Computers II - Networking and Security - University of Babylon PDF

Summary

This document is an excerpt from a textbook on computer networks, specifically, networking and security. Introduction to computer networks, followed by examples of business and home applications, are included. The chapter objectives for the unit are also listed.

Full Transcript

6OJWFSTJUZ
PG
#BCZMPO


$PMMFHF
PG
&OHJOFFSJOH"M.VTBZBC

%FQU
PG
&OFSHZ

3FOFXBCMF
&OFSHJFT

$PNQVUFST
**
4FDPOE
$MBTT
#Z

0NBS
"
"MLBXBL

1HWZRUNLQJDQG6HFXULW\

$IBQUFS

0OF
Chapter Objectives
After the completion of this unit, students/readers will be able to :

3URYLGHDQLQGHSWKXQGHUVWDQGLQJRILPSRUWDQWLVVXHVUHODWHGWRQHWZRUNVDQGLWVVHFXULW\
7KHVWXGHQWVZLOOOHDUQKRZWRXVHSXEOLFO\DYDLODEOHWRROVIRUGHWHFWLQJUHVSRQGLQJDQG
UHFRYHULQJIURPVHFXULW\LQFLGHQWV
University of Babylon
College of Engineering/Al-Musayab
Dept. of Energy & Renewable Energies Computers II-Chapter one

Introduction to Computer Networks
,Q WKLV FRXUVH we will use the term ‘‘computer network’’ to mean a
FROOHFWLRQ RI DXWRQRPRXV FRPSXWHUV LQWHUFRQQHFWHG E\ D VLQJOH
WHFKQRORJ\7ZRFRPSXWHUVDUHVDLGWREHLQWHUFRQQHFWHGLIWKH\DUHDEOH
WRH[FKDQJHLQIRUPDWLRQ7KHFRQQHFWLRQQHHGQRWEHYLDDFRSSHUZLUH
ILEHURSWLFVPLFURZDYHVLQIUDUHGDQGFRPPXQLFDWLRQVDWHOOLWHVFDQDOVR
EHXVHG1HWZRUNVFRPHLQPDQ\VL]HVVKDSHVDQGIRUPVDVZHZLOOVHH
ODWHU7KH\DUHXVXDOO\FRQQHFWHGWRJHWKHUWRPDNHODUJHUQHWZRUNVZLWK
WKH ,QWHUQHW EHLQJ WKH PRVW ZHOONQRZQ H[DPSOH RI D QHWZRUN RI
QHWZRUNV
,QWKLVOHFWXUH\RXZLOOOHDUQWR8VHVRIFRPSXWHUQHWZRUNVLGHQWLI\WKH
NH\ FRPSRQHQWV RI FRPSXWHU QHWZRUN QHWZRUNV FODVVLILFDWLRQ QHWZRUN
VRIWZDUHUHIHUHQFHPRGHOVDQGRWKHUV

1.1 Uses of Computer Networks
$PRQJDOORIWKHHVVHQWLDOVIRUKXPDQH[LVWHQFHWKHQHHGWRLQWHUDFWZLWK
RWKHUVUDQNVMXVWEHORZRXUQHHGWRVXVWDLQOLIH&RPPXQLFDWLRQLVDOPRVW
DV LPSRUWDQW WR XV DV RXU UHOLDQFH RQ DLU ZDWHU IRRG DQG VKHOWHU 7KH
PHWKRGV WKDW ZH XVH WR VKDUH LGHDV DQG LQIRUPDWLRQ DUH FRQVWDQWO\
FKDQJLQJDQGHYROYLQJ:KHUHDVWKHKXPDQQHWZRUNZDVRQFHOLPLWHGWR
IDFHWRIDFH FRQYHUVDWLRQV PHGLD EUHDNWKURXJKV FRQWLQXH WR H[WHQG WKH
UHDFKRIRXUFRPPXQLFDWLRQV)URPWKHSULQWLQJSUHVVWRWHOHYLVLRQHDFK
QHZ GHYHORSPHQW KDV LPSURYHG DQG HQKDQFHG RXU FRPPXQLFDWLRQ $V
ZLWK HYHU\ DGYDQFH LQ FRPPXQLFDWLRQ WHFKQRORJ\ WKH FUHDWLRQ DQG
LQWHUFRQQHFWLRQRIUREXVWGDWDQHWZRUNVLVKDYLQJDSURIRXQGHIIHFW(DUO\
GDWD QHWZRUNV ZHUH OLPLWHG WR H[FKDQJLQJ FKDUDFWHUEDVHG LQIRUPDWLRQ
EHWZHHQFRQQHFWHGFRPSXWHUV\VWHPV&XUUHQWQHWZRUNVKDYHHYROYHGWR

Omar A. AlKawak ˻ ˻˹˻˾-˻˹˻˽
University of Babylon
College of Engineering/Al-Musayab
Dept. of Energy & Renewable Energies Computers II-Chapter one

FDUU\ YRLFH YLGHR VWUHDPV WH[W DQG JUDSKLFV EHWZHHQ PDQ\ GLIIHUHQW
W\SHVRIGHYLFHV
:HZLOOVWDUWZLWKWUDGLWLRQDOXVHVDWFRPSDQLHVWKHQPRYHRQWRKRPH
QHWZRUNLQJ DQG UHFHQW GHYHORSPHQWV UHJDUGLQJ PRELOH XVHUV DQG ILQLVK
ZLWKVRFLDOLVVXHV

