Networking and Security Issues in Digital Library

Dr. R. Radhakrishna Pillai

IIM Kozhikode

What is the Internet?• The largest computer network in the world (a

network of networks)• Information exchange is seamless using open, non-

proprietary standards and protocols, within interconnected networks

• Spirit of information sharing and open access underlies the Internet.

• Hosts (end Systems)

• Server

• Packet Switch/Router

• Modem

• Mobile

• Base Station

• Satellite link

Networking Components

• The rule for exchanging information between two

computers

Networking Protocol

• The communication always takes place

between two end systems (hosts)

End-to-end Communication

• The network core comprises of switches

or routers

Network Core

• In Circuit Switching the network resources (e.g., capacity/bandwidth) are

reserved for communication

Circuit Switching

• In Circuit Switching the network resources (e.g., capacity/bandwidth) are

reserved for communication

Circuit Switching

• In Packet Switching the network resources (e.g., capacity/bandwidth) are

NOT reserved for communication. Packets between various hosts

share common resources

Packet Switching

• Packet switched networks have “Efficient” utilization

of resources (e.g. The Internet) compared to

circuit switched networks (e.g., The Telephone

Network)

Classification of Networks

• Access networks connect the end-systems to the core

network. Different technologies are used for

access

Access Networks

• Access networks connect the end-systems to the core

network. Different technologies are used for access (e.g. Hybrid fiber-

coaxial access)

Access Networks

• Access networks connect the end-systems to the core

network. Different technologies are used for

access (e.g. Home Network)

Access Networks

• Various components of packet delay include

– Nodal processing delay

– Queueing delay

– Transmission delay

– Propagation delay

Delays in Networks

• Dependence of Queueing delay on traffic intensity

Delays in Networks

• Smaller sized packets result in smaller end-to-end

delays

Delays in Networks

• Layers of functions with standardised interface

between them

Protocol Stack

• Layers of functions with standardised interface between them

Protocol Stack

Storage Area Networks (SAN)

• Storage use is growing explosively Storage use is growing explosively • Managing locally attached storage is difficultManaging locally attached storage is difficult

– Backup Backup – Access by multiple serversAccess by multiple servers

• Combines the best of storage and networking Combines the best of storage and networking technologies to provide low latency, high technologies to provide low latency, high bandwidth, high availability interconnectbandwidth, high availability interconnect

• ComponentsComponents– ServersServers– Storage FabricStorage Fabric

Storage Area Networks (SAN)• SAN enables storage resources and server SAN enables storage resources and server

resources to grow independentlyresources to grow independently • Storage on a given server can be increased or

decreased as needed without complex reconfiguring or re-cabling of devices.

• Enforcing security policies for access rights to a given device is a core part of the infrastructure

• Data can be transferred directly from device to device without server intervention

• The primary technology used in storage area networks today is Fibre Channel.

Fibre Channel Technologies

• Arbitrated LoopArbitrated Loop

Host A Host B

DeviceE

DeviceC

DeviceD

The Infrastructure of the Internet

• An application that uses the Internet transport functions

• A system with universally accepted standards for storing, retrieving, formatting, and displaying information via a client/server architecture

• Based on HTML - standard hypertext language used in Web

• Handles text, hypermedia, graphics, and sound

Internet Services – World Wide Web

Internet Challenges• Internet Regulation

– Technical organizations (e.g., World Wide Web Consortium) develop standards governing the Internet’s functionality

– These organizations are not formally charged in any legal or operational sense with responsibility for the Internet

– How to control controversial content on the Web?

Internet Challenges (continued)• Internet Expansion

– Tremendous Internet traffic growth has strained some elements of the network

• Slower retrieval times

• Unreliable data transmission

• Denial of service by overloaded servers

– Approaches to overcoming this congestion include• Improved hardware technology

• Improved Web management software

Internet Challenges (continued)• Internet Privacy - Web sites collect information with and

without consumers’ knowledge– Cookie - small data file placed on users’ hard drives when a

site is first visited. Collects data on pages visited and content viewed.

