Week 8 - 2425-Network Planning-Hardware-Security PDF
Document Details
Uploaded by Deleted User
2024
3COSC006W
Tags
Summary
This document is a past paper for a computer networks course, specifically focusing on network planning, hardware, security, and the practical lab test. The material includes topics such as introductions to computer networks, network planning and design, networking hardware, computer/network security, and the systems development life cycle.
Full Transcript
3COSC006W Computer Systems and Networks Network Planning and Design Networking Hardware Computer/Network Security 1 Preliminaries Practical Lab test – Date and Time: Week beginning 25th Nov 2024 in your allott...
3COSC006W Computer Systems and Networks Network Planning and Design Networking Hardware Computer/Network Security 1 Preliminaries Practical Lab test – Date and Time: Week beginning 25th Nov 2024 in your allotted seminar session. – You must attend your allotted seminar session ontime (onsite) to take this test. See your timetable for your computer seminar time for this module. – This test will mainly cover the topics taught in Week 7, 8 and 9. Week 7: Introduction to Computer Networks, Week 8: Network Planning and Design, Networking Hardware, Computer/Network Security. Week 9: Seminar questions + Practice questions for Practical lab test – Duration of the test: 75 minutes – This test is worth upto 40% of the overall module mark. – This is a Multiple Choice Questions test. – You only have One attempt. – For more information about the test, read the document ‘Practical Lab test - Instruction to Candidates’ which can be found in the Assessment section of the blackboard. 2 Introduction Properly designing a computer network is difficult task – It requires planning and analysis, feasibility studies, capacity planning, and baseline creation skills. Performing network management is difficult too – Network manager must possess computer and people skills, management skills, financial skills, and be able to keep up with changing technology 3 Systems Development Life Cycle SDLC involves several phases which are: – Planning – Analysis – Design – Implementation – Maintenance These phases are cyclical and usually never-ending 4 Systems Development Life Cycle Planning Phase – Identify problems, opportunities, and objectives Analysis Phase – Determine information requirements – Information requirements can be gathered by sampling and collecting hard data, interviewing, questionnaires, observing environments, and prototyping Design Phase – Design the system that was recommended and approved at the end of the analysis phase Implementation Phase – The system is installed and preparations are made to move from the old system to the new Maintenance Phase – The longest phase, involves the ongoing maintenance of the project – May require personnel to return to an earlier phase to perform an update 5 Basic Network Media Required to Make a LAN Connection. Select the appropriate hardware, including the cabling, to install several computers together in a LAN Repeaters Repeaters: simplest type of connectivity devices that regenerate a digital signal Cannot improve or correct bad or erroneous signal – Regenerate signal over entire segment – Suited only to bus topology networks 7 Hubs Hub Hub: repeater with more than one output port – Multiple data ports – Uplink port: allows connection to another hub or other connectivity device – On Ethernet networks, can serve as central connection point of star or star-based topology – On Token Ring networks, hubs are called Multi-station Access Units (MAUs) Bridges Connect two network segments – Analyze incoming frames Make decisions about where to direct them based on each frame’s Media Access Control address (MAC – hardware address) Can move data more rapidly than traditional routers – Can be programmed to filter out certain types of frames Switches 10 Routers Multiport connectivity devices that direct data between nodes on a network – Can integrate LANs and WANs Routers can: – Connect dissimilar networks – Interpret Layer 3 addressing and other information – Determine the best path for data to follow – Reroute traffic – Filter out broadcast transmissions – Prevent certain types of traffic from getting to a network 11 The placement of routers on a LAN -- example Transmission media The world of computer networks would not exist if there were no medium by which to transfer data The two major categories of media include: – Conducted media – Wireless media 13 Comparison of Conducted Media 14 Wireless Media 15 Satellite Microwave