1.1.1 Business Applications
0RVWFRPSDQLHVKDYHDVXEVWDQWLDOQXPEHURIFRPSXWHUV)RUH[DPSOHD
FRPSDQ\ PD\KDYHDFRPSXWHUIRUHDFKZRUNHUDQGXVHWKHPWRGHVLJQ
SURGXFWV ZULWH EURFKXUHV DQG GR WKH SD\UROO ,QLWLDOO\ VRPH RI WKHVH
FRPSXWHUV PD\ KDYH ZRUNHG LQ LVRODWLRQ IURP WKH RWKHUV EXW DW VRPH
SRLQW PDQDJHPHQW PD\ KDYH GHFLGHG WR FRQQHFW WKHP WR EH DEOH WR
GLVWULEXWHLQIRUPDWLRQWKURXJKRXWWKHFRPSDQ\.
3XWLQVOLJKWO\PRUHJHQHUDOIRUPWKHLVVXHKHUHLVUHVRXUFHVKDULQJ7KH
JRDOLVWRPDNHDOOSURJUDPVHTXLSPHQWDQGHVSHFLDOO\GDWDDYDLODEOHWR
DQ\RQH RQ WKH QHWZRUN ZLWKRXW UHJDUG WR WKH SK\VLFDO ORFDWLRQ RI WKH
UHVRXUFHRUWKHXVHUDVVKRZQLQ)LJXUH

Figure 1-1%XVLQHVVDSSOLFDWLRQVFDQEHDFFHVVHGUHPRWHO\DVLI
HPSOR\HHVZHUHRQVLWH

,Q WKH VLPSOHVW RI WHUPV RQH FDQ LPDJLQH D FRPSDQ\’V LQIRUPDWLRQ
V\VWHPDVFRQVLVWLQJRIRQHRUPRUHGDWDEDVHVZLWKFRPSDQ\LQIRUPDWLRQ

Omar A. AlKawak ˼ ˻˹˻˾-˻˹˻˽
University of Babylon
College of Engineering/Al-Musayab
Dept. of Energy & Renewable Energies Computers II-Chapter one

DQG VRPH QXPEHU RI HPSOR\HHV ZKR QHHG WR DFFHVV WKHP UHPRWHO\ ,Q
WKLV PRGHO WKH GDWD DUH VWRUHG RQ SRZHUIXO FRPSXWHUV FDOOHG servers
2IWHQ WKHVH DUH FHQWUDOO\ KRXVHG DQG PDLQWDLQHG E\ D V\VWHP
DGPLQLVWUDWRU ,Q FRQWUDVW WKH HPSOR\HHV KDYH VLPSOHU PDFKLQHV FDOOHG
clientsRQWKHLUGHVNVZLWKZKLFKWKH\DFFHVVUHPRWHGDWDIRUH[DPSOH
WR LQFOXGH LQ VSUHDGVKHHWV WKH\ DUH FRQVWUXFWLQJ ,Q WKH FOLHQWVHUYHU
PRGHO WKH GHYLFH UHTXHVWLQJ WKH LQIRUPDWLRQ LV FDOOHG D client DQG WKH
GHYLFHUHVSRQGLQJWRWKHUHTXHVWLVFDOOHGDserver7KHFOLHQWDQGVHUYHU
PDFKLQHVDUHFRQQHFWHGE\DQHWZRUNDVLOOXVWUDWHGLQ)LJXUH

Figure 1-2$QHWZRUNZLWKWZRFOLHQWVDQGRQHVHUYHU

7KHPRVWSRSXODUUHDOL]DWLRQLVWKDWRIDWeb applicationLQZKLFKWKH
VHUYHU JHQHUDWHV :HE SDJHV EDVHG RQ LWV GDWDEDVH LQ UHVSRQVH WR FOLHQW
UHTXHVWV WKDW PD\ XSGDWH WKH GDWDEDVH 7KH FOLHQWVHUYHU PRGHO LV
DSSOLFDEOHZKHQWKHFOLHQWDQGVHUYHUDUHERWKLQWKHVDPHEXLOGLQJ DQG
EHORQJWRWKHVDPHFRPSDQ\ EXWDOVRZKHQWKH\DUHIDUDSDUW
,IZHORRNDWWKHFOLHQWVHUYHUPRGHOLQGHWDLOZHVHHWKDWWZRSURFHVVHV
LHUXQQLQJSURJUDPV DUHLQYROYHGRQHRQWKHFOLHQWPDFKLQHDQGRQH
RQ WKH VHUYHU PDFKLQH &RPPXQLFDWLRQ WDNHV WKH IRUP RI WKH FOLHQW
SURFHVV VHQGLQJ D PHVVDJH RYHU WKH QHWZRUN WR WKH VHUYHU SURFHVV 7KH
FOLHQW SURFHVV WKHQ ZDLWV IRU D UHSO\ PHVVDJH :KHQ WKH VHUYHU SURFHVV

Omar A. AlKawak ˽ ˻˹˻˾-˻˹˻˽
University of Babylon
College of Engineering/Al-Musayab
Dept. of Energy & Renewable Energies Computers II-Chapter one

