Allowing file transfer as attachment–Text and Binary file can be attached

• Error detection and control–Send acknowledgement back to sender–Re-send the data when lost in transit

• Data Security–Employ ID system to protect data from

unauthorised discloser.


Network TopologyThe geometric arrangement of nodes in the network is called Network Topology.

[1] STAR Topology

Advantages ~ - Easy to add and remove nodes. - Node failure does not turn down the network. - Easy to diagnose problem

Disadvantages ~ - High dependency on server. - High cabling cost.


[2] RING Topology

Advantages ~ - Nodes has similar work load. - Easy to expand.

Disadvantages ~ - Expensive. - Difficult to install. - Node failure turn down the network. - Difficult to troubleshoot. - Adding and removing node disturb the network.


[3] BUS Topology

Advantages ~ - Easy to use & form the network. - Minimum cable requirement. - Easy to expand.

Disadvantages ~ - Heavy network traffic can slow down bus transmission. - Each connection between weaken the signals. - Difficult to troubleshoot.


[4] MESH Topology

Advantages ~ - Redundancy of communication path. - Highly reliable. - Network problems are easy to diagnose.

Disadvantages ~ - Cost of installation and maintenance is high.


Transmission Techniques

Serial Transmission

• Single communication path.

• Bits travels along a single path.

• Cheaper mode• Covers long

distance• Slow in speed.

Parallel Transmission

• 8 Communication paths

• All bits of a byte travels together.

• Costly• Not practical for

long distance• Faster transmission


Synchronous

• Sender and Receiver know in advance.

• Data are send in multi - word block.

• Start and Stop bytes are used.

• Transmission is fast.• Costly device.

Asynchronous

• Only sender know the time of transmission.

• Data are send character by character.

• Each character is delimited by Start and Stop bit.

• High reliable.• Transmission is slow.

00000000 1101101010010111110101101101010100111001 11111111

0 11011001 1 0 10101100 1 0 10011001 1 0 11000011 1 0 10101100


Transmission Mode


Transmission Techniques

[1] Circuit Switching :~

It uses single fixed bandwidth channel between nodes to communicate.

First the communication path is selected based on resource-optimizing algorithm.

For the communication session the path is dedicated and exclusive.


[2] Message Switching :~

There is no direct connection between source and destination.

When the message is routed from source to destination, each intermediate node stores the entire message and transmit further.

When congestion occurs the nodes stores and delay the transmission.


[3] Packet Switching :~

Every user gets a pre-defined time to access the network.

Message is divided into small units, called data packets, before they are transmitted.

Every packet has header containing destination address and sequence number.

Each packet may take a different route to reach destination.

At destination the packets are reassembled in the original message.


Transmission Protocol

• Definition– Language of communication.– Set of rule for inter-computer communication.– Standards of communication.– Software to perform actions in communication.

• Functions– Physical aspect of communication– Linking and de-linking of devices– Syntax ~ character set, coding, format– Semantics ~ type and order– Timing ~


• Types ~– Ready-made

• X.12 (EDI), Ethernet (LAN), TCP/IP (Internet)

– User Defined (OSI model)

Application

Presentation

Session

Transport

Network

Data Link

Physical


• Physical– Voltage determination, Topology

• Data Link– Access control, data integrity

• Network– Route determination, linking and de-linking

• Transport– Assembling and dissembling of message– Error recovery, multiplexing, encryption

• Session– Establishing and termination of session

• Presentation– Display of message, application interface

• Application– User services, Database concurrency, Deadlocks


TCP/IP

(Transmission

Control Protocol/Internet

Protocol)

•Provides services to user•FTP, HTTP, SMTP

Application

•Transmission of data packet•Verify be acknowledgement•TCP, UDP

Transport

•Routing, Error checking•Data integrity•IP, ARP

Internet

•Provides interface to network hardware and software.•PPP, FDDI

Network Interface


LAN

Micro computer based network. Inexpensive transmission device. Physical interconnection . High data transmission rate. Limited geographical area. Several topologies possible. Transmission speed is independent of

attached devices. Central computer provides only storage. Protected mode transmission. Freedom of communication.

LAN is a inter-connection of 2 or more computers and associated devices within restricted geographic area


Benefits


Pre-requisites of LAN


LAN C O M

P O N E N T


WLAN

The LAN which does not require any physical media for data transmission.