Transmission LEO (Low-Earth-Orbit) – 100 to 1000 miles out – Used for wireless e-mail, special mobile telephones, pagers, spying, videoconferencing MEO (Middle-Earth-Orbit) – 1000 to 22,300 miles – Used for GPS (global positioning systems) and government GEO (Geosynchronous-Earth-Orbit) – 22,300 miles – Always over the same position on earth (and always over the equator) – Used for weather, television, government operations HEO (Highly Elliptical Earth orbit) – satellite follows an elliptical orbit – Used by the military for spying and by scientific organizations for photographing celestial bodies 16 Wireless Media (continued) 17 Network Address IPv4 Address Classes Numeric IP addresses are used. Dotted decimal notation when expressed in decimal numbers, and take the form a.a.a.a, in which a is guaranteed to be between zero and 255 for each and every value. Initially, these addresses were further subdivided into five classes, from Class A to Class E For the first three classes of addresses, divide the octets as follows to understand how they behave: Class A N.H.H.H (10.12.120.2) Class B N.N.H.H (172.34.23.1) 18 Class C N.N.N.H (192.32.63.4) IP Address Classes Address Classes D and E are for special uses Class D addresses are used for multicast communications, in which a single address may be associated with more than one network host machine This is useful only when information is broadcast to more than one recipient at a time so it should come as no surprise that video and teleconferencing applications, for example, use multicast addresses 19 Public Versus Private IP Addresses Some IP services require what’s called a secure end-to-end connection—IP traffic must be able to move in encrypted form between the sender and receiver without intermediate translation Most organizations need public IP addresses only for two classes of equipment: – Devices that permit organizations to attach networks to the Internet – Servers that are designed to be accessible to the Internet 20 Private IP Addresses Class Address (range) A 10.0.0.0/8 (10.0.0.0 to 10.255.255.255) B 172.16.0.0/12 (172.16.0.0 to 172.31.255.255) C 192.168.0.0/16 (192.168.0.0 to 192.168.255.255) 21 Computer/network security 22 Security: The Goal Security is about well-being (integrity) and about protecting assets from intrusions, stealing or wire-tapping (privacy) - the right to keep a secret can also be stolen. In order to do that, in a hostile environment, we need to restrict access to our assets - (access control) To grant access to a few, we need to know whom we can trust and we need to verify the credentials (authenticate) of those we allow to come near us. (what, who & where) 23 Elements of Security Security is based on following independent issues: Trust - do we trust data from an individual or a host? Could they be used against us? Authenticity - are security credentials in order? Are we talking to whom we think we are talking to, privately or not. Integrity - has the system been compromised/ altered already? Privacy - the ability to keep things private/ confidential 24 Computer Bugs and Viruses: Bugs: – Mistakes, or errors in a computer program’s design and/or coding. Prevent compilation Give wrong result Crash at runtime Leave open a security vulnerability Viruses: – Malicious software, designed for a purpose to Damage another machine Cost people money 25 What is Malware? Malware – short for malicious software – refers to any malicious or unexpected program or code such as Trojans, Viruses, What is a Trojan? A Trojan is malware that performs unexpected or unauthorized, often malicious, actions. Main difference between a Trojan and a virus is the ability to replicate. Trojans cause damage, unexpected system behavior, and compromise the security of systems, but do not replicate. 26 What is a worm? Arrives to the victim’s computer usually as an email attachment When executed, it searches the occupied computer for other potential victims’ addresses Attacks them by email/telnet/etc. – Similar to viruses, but do not infect other files – worms are stand-alone programs that spread through the network. – Much like an Internet-era kind of viruses What is SpyWare? Applications that send information via the Internet to the creator of the spyware Usually consists of a core functionality and a hidden functionality for information gathering Can be used for marketing information by web sites to determine their stance with regard to competitors and market trends Can also be used to log keystrokes and send those to whomever 27 How “They” Are getting to Us E-Mail – Promises of good