JHWVWKHUHTXHVWLWSHUIRUPVWKHUHTXHVWHGZRUNRUORRNVXSWKHUHTXHVWHG
GDWDDQGVHQGVEDFNDUHSO\7KHVHPHVVDJHVDUHVKRZQLQ)LJXUH

Figure 1-3.7KHFOLHQWVHUYHUPRGHOLQYROYHVUHTXHVWVDQGUHSOLHV

1.1.2 Home Applications
,QWHUQHW DFFHVV SURYLGHV KRPH XVHUV ZLWK FRQQHFWLYLW\ WR UHPRWH
FRPSXWHUV $V ZLWK FRPSDQLHV KRPH XVHUV FDQ DFFHVV LQIRUPDWLRQ
FRPPXQLFDWH ZLWK RWKHU SHRSOH DQG EX\ SURGXFWV DQG VHUYLFHV ZLWK H
FRPPHUFH7KHPDLQEHQHILWQRZFRPHVIURPFRQQHFWLQJRXWVLGHRIWKH
KRPH $FFHVV WR UHPRWH LQIRUPDWLRQ FRPHV LQ PDQ\ IRUPV ,W FDQ EH
VXUILQJWKH:RUOG:LGH:HEIRULQIRUPDWLRQRUMXVWIRUIXQ,QIRUPDWLRQ
DYDLODEOH LQFOXGHV WKH DUWV EXVLQHVV FRRNLQJ JRYHUQPHQW KHDOWK
KLVWRU\KREELHVUHFUHDWLRQVFLHQFHVSRUWVWUDYHODQGPDQ\RWKHUV
0XFK RI WKLV LQIRUPDWLRQ LV DFFHVVHG XVLQJ WKH FOLHQWVHUYHU PRGHO EXW
WKHUH LV GLIIHUHQW SRSXODU PRGHO IRU DFFHVVLQJ LQIRUPDWLRQ WKDW JRHV E\
WKHQDPHRIPeer-to-PeerFRPPXQLFDWLRQ
,QDpeer-to-peer networkWZRRUPRUHFRPSXWHUVDUHFRQQHFWHGYLDD
QHWZRUN DQG FDQ VKDUH UHVRXUFHV VXFK DV SULQWHUV DQG ILOHV  ZLWKRXW
KDYLQJDGHGLFDWHGVHUYHU(YHU\FRQQHFWHGHQGGHYLFH NQRZQDVDSHHU 
FDQIXQFWLRQDVHLWKHUDVHUYHURUDFOLHQW2QHFRPSXWHUPLJKWDVVXPHWKH
UROHRIVHUYHUIRURQHWUDQVDFWLRQZKLOHVLPXOWDQHRXVO\VHUYLQJDVDFOLHQW
IRU DQRWKHU ,Q WKLV IRUP LQGLYLGXDOV ZKR IRUP D ORRVH JURXS FDQ
FRPPXQLFDWH ZLWK RWKHUV LQ WKH JURXS DV VKRZQ LQ )LJXUH   (YHU\

Omar A. AlKawak ˾ ˻˹˻˾-˻˹˻˽
University of Babylon
College of Engineering/Al-Musayab
Dept. of Energy & Renewable Energies Computers II-Chapter one

SHUVRQ FDQ LQ SULQFLSOH FRPPXQLFDWH ZLWK RQH RU PRUH RWKHU SHRSOH
WKHUHLVQRIL[HGGLYLVLRQLQWRFOLHQWVDQGVHUYHUV

Figure 1-4.,QDSHHUWRSHHUV\VWHPWKHUHDUHQRIL[HGFOLHQWVDQG
VHUYHUV

8QOLNHWKHFOLHQWVHUYHUPRGHOZKLFKXVHVGHGLFDWHGVHUYHUVSHHUWRSHHU
QHWZRUNV GHFHQWUDOL]H WKH UHVRXUFHV RQ D QHWZRUN ,QVWHDG RI ORFDWLQJ
LQIRUPDWLRQWREHVKDUHGRQGHGLFDWHGVHUYHUVLQIRUPDWLRQFDQEHORFDWHG
DQ\ZKHUH RQ DQ\ FRQQHFWHG GHYLFH %HFDXVH SHHUWRSHHU QHWZRUNV
XVXDOO\GRQRWXVHFHQWUDOL]HGXVHUDFFRXQWVSHUPLVVLRQVRUPRQLWRUVLW
LVGLIILFXOWWRHQIRUFHVHFXULW\DQGDFFHVVSROLFLHVLQQHWZRUNVFRQWDLQLQJ
PRUHWKDQMXVWDIHZFRPSXWHUV8VHUDFFRXQWVDQGDFFHVVULJKWVPXVWEH
VHWLQGLYLGXDOO\RQHDFKSHHUGHYLFH

1.1.3 Mobile Users
0RELOHFRPSXWHUVVXFKDVODSWRSDQGKDQGKHOGFRPSXWHUVDUHRQHRIWKH
IDVWHVWJURZLQJ VHJPHQWV RI WKH FRPSXWHU LQGXVWU\ 7KHLU VDOHV KDYH
DOUHDG\RYHUWDNHQWKRVHRIGHVNWRSFRPSXWHUV:K\ZRXOGDQ\RQHZDQW
RQH"3HRSOHRQWKHJRRIWHQZDQWWRXVHWKHLUPRELOHGHYLFHVWRUHDGDQG
VHQGHPDLOWZHHWZDWFKPRYLHVGRZQORDGPXVLFSOD\JDPHVRUVLPSO\
WRVXUIWKH:HEIRULQIRUPDWLRQ7KH\ZDQWWRGRDOORIWKHWKLQJVWKH\GR
DWKRPHDQGLQWKHRIILFH1DWXUDOO\WKH\ZDQWWRGRWKHPIURPDQ\ZKHUH
RQODQGVHDRULQWKHDLU

Omar A. AlKawak ˿ ˻˹˻˾-˻˹˻˽
University of Babylon
College of Engineering/Al-Musayab
Dept. of Energy & Renewable Energies Computers II-Chapter one

