Computer II

Lecture one :
Introduction to Network and Security

College of Engineering
Communication Department

Assist.lec.Haveen Yassin AL-Zahawi

1.1.Networks
A network is a set of devices (often referred to as nodes) connected by
communication links. A node can be a computer, printer, or any other device capable
of sending and/or receiving data generated by other nodes on the network.
“Computer network’’ to mean a collection of autonomous computers interconnected
by a single technology. Two computers are said to be interconnected if they are able
to exchange information. The connection need not be via a copper wire; fiber optics,
microwaves, infrared, and communication satellites can also be used.
Networks come in many sizes, shapes and forms, as we will see later. They are
usually connected together to make larger networks, with the Internet being the most
well-known example of a network of networks.

1.2Components of a Network:
1.Devices (e.g., computers, routers, switches)
2.Communication media (e.g., cables, wireless signals)
3.Protocols (e.g., TCP/IP)
1.3.Importance of Networking
1.Enables communication and data sharing.
2.Facilitates resource sharing (e.g., printers, storage).
3.Supports collaboration (e.g., emails, video conferencing).
1.4.Types of networks :
The types of network are classified based upon the size, the area it covers and its
physical architecture. The three primary network categories are LAN, WAN and
MAN. Each network differs in their characteristics such as distance, transmission
speed, cables and cost.Basic types
LAN (Local Area Network) Group of interconnected computers within a small
area. (room, building,campus) Two or more pc's can from a LAN to share files,
folders, printers, applications and other devices.Coaxial or CAT 5 cables are
normally used for connections. Due to short distances, errors and noise are
minimum. Data transfer rate is 10 to 100 mbps.
Example: A computer lab in a school.
MAN (Metropolitan Area Network) Design to extend over a large area.
Connecting number of LAN's to form larger network, so that resources can be
shared. Networks can be up to 5 to 50 km. Owned by organization or individual.
Data transfer rate is low compare to LAN.
Example: Organization with different branches located in the city.
WAN (Wide Area Network) Are country and worldwide network. Contains
multiple LAN's and MAN's.Distinguished in terms of geographical range.
Uses satellites and microwave relays.
Data transfer rate depends upon the ISP provider and varies over the location.
Best example is the internet.

Other types
WLAN (Wireless LAN) A LAN that uses high frequency radio waves for
communication. Provides short range connectivity with high speed data
transmission.
PAN (Personal Area Network)
Network organized by the individual user for its personal use.
SAN (Storage Area Network)
Connects servers to data storage devices via fiber-optic cables.
E.g.: Used for daily backup of organization or a mirror copy

1.5.NETWORK TOPOLOGIES
The term physical topology refers to the way in which a network is laid out
physically.Two or more devices connect to a link; two or more links form a topology.
The topology of a network is the geometric representation of the relationship of all
the links and linking devices (usually called nodes) to one another.
There are four basic topologies possible: mesh, star, bus, and ring
Mesh :A mesh topology is the one where every node is connected to every other
node in the network. A mesh topology can be a full mesh topology or a partially
connected mesh topology.
star : star topology is one of the most common network setups. In this configuration,
every node connects to a central network device, like a hub, switch, or computer.

Bus: a line topology, a bus topology is a network setup in which each computer
and network device are connected to a single cable or backbone.

Ring : A ring topology is a network configuration in which device connections create

