Summary

This document provides an introduction to computer networks, defining a network as a system of interconnected computers or devices enabling communication and resource sharing. It explores different types of networks, such as Local Area Networks (LANs) and Wide Area Networks (WANs), and their characteristics. It also touches on concepts like network security.

Full Transcript

Introduction: The value of computer increases when it is connected to other computers. It is just like a telephone. If Mr. A has telephone then he can use his phone to call any of his friends provided all his friends have telephones. Hence, where his friends are not having telephones then...

Introduction: The value of computer increases when it is connected to other computers. It is just like a telephone. If Mr. A has telephone then he can use his phone to call any of his friends provided all his friends have telephones. Hence, where his friends are not having telephones then it is useless for Mr. A to have telephones. Similarly, where Mr. A has computer it will be more useful for him in case it is connected to other computers. This connection among the computers constitute network. Therefore, a network is a collection of computers that are connected through a communication channel i.e. cables, fibre optics and so on to share data, hardware and software. A network is defined as a system of interconnected computers, telephones, or other communication devices that can communicate with one another and share applications and data. Another definition of network is “a network consists of two or more computers that are linked in order to share resources (such as printers and CDs), exchange files, or allow electronic communication. The computers on network may be linked through cables, telephone lines, radio waves, satellites, or infrared light beams. Further under section 2(1)(j) of the Information technology Act, 2000, computer network is defined as the inter-connection of one or more computers or computer systems or communication device through. i. The use of satellite, microwave, terrestrial line, wire, wireless or other communication media; and ii. Terminals or a complex consisting of two or more inter-connected computers or communication device whether or not the inter-connection is continuously maintained. Therefore, when one or more computers or computer systems or communication device are interconnected through any media mentioned above, it is called a network. Why do we have Networks? We need network due to following reasons; i. To share peripherals devices. ii. To share programmes and data. iii. For better communication. iv. For security of information. v. For access to databases. Types of Networks: Network can be classified into several broad categories, depending on their scope and connectivity. 1. Basic type networks such as LAN, WAN etc; and 2. Interconnected networks such as Intranet, Extranet, and Internet etc. 1. Basic type networks such as LAN, WAN etc. Local Area Networks (LANs) A local network is communication networks that provide inter communication of a variety of data communicating devices within a small area. These networks connect computers and other information processing devices, which are located within a limited physical area (roughly 1 km radius) like office, classroom, building, factory, work site etc. LANs are essentially a part of many organizations for providing telecommunication network capabilities, to the end users. A small LAN is known as TAN (Tiny Area Network). Most of the LANs use a range of communication media, like twisted pair wire, co-axial cable, wireless radio etc. which we have already learnt about to interconnect various microcomputer and work satiations. For making this communication possible, every PC has the circuit board known as Network Interface Unit (NIU). Most of the LANs use powerful microcomputer having a large hard disk, commonly known as network server, which has a network operating system which controls, telecommunications and the use and sharing of network resources. Now a day’s all the computers are designed so that it is easy to connect them to a LAN without buying any extra equipment. When Mr. A wants to send some information through his computer to Mr. B he will put the information in its NIU with address of Mr. B’s computer. The job of NIU is to deliver the message safely to the computer of Mr. B. similarly, when Mr. B wants to send the message to Mr. A, he will send it through NIU. The NIUs of all the computers are connected to an electronic circuit called hub. Therefore, such interconnection of computers in a small area is called LAN. Types of LAN: i. Clients-server LAN ii. Peer to Peer LAN Clients-Server LAN: In this individual micro computer user/clients share the services of a centralised computer called server. Peer to Peer LAN: Here computers share equally with one another without relying on a central server. Wide Area Network (WANs) Some of the organizations are very widespread, where officers are not limited to a building but are spread throughout large city or metropolitan area. The communication networks, which cover large geographic areas (roughly 100 sq. km.) are called wide area networks (WANs). As in modern time day to day activities of many business organizations are spread throughout therefore such networks have become quite necessary. WANs are used by many companies for transmitting and receiving information among the workers, customers, clients etc. across cities regions, countries etc. Metropolitan Area Network (MAN) When a communication network covering a city or metropolitan area like Mumbai, Delhi, Kolkata and so on, then it is called metropolitan Area Networks (MAN). The connection between the computers in a MAN is usually through the local telephone network. In India telephone company Mahanagar Telephone Nigam Limited is playing very important role in metropolitan cities. An example of MAN is DELNET i.e. a local network connecting the libraries in Delhi. Any user may use DELNET to see which material is available in which library. Interconnected Networks: Intranet: The network which connects various locations and gives connectivity within the organization is called intranet. These networks are limited to the organization and these are designed in such a way so as to provide easy access to the information available on the internet website to the end users. Extranet: Those networks which link some of the intranets of the company with those of its business partners, customers, suppliers, consultants and so on, who can access selected