Connectivity WR WKH ,QWHUQHW HQDEOHV PDQ\ RI WKHVH PRELOH XVHV 6LQFH
KDYLQJ D ZLUHG FRQQHFWLRQ LV LPSRVVLEOH LQ FDUV ERDWV DQG DLUSODQHV
WKHUHLVDORWRILQWHUHVWLQwireless networks&HOOXODUQHWZRUNVRSHUDWHG
E\WKHWHOHSKRQHFRPSDQLHVDUHRQHIDPLOLDUNLQGRIZLUHOHVVQHWZRUNWKDW
EODQNHWVXVZLWKFRYHUDJHIRUPRELOHSKRQHV:LUHOHVVKRWVSRWVEDVHGRQ
WKH  VWDQGDUG DUH DQRWKHU NLQG RI ZLUHOHVV QHWZRUN IRU PRELOH
FRPSXWHUV
:LUHOHVV QHWZRUNV DUH RI JUHDW YDOXH WR IOHHWV RI WUXFNV WD[LV GHOLYHU\
YHKLFOHV,DQGUHSDLUSHUVRQVIRUNHHSLQJLQFRQWDFW ZLWKWKHLUKRPHEDVH
:LUHOHVVQHWZRUNVDUHDOVRLPSRUWDQWWRWKHPLOLWDU\
7KHORQJDZDLWHGFRQYHUJHQFHRIWHOHSKRQHVDQGWKH,QWHUQHWKDVILQDOO\
DUULYHG DQG LW ZLOO DFFHOHUDWH WKH JURZWKRI PRELOH DSSOLFDWLRQV Smart
phones VXFK DV WKH SRSXODU L3KRQH FRPELQH DVSHFWV RI PRELOH SKRQHV
DQGPRELOHFRPSXWHUV7KH *DQG* FHOOXODUQHWZRUNVWRZKLFKWKH\
FRQQHFW FDQ SURYLGH IDVW GDWD VHUYLFHV IRU XVLQJ WKH ,QWHUQHW DV ZHOO DV
KDQGOLQJ SKRQH FDOOV 0DQ\ DGYDQFHG SKRQHV FRQQHFW WR ZLUHOHVV
KRWVSRWV WRR DQG DXWRPDWLFDOO\ VZLWFK EHWZHHQ QHWZRUNV WR FKRRVH WKH
EHVWRSWLRQIRUWKHXVHU
6LQFH PRELOH SKRQHV NQRZ WKHLU ORFDWLRQV RIWHQ EHFDXVH WKH\ DUH
HTXLSSHG ZLWK GPS Global Positioning System  UHFHLYHUV VRPH
VHUYLFHVDUHLQWHQWLRQDOO\ORFDWLRQGHSHQGHQW0RELOHPDSVDQGGLUHFWLRQV
DUH DQ REYLRXV FDQGLGDWH DV \RXU *36HQDEOHG SKRQH DQG FDU SUREDEO\
KDYHDEHWWHULGHDRIZKHUH\RXDUHWKDQ\RXGR6RWRRDUHVHDUFKHVIRU
DQHDUE\ERRNVWRUHRU&KLQHVHUHVWDXUDQWRUDORFDOZHDWKHUIRUHFDVW$Q
DUHDLQZKLFKPRELOHSKRQHVDUHQRZVWDUWLQJWREHXVHGLVm-commerce
mobile-commerce  6KRUW WH[W PHVVDJHV IURP WKH PRELOH DUH XVHG WR
DXWKRUL]H SD\PHQWV IRU IRRG LQ YHQGLQJ PDFKLQHV PRYLH WLFNHWV DQG
RWKHUVPDOOLWHPVLQVWHDGRIFDVKDQGFUHGLWFDUGVSensor networksDUH
PDGHXSRIQRGHVWKDWJDWKHUDQGZLUHOHVVO\UHOD\LQIRUPDWLRQWKH\VHQVH

Omar A. AlKawak ̀ ˻˹˻˾-˻˹˻˽
University of Babylon
College of Engineering/Al-Musayab
Dept. of Energy & Renewable Energies Computers II-Chapter one

DERXWWKHVWDWHRIWKHSK\VLFDOZRUOG7KHQRGHVPD\EHSDUWRIIDPLOLDU
LWHPVVXFKDVFDUVRUSKRQHVRUWKH\PD\EHVPDOOVHSDUDWHGHYLFHV)RU
H[DPSOH\RXUFDUPLJKWJDWKHUGDWDRQLWVORFDWLRQVSHHGYLEUDWLRQDQG
IXHO HIILFLHQF\ IURP LWV RQERDUG GLDJQRVWLF V\VWHP DQG XSORDG WKLV
LQIRUPDWLRQ WR D GDWDEDVH 7KRVH GDWD FDQ KHOS ILQG SRWKROHV SODQ WULSV
around congested roads, and tell you if you are a ‘‘gas guzzler’’
FRPSDUHGWRRWKHUGULYHUVRQWKHVDPHVWUHWFKRIURDG

1.1.4 Social Issues
&RPSXWHUQHWZRUNVOLNHWKHSULQWLQJSUHVV\HDUVDJRDOORZRUGLQDU\
FLWL]HQV WRGLVWULEXWHDQG YLHZ FRQWHQW LQZD\V WKDW ZHUHQRWSUHYLRXVO\
SRVVLEOH %XW DORQJ ZLWK WKH JRRG FRPHV WKH EDG DV WKLV QHZIRXQG
IUHHGRPEULQJVZLWKLWPDQ\XQVROYHGVRFLDOSROLWLFDODQGHWKLFDOLVVXHV
/HWXVMXVWEULHIO\PHQWLRQDIHZRIWKHPDWKRURXJKVWXG\ZRXOGUHTXLUH
DIXOOERRNDWOHDVW
6RFLDO QHWZRUNV PHVVDJH ERDUGV FRQWHQW VKDULQJ VLWHV DQG D KRVW RI
RWKHU DSSOLFDWLRQV DOORZ SHRSOH WR VKDUH WKHLU YLHZV ZLWK OLNHPLQGHG
LQGLYLGXDOV $V ORQJ DV WKH VXEMHFWV DUH UHVWULFWHG WR WHFKQLFDO WRSLFV RU
KREELHVOLNHJDUGHQLQJQRWWRRPDQ\SUREOHPVZLOODULVH7KHVHSUREOHPV
VXFKDV&RS\ULJKWYHUVXVFRRNLHVspam, …etc. 