a circular data path. In a ring network, packets of data travel from one device to the
next until they reach their destination.
1.6.Data communication:
A data communications system has five components
1. Message. The message is the information (data) to be communicated. Popular
forms of information include text, numbers, pictures, audio, and video.
2 Sender. The sender is the device that sends the data message. It can be a
computer, workstation, telephone handset, video camera, and so on.
3. Receiver. The receiver is the device that receives the message. It can be a
computer, workstation, telephone handset, television, and so on.
4. Transmission medium. The transmission medium is the physical path by which a
message travels from sender to receiver. Some examples of transmission media
include twisted-pair wire, coaxial cable, fiber-optic cable, and radio waves.
5. Protocol. A protocol is a set of rules that govern data communications. It
represents an agreement between the communicating devices. Without a protocol,
two devices may be connected but not communicating, just as a person speaking
French cannot be understood by a person who speaks only Japanese
Data Flow
Communication between two devices can be simplex, half-duplex, or full-duplex
as shown in Figure.
2.1.Security
Computer Security: The protection afforded to an automated information system in
order to attain the applicable objectives of preserving the integrity, availability, and
confidentiality of information system resources (includes hardware, software,
firmware, information/data, and telecommunications). This definition introduces
three key objectives that are at the heart of (goals of) computer security:
1. Confidentiality : This term covers two related concepts:
a) Data confidentiality: Assures that private or confidential
information is not made available or disclosed to unauthorized
individuals.
b) Privacy: Assures that individuals control what
information related to them may be collected and stored by whom
and to whom that information may be disclosed.
2. Integrity : This term covers two related concepts:
a) Data integrity : Assures that information and programs are changed only in a
specified and authorized manner.
b) System integrity: Assures that a system performs its intended function in an
unimpaired manner, free from deliberate or inadvertent unauthorized manipulation
of the system.
3. Availability :Assures that systems work promptly and service is not denied to
authorize users.
CIA triad Model: is a model designed to guide policies for information security
within an organization.
Although the use of the CIA triad to define security objectives is well established,
some in the security field feel that additional concepts are needed to present a
complete picture. Two of the most commonly mentioned are as follows:
• Authenticity: The property of being genuine and being able to be verified and
trusted; confidence in the validity of a transmission, a message, or message
originator. This means verifying that users are who they say they are and that
each input arriving at the system came from a trusted source.
• Accountability: The security goal that generates the requirement for actions
of an entity to be traced uniquely to that entity. This intrusion ,deterrence
,nonrepudiation supports detection and prevention, and after action recovery
and legal action. Because truly secure systems are not yet an achievable goal,
we must be able to trace a security breach to a responsible party.Systems must
keep records of their activities to permit later forensic analysis to trace security
breaches or to aid in transaction disputes.
2.2.Security Architecture for OSI
ITU (International Telecommunication United) defines the OSI security
architecture; it is useful to managers as a way of organizing the task of providing
security. Furthermore, because this architecture was developed as an international
standard, computer and communications vendors have developed security features
for their products and services that relate to this structured definition of services and
mechanisms.
The OSI security architecture focuses on security attacks,
mechanisms, and services. These can be defined briefly as:
• Security attack: Any action that compromises the security of information
owned by an organization.
• Security mechanism: A process (or a device incorporating such a process) that
is designed to detect, prevent, or recover from a security attack.
• Security service: A processing or communication service that enhances the
security of the data processing systems and the information transfers of an
organization. The services are intended to counter security attacks, and they
make use of one or moresecurity mechanisms to provide the service. The
security services are implemented by security mechanisms.
• Threat : A potential for violation of security, whichexists when there is a
circumstance, capability, action, or event that could breach security and cause
harm. That is, a threat is a possible danger that might exploit vulnerability.
• Attack: An assault on system security that derives from an intelligent threat;
that is, an intelligent act that is a deliberate attempt (especially in the sense of
a method or technique) to evade security services and violate the security
policy of a system.
2.3.Security Attacks
A useful means of classifying security attacks, used both in X.800 and RFC
2828, is in terms passive attacks and active attacks. A passive attack attempts to
learn or make use of information from the system but does not affect system
resources. An active attack attempts to alter system resources or affect their
operation.
Passive Attacks
Passive attacks are in the nature of eavesdropping on, or monitoring of,
transmissions. The goal of the opponent is to obtain information that is being
transmitted. Two types of passive attacks are release of message contents and
traffic analysis.
• The release of message contents:
A telephone conversation, an electronic mail message, and a transferred file may
contain sensitive or confidential information. We would like to prevent an
opponent from learning the contents of these transmissions.
• Traffic analysis:
Due to the encryption process for the contents of messages or other information
traffic, the opponents, even if they captured the message, could not extract the
information from the message (Figure 1.1b). An opponent might still be able to
observe the pattern of these messages. The opponent could determine the location
and identity of communicating hosts and could observe the frequency and length
of messages being exchanged. This information might be useful in guessing the
nature of the communication that was taking place.
Passive attacks are very difficult to detect because they do not involve any alteration
of the data. However, it is feasible to prevent the success of these attacks, usually by
means of encryption. Thus, the emphasis in dealing with passive attacks is on
prevention rather than detection.
Active Attacks
Active attacks involve some modification of the data stream or the creation of a false
stream and can be subdivided into four categories:
Masquerade replay, modification of messages, and denial of service.
• A masquerade takes place when one entity pretends to be a different entity.
• Replay involves the passive capture of a data unit and its subsequent
retransmission to produce an unauthorized effect
• Modification of messages simply means that some portion of a legitimate
message is altered, or that messages are delayed or reordered, to produce an
unauthorized effect .For example, a message meaning "Allow John Smith to
read confidential file accounts" is modified to mean "Allow Fred Brown to
read confidential file accounts."
• The denial of service prevents or inhibits the normal use or management of
communications facilities. Active attack is quite difficult to prevent active
attacks absolutely, because of the wide variety of potential physical, software,
and network vulnerabilities
2.4. Achieving Network Security
International Telecommunication Union (ITU), in its recommendation on security
architecture X.800, has defined certain mechanisms to bring the standardization in
methods to achieve network security. Some of these mechanisms are:-
• Encipherment: this mechanism provides data confidentiality services by
transforming data into not readable forms for the unauthorized persons. This
mechanism uses encryption-decryption algorithm with secret keys. In
general, the algorithms of enciphering are divided into symmetric (or secret
key) and asymmetric key (or public key).
• Digital signatures: This mechanism is the electronic equivalent of ordinary
signatures in electronic data. Data signatures can be used to provide peer
entity authentication and data origin authentication, data integrity, and
nonrepudiation services. Examples of signature lgorithms are RSA, DSA and
EIGamal.
• Access control: This mechanism is used to provide access control services.
These mechanisms may use the identification and authentication of an entity
to determine and enforce the access rights of the entity. Examples; firewalls
and OS user access privileges.
• Authentication Mechanisms: these mechanisms provide authentication
services by assuring the identity of a principle. Such as password,
cryptographic techniques and biometrics.
• Traffic-Padding Mechanisms: they provide protection from traffic analysis.
Several network protocols and security mechanisms include padding
mechanisms to protect the exchanged communication.
• Routing Control Mechanisms: they allow the selection of a specific rout for
communicating data, either dynamically or statically through prearranged
routes. Hackers, viruses, and malicious programs frequently exploit the
security vulnerabilities of routing protocols in order to launch network
security attacks.
• Notarization Mechanisms: they are used to assure the integrity, the source or
destination, and the time of sending or delivering of transmitted data. Such
assurance mechanisms may be part of the networking protocols in use and/or
of a trusted third party which may be used to assure the communication
consistency and nonrepudiation. It may be supported by other mechanisms
such as digital signatures, encipherment, or integrity mechanisms.