It employ Radio waves or Infrared signals. A transceiver device, called access point, is

connected to server and support a small group of users.

End user access WLAN through WLAN adapter installed in their computer.


Client – Server Technology


C/S Architecture

C/S divides the processing task and processing power between client and server.

Server sends only that record which is required by the client thereby support database concurrency.

C/s software is based on versatile, message-based and modular infrastructure to improve usability, flexibility, interoperability, scalability.


Reasons and Benefits to C/S computing Easy use of MIS Better customer services Lowering IT cost Direct access to required data. Better connectivity (OFC) Easy implementation and use Increased data security Direct centralised control of NOS Distributed processing Software cost benefits (purchase & upgrade) Platform independent Easy adaptability to new hardware.


Characteristics of C/S computing

• Consist of client and server process that can be distinguished.

• Client and server process can operate on different computer.

• Any plate form can be upgraded individually.• Server can service multiple client and client can avail

services of multiple servers.• Some part of application logic resides at client end.• Actions are initiated by client.• GUI based interface.• SQL capability.• DB Security• Network capability.


Components of C/S computing• Client ~

– Non-GUI based– GUI based– OOUI based

• Server ~– Printer, Modem, Database, Processing server

• Middleware ~– 4 layers

• Service layer Back-end processing layer• NOS layer Transport layer

• Fat client/server ~– Fat client : 2-tier system– Fat server : 3-tier system

• Network


Virtual Private Network

• VPN is a privately operated network of an organization that uses a public server.

• Types ~– Remote-access VPN– Site-to-site VPN

• Intranet based• Extranet based


Broad Band Network (ISDN)

• It is a system of combining voice and data transmission.

• Bandwidth 64kbps.

• Types ~– BRI : 2voice and 1 data channel– PRI : 3 voice and 1 data channel

• Advantages ~– Allows multiple digital channels to operate on regular

phone line.– Easy routing to the proper destination.– Keep noise and interference out, even after combining.– Does not disturb the established connection.


Type of Server[1] Data base server :~

• The central computer of a network which stores, updates and manage Data Base of an organization.

• User interface and Processing logic resides on the Client’s PC.• It is found in the networks with 2-tier architecture.

[2] Printer Server :~

• The central computer of a network which is connected to a printer and allows shared access of printer to its clients.

• It can be Dedicated or Non-dedicated.

[3] Transaction Server :~

• It provides centralized, on-line processing of transactions.


[4] Application Server :~

The central computer of a network which provides logic for processing of data of the database.

It is found in the networks with 3-tier architecture.

First tier - Front end - Client (UI)Second tier - Middle end - Application ServerThird tier - Back end - Data Base Server

Features ~• Component Management• Fault Tolerance• Load Balancing• Transaction Management• Operator’s Console• High Security

Types ~

• Web information server : Server with web script of HTML• Component server : Server with application software• Active application server : Server with decision processing

S/w


Internet Servers [1] File Server ~ It stores user files centrally and allows shared access. It also provides regular backup.

[2] Mail Server ~ They are used to receive and store e-mails. It provides 24 * 365 hrs. access.

[3] DNS Server ~ It is Internet wide distributed database system. It stores host name and associated IP address.

[4] Gopher Server ~ They are search engines used to locate information on the NET. It prompts user for the site address that interests them.

[5] Web Server ~ The provides cyber space to host users site. HTML is used to prepare web document and browser program is used to

view them.


[6] FTP Server ~ They are used to send and receive files from the users. They are of 2 types –

(i) Anonymous server (ii) Named server

[7] News Server ~ They provides world wide discussion system. Users may read and post their articles .

[8] Chat Server ~ They provide communication facility to users. They are of 2 types –

(i) Moderated (ii) Un-moderated

[9] Caching Server ~ They maintain a library of web pages and there by reducing no. of NET

accesses.

[10] Proxy Server ~ They restrict access to information on the NET, by refusing or passing

the request to the server. It operates on a list of rules given by system administrator.


Tier Architecture

Tier system

Single tier system

Two tier system

Three tier system

N-tier system


Single tier Architecture• A single computer containing database to store the data and

applications to process the data is called Single tier system.

• In other words, when all the three component viz. User Interface, Database and Application logic resides in one computer, this is called Single Tier Architecture.

• Advantages ~ It requires only one stand alone computer. It requires only one installation for licensed software.