1.2 Networks
$ QHWZRUN LV D VHWRI GHYLFHV RIWHQ UHIHUUHG WR DV QRGHV  FRQQHFWHG E\
FRPPXQLFDWLRQ OLQNV $ QRGH FDQ EH D FRPSXWHU SULQWHU RU DQ\ RWKHU
GHYLFHFDSDEOHRIVHQGLQJDQGRUUHFHLYLQJGDWDJHQHUDWHGE\RWKHUQRGHV
RQ WKH QHWZRUN 0RVW QHWZRUNV XVH distributed processing LQ ZKLFK D
WDVN LV GLYLGHG DPRQJ PXOWLSOH FRPSXWHUV ,QVWHDG RI RQH VLQJOH ODUJH
PDFKLQH EHLQJ UHVSRQVLEOH IRU DOO DVSHFWV RI D SURFHVV VHSDUDWH
FRPSXWHUV XVXDOO\DSHUVRQDOFRPSXWHURUZRUNVWDWLRQ KDQGOHDVXEVHW

Omar A. AlKawak ́ ˻˹˻˾-˻˹˻˽
University of Babylon
College of Engineering/Al-Musayab
Dept. of Energy & Renewable Energies Computers II-Chapter one

1.2.1 The Elements of Computer Network
7KH )LJXUH VKRZV HOHPHQWVRI D W\SLFDOQHWZRUN LQFOXGLQJ devices

mediumrulesDQGmessages

Figure 1-57KHPDLQFRPSRQHQWVRIFRPSXWHUQHWZRUN

1HWZRUNLQJ LV D YHU\ JUDSKLFDOO\ RULHQWHG VXEMHFW DQG LFRQV DUH
FRPPRQO\ XVHG WR UHSUHVHQW QHWZRUNLQJ GHYLFHV 7KHUH DUH PDQ\ RI
FRPPRQ QHWZRUNLQJ GHYLFHV WKDW DUH XVHG WR QHWZRUNLQJ DV VKRZQ LQ
)LJXUH

Figure 1-6&RPPRQ1HWZRUNLQJ6\PEROV

Omar A. AlKawak ̂ ˻˹˻˾-˻˹˻˽
University of Babylon
College of Engineering/Al-Musayab
Dept. of Energy & Renewable Energies Computers II-Chapter one

2Q WKH OHIW VLGH RI WKH ILJXUH DUH VKRZQ VRPH FRPPRQ devices ZKLFK
RIWHQ RULJLQDWH PHVVDJHV WKDW FRPSULVH RXU FRPPXQLFDWLRQ 7KHVH
LQFOXGH YDULRXV W\SHV RI FRPSXWHUV D 3& DQG ODSWRS LFRQ DUH VKRZQ 
VHUYHUVDQG,3SKRQHV2QORFDODUHDQHWZRUNVWKHVHGHYLFHVDUHW\SLFDOO\
FRQQHFWHGE\/$1PHGLD ZLUHGRUZLUHOHVV 
7KHULJKWVLGHRIWKHILJXUHVKRZVVRPHRIWKHPRVWFRPPRQLQWHUPHGLDWH
GHYLFHVXVHGWRGLUHFWDQGPDQDJHPHVVDJHVDFURVVWKHQHWZRUNDVZHOO
DVRWKHUFRPPRQQHWZRUNLQJV\PEROV*HQHULFV\PEROVDUHVKRZQIRU
ƒ 6ZLWFK  WKH PRVW FRPPRQ GHYLFH IRU LQWHUFRQQHFWLQJ ORFDO DUHD
QHWZRUNV
ƒ )LUHZDOOSURYLGHVVHFXULW\WRQHWZRUNV
ƒ 5RXWHUKHOSVGLUHFWPHVVDJHVDVWKH\WUDYHODFURVVDQHWZRUN
ƒ :LUHOHVV 5RXWHU  D VSHFLILF W\SH RI URXWHU RIWHQ IRXQG LQ KRPH
QHWZRUNV
ƒ &ORXG  XVHG WR VXPPDUL]H D JURXS RI QHWZRUNLQJ GHYLFHV WKH
GHWDLOVRIZKLFKPD\EHXQLPSRUWDQWWRWKHGLVFXVVLRQDWKDQG
ƒ 6HULDO/LQNRQHIRUPRI:$1LQWHUFRQQHFWLRQUHSUHVHQWHGE\WKH
OLJKWQLQJEROWVKDSHGOLQH

)RUDQHWZRUNWRIXQFWLRQWKHGHYLFHVPXVWEHLQWHUFRQQHFWHG1HWZRUN
FRQQHFWLRQVFDQEHwiredRUwireless,QZLUHGFRQQHFWLRQVWKHmedium
LV HLWKHU FRSSHU ZKLFK FDUULHV HOHFWULFDO VLJQDOV RU RSWLFDO ILEHU ZKLFK
FDUULHV OLJKW VLJQDOV ,Q ZLUHOHVV FRQQHFWLRQV WKH PHGLXP LV WKH (DUWK V
DWPRVSKHUHRUVSDFHDQGWKHVLJQDOVDUHPLFURZDYHV
'HYLFHVLQWHUFRQQHFWHGE\PHGLXPWRSURYLGHVHUYLFHVPXVWEHJRYHUQHG
E\ rules RU SURWRFROV 7KH 3URWRFROV DUH WKH rules WKDW WKH QHWZRUNHG
GHYLFHV XVH WR FRPPXQLFDWH ZLWK HDFK RWKHU 7KH LQGXVWU\ VWDQGDUG LQ
QHWZRUNLQJ WRGD\ LV D VHW RI SURWRFROV FDOOHG 7&3,3 7UDQVPLVVLRQ
&RQWURO3URWRFRO,QWHUQHW3URWRFRO 

Omar A. AlKawak ˺˹ ˻˹˻˾-˻˹˻˽
University of Babylon
College of Engineering/Al-Musayab
Dept. of Energy & Renewable Energies Computers II-Chapter one

Introduction to Network Security
1.1 Definition
As the role of enterprise networks keeps expanding in its support
of both internal and external connectivity in the form of emerging
Internet, intranet, and extranet applications, network components are
being exposed more and more seriously to malicious (‫ )اﻟﺨﺒﯿﺜﺔ‬as well
as unintentional security breaches (‫ )اﻟﺨﺮوﻗﺎت اﻻﻣﻨﯿﺔ اﻟﻐﯿﺮ ﻣﺘﻌﻤﺪة‬.
A computer network is a set of connected computers. Computers on a
network are called nodes. The connection between computers can be
done via cabling, most commonly the Ethernet cable, or wirelessly
through radio waves. Connected computers can share resources, like
access to the Internet, printers, file servers, and others. The model for
understanding the network working is OSI model.