internet website and company’s database are known as extranet. Internet: Use of ICTs, internet etc, is fast expanding in 21st century. The word internet is derived from two words, interconnection and Networks. Also referred to as ‘Net’, internet is worldwide system of computer networks, that is, a network of networks which allows the user to share information on those linked computers. It consists of thousand of separately administered networks of various sizes and types. Each of these networks comprises numbers of computers or Local Area Network (LANs) are connected by using public switched networks to create wide area networks (WAN) and when number of WANs and other interconnected networks such as intranet and extranet are connected, it results in internet. Therefore, internet is worldwide computer network. All computers connected to the internet communicate to each other only by using a common set of rules which are commonly known as a protocol. For this communication each computer should have its own address such address is called IP address. Why do we need Network security? Network security is a cause of concern and study for communication facilities. As network is caused to communicate and exchange data by one person to another in a limited or well defined area, therefore, network security measures are required to protect the network from unauthorised outsiders like hackers. Network security is also essential to permit authorised person to communicate securely without any fear of compromising the data. Further, local network may also provide access to and from long haul communication and be part of an internet. Threats to Network Security; A National Bureau of Standards has identified following threats to network security: i. Organised and intentional attempts to obtain economic or market information from competitive organizations in the private sector. ii. Organized and intentional attempts to obtain economic information from government agencies. iii. Inadvertent acquisition of economic or market information. iv. Inadvertent acquisition of information about individuals. v. Intentional frauds through illegal access to computer data banks with emphasis, in decreasing order of importance, on acquisition of funding data, economic data, law enforcement data, and data about individuals. vi. Government intrusion on the rights of the individuals. vii. Invasion of individual rights by the intelligence community. Types of Threats: Two types of threats are there which necessitated network security. i. Active threats ii. Passive threats. Active Threat; Basically there are three types of active threats: a. Message steam modification: It involves unauthorised access and some part of legitimate message is modified or changed or message is delayed or replayed or recorded in order to produce an unauthorised effect. For example: a message meaning “allow Dr, Gupta to read confidential file accounts” is modified to mean “allows Dr. Sharma to read confidential file accounts”. b. Denial of Service: It prevents the normal use or management of communication facilities. This attack may also have specific target. For example: A person may suppress all messages directed to a particular destination. Sometimes it also involves destruction of an entire network either by disabling a network or by overloading it with messages so as to degrade performance. c. Masquerade: In general it means misrepresentation i.e. one person misrepresents himself to be another person and secures access. Such attack usually includes one or other forms of active attack. It can take place by capturing and replying an authenticate sequence. Passive Threats: As name indicates in passive threats, there is no active threat. There is neither any authorised access or modification of data or message nor there is any denial of authorised access. Though it is difficult to detect passive threat but it s possible to prevent them from becoming successful. Here goal of attacker is known information is transmitted. It is basically of two types: a. Threat of release of message content: like telephone conversation, e-message or transferred file may contain sensitive, personal or confidential data or information and everyone would like the attackers would stay away from this. b. Traffic analysis: it involves observing the pattern of the message sent. The attacker can determine the location and identity of communicating host and can also observe the frequency and length of messages exchanged. Such type of information may be useful in knowing the nature of communication that is taking place. Basically it involves description i.e. converting the encrypted data into plain data. Meaning of Network Security: Network Security means the protection of information systems and services on the network against disasters, mistakes and manipulations so that the likelihood and impact of security incidents is minimized. The aim is to implement measures which eliminate or reduce significant threats to an acceptable level. According to another jurist, Network Security can be defined as the protection of network resources against unauthorised disclosure, modification, utilization, restriction or destruction. Security has long been an object of concern and study for both data processing systems and communications facilities. With computer network, these concerns are combined. And for the local networks, the problems may be most acute. Main elements of Network Security: The main elements of network security are; i. Assurance; it means confidence that a system behaves in an expected manner (i.e. according to its specifications. ii. Identification Authentication; Another element of Network Security is identification Authentication when users or programs communicate with each other, the two parties must identify each other and they must know with whom they are communicating. iii. Accountability/Audit Trial: It means the ability to know who did what, when and where. It is important to note that users are responsible and accountable for their actions. Automatic audit trial monitoring and analysis to detect security breaches is an important element of the Network security. iv. Access Control: Access Control is another element of network security. However, purpose of access control is to ensure that only authorised users have access to the system. Further access to and modification of particular portions of data is limited to authorised individuals and programs. Access to specified resources can be restricted to certain entities. v. Accuracy: another element of the network security is accuracy which means that objects are accurate and complete. vi. Secure Data Exchange: it involves following: a. Confidentiality: It means that data should remain private during transmission. b. Integrity; it means that should remain accurate and complete during transmission. When e-mail is sent or when programs communicate with each other, authentication is required because:  In certain situations, it may be necessary to prove the place from where information came from. This is called non-repudiation of origin.  