• Disadvantage ~ It can be used by only one user at a time. It is impractical for an organization which requires many users

to access data concurrently.


Two tier ArchitectureDefinition ~

• A 2TA consists of two computers : Client and Server.• DB is stored on the server and UI resides on the client. PL can

be either on the client or on server.

Purpose ~• To improve usability by supporting user friendly interface.• To improve scalability by supporting upto 100 users.• To support simple, non-time critical system by minimizing

operator’s intervention.

Technical details ~• If processing load is on the client, such client is called Fat

Client and if it is on the server then such server is called Fat Server.


Two tier Architecture

Advantages ~ More users can interact with the system concurrently.

Disadvantage ~ Performance deteriorates if number of users > 100. Limited flexibility due to shifting processing capability to

server. Not cost-effective in terms of software if processing

capability is shifted to client.


Three tier ArchitectureDefinition ~• Emerged in 1990s, 3-TA is designed by adding a third tier (middle

tier server) to 2-TA.• The middle tier provides process management and can accommodate

hundreds of users.

Purpose ~• To provide increased performance, flexibility, maintainability and

scalability, while holding complexity away from the user.

Client 1 Client 1 Client 1

Application Server

Data Base Server


Three tier Architecture

Advantages ~

• Clear separation of User Interface, Database, Process logic.

• Dynamic load balancing

• Change management

Disadvantages ~

• Increased need for traffic management, load balancing and fault tolerance.

• Costly tools.

• Server library maintenance tools are inadequate to promote code sharing.


Data CentreData Centre

• It is a on-line, centralized, highly secured and fault resistant repository for the storage and management of database.

• The primary goal of DC is to deploy redundant infrastructure to maximize availability and prevent down time.

• Types ~- Public Data centre - Private Data centre

• Tiers ~- Tier 1 - Tier 2

- Tier 3 - Tier 4


Services of Data Centre


Features of Data Centre

Size (Land, server, people)

Data Security(IDS, DRP)

Data Availability (B&R)

Security(Physical &

logical)

Electrical system(UPS)

Backup System

Continuous monitoring

Environment control (cool, dust free)


Leveraging the Data Centers

• DC infrastructure need to be exploited to maximize ROI.

• Client of the public DC prefer to choose that DC which provides them benefits of cost saving as well as one-stop provider of value added services.

• Therefore, DC need to ready with additional infrastructure for the customers who wish to increase their requirement without advance notice.

• DC must ensure that bloated inventories of technical infrastructure lead to large amount of sunken capital and when not used in time can become obsolete.


Challenges faced by Management

Challenges

High data growth

Performance and scalability

Congestion & Connectivity

IT Administration

Inadequate DRP

Data protection

Technology

Resource balancing


1) Controlling high data growth ~ It is the biggest h/w infrastructure challenge. Data de-duplication techniques(DDT) are used to face it. DDT replaces redundant data with a pointer to unique data copy.

2) System performance and scalability ~ It is relate to technology obsolescence. Obsolete systems consumes more space, power, cooling and

require more maintenance. To avoid this IT managers must do heavy initial planning(3-5 yrs)

to accommodate performance and capacity need without adding new systems.

3) Network Congestion and Connectivity ~ The new generation servers support high I/O operation but the

tradition LAN switches are not able to meet this increase network demand.

This creates a big network challenge.


4) IT administration and staff time ~Security administrator have to protect more data and meet high security standard while staying limited budget. They have to invest in the following ~

Automatic load balancing and tuning Automatic monitoring and proactive identification of h/w problem. Provide centralized dashboard to monitor and report on the status of

B&R, Duplication and de-duplication.

5) Inadequate DRP ~ DC that uses tapes for backup and dissimilar disk based system for on-

line storage are vulnerable to data loss in the event of disaster. IT managers should consider the use of consistent storage platform.

6) Adopting new data protection technology ~ With limited budget and resources DC managers are challenged to

protect their investment. The cost and risk of migration to new technology poses a great

challenge.