1.2 Open Systems Interconnection (OSI) Model
The Open Systems Interconnection (OSI) reference model defines
a networking framework to implement protocols in layers, with
control passed from one layer to the next. It is primarily used today as
a teaching tool. It logically divides network architecture into 7 layers.
The lower layers deal with electrical signals, chunks of binary data,
and routing of these data across networks. Higher levels cover
network requests and responses, representation of data, and network
protocols as seen from a user's point of view.
The OSI model was originally created as a standard architecture for
building network systems and indeed, many popular network
technologies today reflect the layered design of OSI.
x Physical Layer (Layer 1)
This layer defines the physical connection between a host and a
network. it mainly converts the bits into physical signaling
suitable for transmission, such as voltages or light impulse. The
device drivers that handle the communications hardware
(network cards, wireless cards etc.) operate at L1. Additionally,

Omar A. AlKawak ˺˺ ˻˹˻˾-˻˹˻˽
University of Babylon
College of Engineering/Al-Musayab
Dept. of Energy & Renewable Energies Computers II-Chapter one

hubs and other repeaters are standard network devices that
function at the Physical layer, as are cable connectors.

x Data Link Layer
When obtaining data from the Physical layer, the Data Link
layer checks for physical transmission errors and packages bits
into data "frames". The Data Link layer also manages physical
addressing schemes such as MAC addresses for Ethernet
networks, controlling access of any various network devices to
the physical medium. Because the Data Link layer is the single
most complex layer in the OSI model, it is often divided into
two parts, the "Media Access Control" sub layer and the
"Logical Link Control" sub layer.

x Network Layer
The Network layer adds the concept of routing above the Data
Link layer. When data arrives at the Network layer, the source
and destination addresses contained inside each frame are
examined to determine if the data has reached its final
destination. If the data has reached the final destination, this

Omar A. AlKawak ˺˻ ˻˹˻˾-˻˹˻˽
University of Babylon
College of Engineering/Al-Musayab
Dept. of Energy & Renewable Energies Computers II-Chapter one

Layer formats the data into packets delivered up to the
Transport layer. Otherwise, the Network layer updates the
destination address and pushes the frame back down to the
lower layers.
To support routing, the Network layer maintains logical
addresses such as IP addresses for devices on the network. The
Network layer also manages the mapping between these logical
addresses and physical addresses. In IP networking, this
mapping is accomplished through the Address Resolution
Protocol (ARP).

x Transport Layer
The Transport Layer delivers data across network connections.
TCP and UDP are the most common example of a Transport
Layer 4 network protocol. Different transport protocols may
support a range of optional capabilities including error
recovery, flow control, and support for re-transmission.

Omar A. AlKawak ˺˼ ˻˹˻˾-˻˹˻˽
University of Babylon
College of Engineering/Al-Musayab
Dept. of Energy & Renewable Energies Computers II-Chapter one

x Session Layer
The Session Layer manages the sequence and flow of events
that initiate and tear down network connections. At Layer 5, it
is built to support multiple types of connections that can be
created dynamically and run over individual networks.

x Presentation Layer
The Presentation layer is the simplest in function of any piece
of the OSI model. At Layer 6, it handles syntax processing of
message data such as format conversions and encryption /
decryption needed to support the Application layer above it.

Omar A. AlKawak ˺˽ ˻˹˻˾-˻˹˻˽
University of Babylon
College of Engineering/Al-Musayab
Dept. of Energy & Renewable Energies Computers II-Chapter one

x Application Layer
The Application layer supplies network services to end-user
applications. Network services are typically protocols that work
with user's data. For example, in a Web browser application,
the Application layer protocol HTTP packages the data needed
to send and receive Web page content. This Layer 7 provides
data to (and obtains data from) the Presentation layer.

1.3 Computer Security
Computer Security: The protection afforded ‫ اﻟﻤﻤﻨﻮﺣﺔ‬to an automated
information system in order to attain‫ ﻟﺘﺤﻘﯿﻖ‬the applicable objectives of
preserving the integrity, availability, and confidentiality of
information system resources (includes hardware, software, firmware,
information/data, and telecommunications). This definition introduces
three key objectives that are at the heart of (goals of) computer
security:
1. Confidentiality( ‫) اﻟﺴﺮﯾﺔ‬: This term covers two related concepts:
a) Data confidentiality: Assures that private or confidential
information is not made available or disclosed to unauthorized
individuals.
b) Privacy (‫)اﻟﺨﺼﻮﺻﯿﺔ‬: Assures that individuals control what
information related to them may be collected and stored by whom
and to whom that information may be disclosed.
2. Integrity ( ‫)ﺗﻜﺎﻣﻞ‬: This term covers two related concepts:

Omar A. AlKawak ˺˾ ˻˹˻˾-˻˹˻˽
University of Babylon
College of Engineering/Al-Musayab
Dept. of Energy & Renewable Energies Computers II-Chapter one

a) Data integrity (‫)ﺗﻜﺎﻣﻞ اﻟﺒﯿﺎﻧﺎت‬: Assures that information and
programs are changed only in a specified and authorized manner.
b) System integrity: Assures that a system performs its intended
function in an unimpaired manner, free from deliberate or
inadvertent unauthorized manipulation of the system.
3. Availability (‫)ﺗﻮﻓﺮ‬: Assures that systems work promptly (‫)ﻋﻠﻰ وﺟﮫ اﻟﺴﺮﻋﺔ‬
and service is not denied to authorize users.