A sender may also require proof that the message was received by the intended receiver. This is called non-repudiation of receipt. c. Secure Data Communication: secure data communication is very important for secure Data Exchange and Public Key Encryption, digital signatures are some of the methods used to for this purpose. d. Reliability of service; reliability is probability that a system or component will perform its specified function for a specified time under specified conditions. Reliability of a system depends upon the reliability of its individual components and also on the system organization. e. Legal Compliance: information/data that is collected, processed, used, passed on or destroyed must be handled in accordance with the current legislation of the relevant countries. Network Security Measures: i. General Security Measures: a. Privileges and rights; The users, operators and system administrators should have privileges and rights depending upon the role of individual. The categories of users that are allowed access to the provided services must be documented. b. Data Encryption Technologies; Data Encryption technologies may be deployed, wherever required, to protect the confidentiality of sensitive information. c. Password; most common method of authentication is password and should be hard to guess. All system level passwords should be changed regularly. d. The system software installation should be carried out from original media. User’s permission for individual files, folders may be set up. e. Write/modify access permissions should be disabled for all executable and binary files. Access to operating system source files, configuration files, and their directories should be restricted to authorized administrators only. f. Servers should be regularly audited and log files must be scanned for knowing any attacks and intrusions, preferably daily. A log book may be kept of all system administration activities on the server. g. Steps should be taken for regular updating of anti-virus software. Full system scan is recommended at the end of the day. ii. Access to Server: a. The system must be protected from unauthorised use, loss or damage. b. Access to the server is very important and it must be limited to administrator c. Server log out and shut down should be done when leaving the office and the door of the server room must be always kept locked. d. UPS system with adequate battery backups should be installed, preferably with a Genset to avoid any data loss or corruption due to power failure. iii. Physical Security: a. To access the system administrator login on the server, biometric authentication technologies can be deployed. b. Severs and other components generally remain operational round the clock, therefore, the physical security of the network control centre should be ensured by deploying the necessary manual security staff to take care of theft, fire and power breakdowns. iv. Backup and Media Management: all forms of data storage are subject to data loss. Regular backups are must: a. Server data backup: server data must be back up as per the defined policies and procedures, at schedule time. b. Storage of backup media; backup media should be stored either onsite or offsite as per the backup policy with proper identification for quick retrieval. c. Backup retention: The administration should ensure that the backup are retained as per the policy requirement. d. Verification of backup integrity: the administration should verify the integrity of the backup by resorting the data on the test setup and taking confirmation from the user on integrity and correctness of the data resorted. Removable media may be checked regularly on another system for readability. e. Media Identification and Reliability: the backup media may be marked with a tag giving identification details like data base name, operating system, name, application name, location of storage onsite or offsite and retention period etc. f. Recovery from Backup Media; there could arise situations when server crashes due to some hardware fault. Recovery methods may be documented for reloading of the OS and server software, reinstallation of the application and system software. Hard recovery software and anti-virus software should be installed on the server and operating system of all the clients. v. Firewall Security; A firewall is a system of hardware and software that blocks unauthorised users inside and outside the organization from entering the intranet. The firewall monitors all internets and other network activity, looking for suspicious data and preventing unauthorised access. A firewall is a set of related programs generally located at a network gateway server. It examines each network packet too determine whether to forward it toward its destination. In general way we can say that firewall performs following functions: a. It prevents unauthorised person from accessing the data. b. It blocks access to certain undesirable sites such as pornography, games and so on. c. It filters suspected E-mails i.e advertisement or from suspected source. d. It prevents remote login into a computer. Further, each firewall is connected to public switched network through router. However, routers are special purpose computers that have several NIUs and each of them requires Internet Protocol (IP) address. vi. Intrusion Detection System (IDS): Intrusion detection system complements other security technologies. By providing information to site administrator, IDS allows not only for the detection of attacks explicitly handled by other security components (such as firewall and service wrappers), but also attempts to provide notification of new attacks unforeseen by other components. However main benefit of intrusion detection system is that it also provides forensic information that potentially allows organizations to discover the origin of an attack. In this manner, ID system attempts to make attackers more accountable for their actions, and, to some extent, act as a deterrent to future attacks. 

Use Quizgecko on...
Browser
Browser