fortune – Video / mp3 Network Shares Web Surfing – What you see may be what you get, and maybe not... Weak Passwords or NO Passwords – sad but true E-mail Spoofing A simple adjustment in your e-mail software and you can pretend to be anyone When you receive E-mail, you are not really able to identify where it comes from - a huge security hole 28 Data Security - Basic terminologies Cryptography – study of creating and using encryption and decryption techniques Plaintext – data before any encryption has been performed Ciphertext – data after encryption has been performed Key - the unique piece of information that is used to create ciphertext and decrypt the ciphertext back into plaintext 29 Monoalphabetic Substitution-Based Ciphers Monoalphabetic substitution-based ciphers replace a character or characters with a different character or characters, based upon some key – Replacing: abcdefghijklmnopqrstuvwxyz With: POIUYTREWQLKJHGFDSAMNBVCXZ – The message: how about lunch at noon encodes into EGV POGNM KNHIE PM HGGH 30 Polyalphabetic Substitution-Based Ciphers Similar to monoalphabetic ciphers except multiple alphabetic strings are used to encode the plaintext Example – matrix of strings, 26 rows by 26 characters or columns can be used A key such as COMPUTERSCIENCE is placed repeatedly over the plaintext – COMPUTERSCIENCECOMPUTERSCIENCECOMPUTER – thisclassondatacommunicationsisthebest 31 Polyalphabetic Substitution-Based Ciphers (continued) An example of Vigenere 26 x 26 ciphertext character matrix Plaintext Letters Key character To encode the message, take the first letter of the plaintext, t, and the corresponding key character immediately above it, C – Go to row C column t in the 26x26 matrix and retrieve the ciphertext character V Continue with the other characters in plaintext 32 Transposition-Based Ciphers In a transposition-based cipher, the order of the plaintext is not preserved As a simple example, select a key such as COMPUTER – Number the letters of the word COMPUTER in the order they appear in the alphabet 1 4 3 5 8 7 2 6 C O M P U T E R 33 Transposition-Based Ciphers (continued) Now take the plaintext message and write it under the key 1 4 3 5 8 7 2 6 C O M P U T E R t h i s i s t h e b e s t c l a s s i h a v e e v e r t a k e n Then read the ciphertext down the columns, starting with the column numbered 1, followed by column number 2, … tesvtleeieirhbsesshthaenscvkitaa 34 Public Key Cryptography Very powerful encryption technique in which two keys are used – First key (the public key) encrypts the message – Second key (the private key) decrypts the message Not possible to deduce one key from the other If you want someone to send you secure data, give them your public key, you keep the private key HTTPS (HTTP over SSL or TLS) on the Internet is a common example of public key cryptography 35 Data Encryption Standard (DES) Created in 1977 and in operation into the 1990s, the Data Encryption Standard took a 64-bit block of data and subjected it to 16 levels of encryption The choice of encryption performed at each of the 16 levels depends on the 56-bit key applied 36 Advanced Encryption Standard (AES) – Has more elegant mathematical formulas and was designed to be fast, unbreakable, and able to support even the smallest computing device – Key size of AES: 128, 192, or 256 bits – Very fast execution with very good use of resources 37 Network Security Network utility software – Software programs that operate in the background and support one or more functions to keep the network running at optimal performance. – Some of the common groups of network utility software are: Antivirus software Anti-spam software Network- monitoring software 38 Firewalls A system or combination of systems that supports an access control policy between two networks Can limit the types of transactions that enter a system, as well as the types of transactions that leave a system Can be programmed to stop certain types or ranges of IP addresses, as well as certain types of TCP port numbers (applications) 39 VPNs Virtual Private Network Data network connection that makes use of the public telecoms in fracture but maintains privacy through the use of a tunnelling protocol and security procedures. 40 Wireless LAN Security How do you make a wireless LAN secure? – WEP (Wired Equivalency Protocol) was the first security protocol used with wireless LANs It had weak 40-bit static keys and was too easy to break – WPA (Wi-Fi Protected Access) replaced WEP Major improvement including dynamic key encryption and mutual authentication for wireless clients 41