CIA triad Model: is a model designed to guide policies for
information security within an organization.

Availability

Although the use of the CIA triad to define security objectives is well
established, some in the security field feel that additional concepts are
needed to present a complete picture. Two of the most commonly
mentioned are as follows:

x Authenticity (‫)اﻟﻮﺛﻮﻗﯿﺔ‬: The property of being genuine and being
able to be verified and trusted; confidence in the validity of a
transmission, a message, or message originator. This means
verifying that users are who they say they are and that each input
arriving at the system came from a trusted source.
x Accountability: The security goal that generates the requirement
for actions of an entity to be traced uniquely to that entity. This
supports nonrepudiation (‫)ﻋﺪم اﻻﻧﻜﺎر‬, deterrence ‫درء‬, intrusion
detection and prevention, and after action recovery and legal
action. Because truly secure systems are not yet an achievable goal,
we must be able to trace a security breach to a responsible party.
Systems must keep records of their activities to permit later
forensic analysis to trace security breaches or to aid in transaction
disputes.

Omar A. AlKawak ˺˿ ˻˹˻˾-˻˹˻˽
University of Babylon
College of Engineering/Al-Musayab
Dept. of Energy & Renewable Energies Computers II-Chapter one

1.4 Security Architecture for OSI
ITU (International Telecommunication United) defines the OSI
security architecture; it is useful to managers as a way of organizing
the task of providing security.
Furthermore, because this architecture was developed as an
international standard, computer and communications vendors have
developed security features for their products and services that relate
to this structured definition of services and mechanisms.
The OSI security architecture focuses on security attacks,
mechanisms, and services. These can be defined briefly as:

x Security attack: Any action that compromises the security of
information owned by an organization.
x Security mechanism: A process (or a device incorporating such a
process) that is designed to detect, prevent, or recover from a
security attack.
x Security service: A processing or communication service that
enhances the security of the data processing systems and the
information transfers of an organization. The services are intended
to counter security attacks, and they make use of one or more
security mechanisms to provide the service. The security services
are implemented by security mechanisms.
x Threat (‫)اﻟﺘﮭﺪﯾﺪ‬: A potential for violation (‫ )اﻧﺘﮭﺎك‬of security, which
exists when there is a circumstance, capability, action, or event that
could breach security (‫ )ﺧﺮق اﻣﻨﻲ‬and cause harm. That is, a threat is a
possible danger that might exploit vulnerability.
x Attack: An assault (‫ )اﻻﻋﺘﺪاءات‬on system security that derives from
an intelligent threat; that is, an intelligent act that is a deliberate
attempt (especially in the sense of a method or technique) to evade
(‫ )ﺗﺘﺠﻨﺐ‬security services and violate the security policy of a system.

Omar A. AlKawak ˺̀ ˻˹˻˾-˻˹˻˽
University of Babylon
College of Engineering/Al-Musayab
Dept. of Energy & Renewable Energies Computers II-Chapter one

1.5 Security Attacks
A useful means of classifying security attacks, used both in X.800
and RFC 2828, is in terms passive attacks and active attacks. A
passive attack attempts to learn or make use of information from the
system but does not affect system resources. An active attack
attempts to alter system resources or affect their operation.
Passive Attacks
Passive attacks are in the nature of eavesdropping on, or monitoring
of, transmissions. The goal of the opponent is to obtain information
that is being transmitted. Two types of passive attacks are release of
message contents and traffic analysis.
x The release of message contents:
It is easily understood (Figure 1.1a). A telephone conversation, an
electronic mail message, and a transferred file may contain
sensitive or confidential information. We would like to prevent an
opponent (‫)اﻟﺨﺼﻢ‬ from learning the contents of these
transmissions.
x Traffic analysis:
Due to the encryption process for the contents of messages or
other information traffic, the opponents, even if they captured the
message, could not extract the information from the message
(Figure 1.1b). An opponent might still be able to observe the
pattern of these messages. The opponent could determine the
location and identity of communicating hosts and could observe
the frequency and length of messages being exchanged. This
information might be useful in guessing the nature of the
communication that was taking place.

Omar A. AlKawak ˺́ ˻˹˻˾-˻˹˻˽
University of Babylon
College of Engineering/Al-Musayab
Dept. of Energy & Renewable Energies Computers II-Chapter one

Figure (1.1): Passive Attacks

Passive attacks are very difficult to detect because they do not involve
any alteration of the data. However, it is feasible to prevent the success of
these attacks, usually by means of encryption. Thus, the emphasis in
dealing with passive attacks is on prevention rather than detection.

Omar A. AlKawak ˺̂ ˻˹˻˾-˻˹˻˽
University of Babylon
College of Engineering/Al-Musayab
Dept. of Energy & Renewable Energies Computers II-Chapter one

Active Attacks
Active attacks involve some modification of the data stream or the
creation of a false stream and can be subdivided into four categories:
masquerade (‫)ﺗﻨﻜﺮ‬, replay, modification of messages, and denial of
service.
x A masquerade takes place when one entity pretends (‫ )ﯾﺘﻈﺎھﺮ‬to
be a different entity (Figure 1.2a).
x Replay involves the passive capture of a data unit and its
subsequent retransmission to produce an unauthorized effect
(Figure 1.2b).
x Modification of messages simply means that some portion of a
legitimate message is altered, or that messages are delayed or
reordered, to produce an unauthorized effect (Figure 1.2c). For
example, a message meaning "Allow John Smith to read
confidential file accounts" is modified to mean "Allow Fred
Brown to read confidential file accounts."
x The denial of service prevents or inhibits the normal use or
management of communications facilities (Figure 1.2d).
Active attack is quite difficult to prevent active attacks absolutely,
because of the wide variety of potential physical, software, and
network vulnerabilities.