Having developed and identified various security mechanisms for achieving

network security, it is essential to decide where to apply them; both physically
 (at what location) and logically (at what layer of an architecture such as
TCP/IP).
2.5. Network Security Attacks
The common vulnerability that exists in both wired and wireless networks is an
“unauthorized access” to a network. An attacker can connect his device to a network
through unsecure hub/switch port. In this regard, wireless network are considered
less secure than wired network, because wireless network can be easily accessed
without any physical connection.
After accessing, an attacker can exploit this vulnerability to launch
attacks such as
• Sniffing the packet data to steal valuable information.
• Denial of service (DoS) to legitimate users on a network by flooding the
network medium with spurious packets.
• Spoofing :spoofing is the act of a subject asserting an identity (physical
identities (MAC)) of legitimate hosts that the subject has no right to use, and
then stealing data or further launching a „man-in-the-middle‟ attack.
• Eavesdropping:these attacks consist of the unauthorized interception of
network communication and the disclosure of the exchanged information.
• Logon Abuse :A successful logon abuse attack would bypass the
authentication and access control mechanisms and allow a user to obtain
access with more privileges than authorized.
• Intrusion attacks: these attacks focus on unauthorized users gaining access to
a system through the network.
• Hijacking attack: this attack attempts to gain unauthorized access to a system
by using a legitimate entity's existing connection. For example at the session
layer, if a user leaves an open session, this can be subject to session hijacking
by an attacker.
• Application Level attacks: these attacks are concerned with the exploitation
of weaknesses in the application layer and really focus on intrusion attacks in
most cases. Examples of these attacks include malicious S/W attacks (viruses,
Trojans, etc.), Webserver attacks, remote command execution, structure query
language (SQL) injection, and cross-site scripting (XSS)