– Three potential approaches to the privacy issue• Government lets groups develop voluntary privacy standards;

does not take any action now unless real problems arise• Government recommends privacy standards for the Internet;

does not pass laws at this time• Government passes laws now for how personal information can

be collected and used on the Internet

– Financial transaction security also a concern

Intranets• A private network that uses Internet

software and TCP/IP protocols– Provide employees with easy access to

corporate information– Used to deploy corporate applications

• Examples – policies and procedures manuals; human resource forms; product catalogs

– Security is a concern• Security measures include – public key security,

encryption, digital certificates, firewalls

Extranets• An extension of an intranet to selected outside

business partners, such as suppliers, distributors, and key customers– Provide business partners with easy access to corporate

information and easy collaboration

• Security– Critical to prevent unwanted entry into internal systems– Virtual private networks (VPNs) are often used to add

security to Internet communication

Operational Characteristics of Internet

• Internetworking technologies are based on open standards

• Internetworking technologies operate asynchronously

• Internet communications have inherent latency

• Naturally decentralised• Scalable

The rise of Internetworking: Business Implications

• Network becomes a computer• Quicker realization of economic value• Emergence of real-time infrastructure: Better data

better decisions, improved process visibility, Improved process efficiency, From make-to-sell to sense-and-respond

• Broader exposure to operational threats• New models of service delivery• Managing legacies

Future Internet Initiatives• Internet2

– A collaboration among more than 180 U.S. universities to develop leading-edge networking and advanced applications for learning and research.

– A group of very high bandwidth networks on the Internet.

– Partnership between universities, industry, and government.

• Next Generation Internet (NGI)– Federal government led initiative to advance Internet

technology and applications.

Securing Infrastructure against Malicious Threats

• Threats: – External attacks – DoS attacks, DDoS,

Spoofing– Intrusion– Viruses and Worms

DoS/DDoS

• Easy to execute, difficult to defend against

• Abrupt termination of conversation

• Attack from different sites – monitoring difficult

• Degradation of service attack

Chapter 6 Figure 6-6

Normal and DoS Handshakes

WebUser’s PC

WebsiteServer

WebsiteServer

WebUser’s PC

SYN: User’s PC says “hello”

ACK-SYN: Server says “Do you want to talk”

ACK: User’s PC says “Yes, let’s talk”

Normal Handshake

DoS Handshake

SYN: User’s PC says “hello” repeatedly

ACK-SYN: Server says “Do you want to talk” repeatedly

No Response: User’s PC waits for server to “timeout”

Source: Austin, Robert D. "The iPremier Company, The (A), (B), and (C): Denial of Service Attack." Harvard Business School Teaching Note 602-033.

Chapter 6 Figure 6-7

A Distributed Denial of Service Attack

Source: Austin, Robert D. "The iPremier Company, The (A), (B), and (C): Denial of Service Attack." Harvard Business School Teaching Note 602-033.

W ebsiteServer

Attacker 1

Attacker 3

Attacker 2

Attacker 5

Attacker 4

Attacker 6

Attacker 7

Attacker 8

Attack Leader

Attack Leader facilitates SYN floods from multiple sources.

Chapter 6 Figure 6-8

“Spoofing”

Source: Austin, Robert D. "The iPremier Company, The (A), (B), and (C): Denial of Service Attack." Harvard Business School Teaching Note 602-033.

A ttacker

A ddress: 12345

T arget

A ddress: 54321

Inform ation Packets

N orm al

“Spoofing”

90817 54321

5432112345

SenderA ddress

D estinationA ddress

Target server correctly interprets sender address

Target server incorrectly interprets sender address

Intrusion

• Get access to company’s internal IT infrastructure– User name, password– Sniffer software– Vulnerabilities left in the software

• Difficult to figure out what intruders might have done inside

Viruses and Worms

• Replicate and spread themselves (worms)

• Virus needs assistance to replicate

• The Code Red Worm (2001)

Securing Infrastructure against Malicious Threats

• Defensive Measures– Security Policies– Firewalls– Authentication– Encryption– Patching and Change management– Intrusion detection and network monitoring

Securing Infrastructure against Malicious Threats

A HOLISTIC APPROACH IS THE NEED OF THE DAY

Thank You