Omar A. AlKawak ˻˹ ˻˹˻˾-˻˹˻˽
University of Babylon
College of Engineering/Al-Musayab
Dept. of Energy & Renewable Energies Computers II-Chapter one

(c) Modification of Messages

Figure (1.2): Active Attacks

Omar A. AlKawak ˻˺ ˻˹˻˾-˻˹˻˽
University of Babylon
College of Engineering/Al-Musayab
Dept. of Energy & Renewable Energies Computers II-Chapter one

1.6 Achieving Network Security

International Telecommunication Union (ITU), in its
recommendation on security architecture X.800, has defined certain
mechanisms to bring the standardization in methods to achieve network
security. Some of these mechanisms are:-

x Encipherment: this mechanism provides data confidentiality
services by transforming data into not readable forms for the
unauthorized persons. This mechanism uses encryption-decryption
algorithm with secret keys. In general, the algorithms of
enciphering are divided into symmetric (or secret key) and
asymmetric key (or public key).

x Digital signatures: This mechanism is the electronic equivalent of
ordinary signatures in electronic data. Data signatures can be used
to provide peer entity authentication and data origin authentication,
data integrity, and nonrepudiation services. Examples of signature
algorithms are RSA, DSA and EIGamal.

x Access control: This mechanism is used to provide access control
services. These mechanisms may use the identification and
authentication of an entity to determine and enforce the access
rights of the entity. Examples; firewalls and OS user access
privileges.

x Authentication (‫ )اﻟﻤﺼﺎدﻗﺔ‬Mechanisms: these mechanisms provide
authentication services by assuring the identity of a principle. Such
as password, cryptographic techniques and biometrics.

x Traffic-Padding Mechanisms: they provide protection from traffic
analysis. Several network protocols and security mechanisms
include padding mechanisms to protect the exchanged
communication.

x Routing Control Mechanisms: they allow the selection of a
specific rout for communicating data, either dynamically or
statically through prearranged routes. Hackers, viruses, and
malicious programs frequently exploit the security vulnerabilities
of routing protocols in order to launch network security attacks.

Omar A. AlKawak ˻˻ ˻˹˻˾-˻˹˻˽
University of Babylon
College of Engineering/Al-Musayab
Dept. of Energy & Renewable Energies Computers II-Chapter one

x Notarization (‫ )اﻟﺘﻮﺛﯿﻖ‬Mechanisms: they are used to assure the
integrity, the source or destination, and the time of sending or
delivering of transmitted data. Such assurance mechanisms may be
part of the networking protocols in use and/or of a trusted third
party which may be used to assure the communication consistency
and nonrepudiation. It may be supported by other mechanisms such
as digital signatures, encipherment, or integrity mechanisms.

Having developed and identified various security mechanisms for
achieving network security, it is essential to decide where to apply
them; both physically (at what location) and logically (at what layer
of an architecture such as TCP/IP).

1.7 Network Security Attacks

The common vulnerability that exists in both wired and wireless
networks is an “unauthorized access” to a network. An attacker can
connect his device to a network through unsecure hub/switch port. In this
regard, wireless network are considered less secure than wired network,
because wireless network can be easily accessed without any physical
connection.

After accessing, an attacker can exploit this vulnerability to launch (‫)ﻟﺸﻦ‬
attacks such as −

x Sniffing (‫ )اﺳﺘﻨﺸﺎق او اﻟﺘﻘﺎط‬the packet data to steal valuable
information.

x Denial of service (DoS) (‫ )اﻟﺤﺮﻣﺎن او ﺣﺠﺐ اﻟﺨﺪﻣﺔ‬to legitimate users
on a network by flooding the network medium with spurious (‫)زاﺋﻔﺔ‬
packets.

x Spoofing (‫)اﻟﺨﺪاع‬: spoofing is the act of a subject asserting an
identity (physical identities (MAC)) of legitimate (‫ )اﻟﺸﺮﻋﻲ‬hosts
that the subject has no right to use, and then stealing data or further
launching a ‘man-in-the-middle’ attack.

x Eavesdropping(‫ )اﻟﺘﻨﺼﺖ‬: these attacks consist of the unauthorized
interception of network communication and the disclosure of the
exchanged information.

Omar A. AlKawak ˻˼ ˻˹˻˾-˻˹˻˽
University of Babylon
College of Engineering/Al-Musayab
Dept. of Energy & Renewable Energies Computers II-Chapter one

x Logon Abuse (‫)ﺳﻮء ﺗﺴﺠﯿﻞ اﻟﺪﺧﻮل‬: A successful logon abuse attack
would bypass (‫ )ﺗﺠﺎوز‬the authentication and access control
mechanisms and allow a user to obtain access with more privileges
(‫ )اﻣﺘﯿﺎزات‬than authorized.

x Intrusion attacks: these attacks focus on unauthorized users
gaining access to a system through the network.

x Hijacking (‫ )اﻻﺧﺘﻄﺎف‬attack: this attack attempts to gain
unauthorized access to a system by using a legitimate entity's
existing connection. For example at the session layer, if a user
leaves an open session, this can be subject to session hijacking by
an attacker.

x Application Level attacks: these attacks are concerned with the
exploitation of weaknesses in the application layer and really focus
on intrusion attacks in most cases. Examples of these attacks
include malicious S/W attacks (viruses, Trojans, etc.), Webserver
attacks, remote command execution, structure query language
(SQL) injection, and cross-site scripting (XSS).

Omar A. AlKawak ˻˽ ˻˹˻˾-˻˹˻˽