7) Resource balancing ~


Disaster Recovery Site


Business Continuity Planning

Components ~1 : Requirement Definition

2 : Identification of Critical Resources

3 : Planning of use of resources

4 : Definition of Role & Responsibility

5 : Testing

6 : Maintenance


Life cycle of BCP~

Analysis

Solution design

ImplementationTesting

Maintenance


Phase-I : Analysis

Impact Analysis

Threat Analysis

Impact Scenario

Recovery Requirement


Impact Analysis

• Identification of critical and non-critical business functions.• For each critical function assign two values ~• RPO (Recovery point objective) –

• to ensure MTDL (Maximum tolerable data loss)• RTO (Recovery time objective) –

• to ensure MTPD (Maximum tolerable period of disruption)

Threat Analysis

Identification of Threat What can occur in general What is likely to occur


Impact Scenario

Assessment of loss/exposure due to materialization of threat. Such as – Antenna damage, cable burn, database crash, building loss etc.

Recovery Requirement

Hardware, Software, Data/Database, Furniture, Peripheral equipments, personnel etc.


Phase-II : DesignThe activities involved here are ~ Team Building and assignment of Role and Responsibility Selection of Recovery site Telecommunication architecture Backup and Recovery methodology for Data Backup and Recovery methodology for Application

Phase-III : Implementation Putting plan into action is called implementation.

This phase involve signing contract/agreements with external parties to support in recovery.


Phase-IV : Acceptance testing

Testing is conducted to ensure that BCP satisfy all business requirements.

Test is conducted annually or bi-annually

Problem identified are rolled out to maintenance phase.

Testing include ~

Swing test (primary to secondary to primary)

Application test

Business process test


Phase-V : Maintenance

Three activities involved ~

Information update and testing

Staffing change, changes in client and their contract, changes in vendors and their contract, changes in the company’s investment portfolio etc.

Testing and verification of technical solution

Virus definition, Application security, Hardware operability, software operability data verification etc.

Testing & verification of organization procedure

Have the system procedure changed ?

Are all the procedures are documented ?

Are all the procedures allow staff to recover the system ?


Network Security• To protect network communication from

intruder and to safeguard the assets.• Types ~

– Physical Security– Logical Security

• Security Administrator prepares a security program to ensure safeguarding of assets.

• There are 8 steps of security program development.


• Step 1 : Preparing Project Plan

• Step 2 : Assets Classification

• Step 3 : Assets Valuation

• Step 4 : Threat Identification

• Step 5 : Threat Probability

• Step 6 : Exposure Analysis

• Step 7 : Control Adjustment

• Step 8 : Reporting to management


Intrusion Detection System (IDS)


Threats

Un-Structure

d

StructuredExternal

Internal


1) Unstructured Threats This originate from inexperienced individuals using easily available

hacking tools from the internet. E.g. Port scanning tool, Address-swapping tools etc.

These kind of actions are done more out of curiosity rather then bad intention.

2) Structured Threat These originate from highly motivated and technically competent

individuals. They take advantage of system vulnerability and penetrate the security. They target specific business and hired by organized crime, competitors

etc.

3) External Threat These originate from individuals not member of the organization and does not have legitimate access to system.

4) Internal ThreatThese originate from employees or individuals who have authorized access to the network and system.


Vulnerability

Software bugs

Timing Window

Insecure default

configuration

Bad Protocol

Trusting unworthy

Info.

End User


Software bugsBuffer overflow, failure to handle exception, input validation error etc. These are so common that users have developed ways to work with them.

Timing windowSystem failure to protect the temporary files created on the hard disk.

Insecure default configurationIt occurs when user use vender supplied password.

Bad ProtocolProtocol with poor security control are likely to be exploited by hackers.

Trusting untrustworthy informationIt occurs when computers are not programmed to verify that they are receiving information from a unique host and they allow system access to any body.

Non-professional end usersUnawareness of password protection, backup and recovery operation etc.


Virus Attack

• A man-made program developed to perform destructive activities.

• Depending on the intension of its developer it can do any thing.

• 3 Controls ~– Preventive control– Detective control– Corrective control


Abuse of software

• Ways ~– Unauthorized copy of proprietary S/W & Database.– Threat to the privacy of individual’s data stored in the

server.– Use of server for personal gain by employee.– Hackers gaining unauthorized entry in the system.– Intruders destructing the communication.

• Controls ~– Logical access controls– General and application controls– Backup & Recovery plan– Insurance coverage


Fire Wall• A device acting as a barrier between

company server and outside world.

• Types ~– Network level firewall– Application level firewall

chapter [3] computer network and network security created by manish mathur

Documents