640 likes | 828 Views
Topic 3: Networks. Basic Network Components. Different Types of Networks. Intranet, Extranet, Internet. An intranet is like a private internet. It is made up of web pages and viewed through a browser, but access is restricted to users within an organization.
E N D
Intranet, Extranet, Internet • An intranetis like a private internet. It is made up of web pages and viewed through a browser, but access is restricted to users within an organization. • An extranetis an intranet that has been opened up to provide limited access to a selection of users outside the organization. Companies use extranets in a bid to welcome their customers or suppliers into their organization and facilitate cooperation and collaboration. • The internetis a network of networks connected using IP (Internet Protocol). It powers a large range of communication media such as the World-Wide Web (documents connected by hyperlinks), email, chat, gaming, newsgroups, etc
Virtual Private Networks (VPN) • A Virtual Private Network is a network uses the public internet for communication, but which has security features such as usernames, passwords and encryption, to restrict access to a select group of users. • It behaves like a private network even though it uses the public internet. • The obvious benefit is that resourcessuch as files, printers and databases can be sharedover remote hosts without having to provide dedicated lines between them. • Another benefit is reduced cost. It is possible to connect hosts securely using leased lines. Leased line costs can be extremely high, whereas fully featured VPN software is freely available as open source. • A disadvantage is that because VPN traffic travels on a public network, strong security measures are required.
Network Architectures: Client–Server Client (IB’s awful definition) Desktop computer or terminal used to access a computer-based system. Client-Server A network architecture in which a system is divided between server tasks performed on the instructions received from clients, requesting information. Client (better definition) A computer on a network that gains access to central data files, programs, and peripheral devices through a server. Server A program that provides services requested by client programs. A computer that provides services to another computer connected over a network.
What is a server? • Strictly, a serveris a piece of software that listens for client requests on a particular set of portsand responds to those requests • Like with “firewall”, the word “server” can refer to the software, or the hardwareon which the software is running • Almost always, a server is a dedicated machine that does nothing else • It’s just a computer with special modifications like extra processors, lots or RAM, huge storage capacity • It’s often big and flat so it can fit in a server rack • There are different types of server: file server, web server, database server, etc
Network Architectures: Peer-to-Peer • Every computer linked to every other • No server • Can be faster than client-server architecture, especially when special algorithms are used, e.g. torrenting • Less secure because services such as filtering, antivirus, firewalls are delegated to each peer
The Concept of a Port Supplementary material. Does not appear in the syllabus content. • Port (IB definition): An access point for data entry or exit. • A port can either be hardware (the various sockets at the back of your PC, eg serial port, USB port), or it can be software, in which case it is a logical channel for data communication, identified by a number from 0-65536 (216) • Ports allow computers to decide which application should handle data received on a network, e.g. outgoing email runs on port 25, HTTP runs on port 80, FTP runs on port 20
The Concept of a Firewall • A firewallis a program that restricts data allowed into and out of a network, on the basis of a set of rules • One of the ways it does this is to close certain ports • Try playing World of Warcraft using the school’s internet connection. You will fail. Why? Because the WoW software uses certain port numbers but the school’s firewall blocks traffic on those ports • The word “firewall” can refer to the software itself, or the hardware on which the software runs. Often a firewall is a dedicated machine that does nothing else
Do-it-yourself server This is an echo server written in Java. It listens for connections on port 8001. When it receives something, it just sends the same thing straight back to where it came from. package echoserver; import java.io.*; import java.net.*; public class EchoServer { public static void main(String[] args) throws IOException { int portNumber = 8001; try ( ServerSocket serverSocket = new ServerSocket(portNumber); Socket clientSocket = serverSocket.accept(); PrintWriter out = new PrintWriter(clientSocket.getOutputStream(), true); BufferedReader in = new BufferedReader( new InputStreamReader(clientSocket.getInputStream())); ) { String inputLine; while ((inputLine = in.readLine()) != null) { out.println(inputLine); } } catch (IOException e) { System.out.println("Exception caught when trying to listen on port " + portNumber + " or listening for a connection"); System.out.println(e.getMessage()); } } }
The Concept of a Proxy • A proxyis a machine that brokersthe communication between two other machines • Only one machine in the school is connected to the internet: the web proxy • Test this by typing “What is my ip” in Google. You will get the same answer whatever school computer you use • When you request a web page, you in fact ask the proxy, and the proxy gets it from the web and gives it to you • Hence it can checkyou are not going to dodgy websites • A web proxy reduces the need for internet connections and allows securityfeatures, e.g. virus checking and content filtering, to be centralisedfor all users Supplementary material. Does not appear in the syllabus content.
The Role of Providers • Provider: Usually short for Internet Service Provider, a provider offers a number of internet-related services, such as: • access to the internet • email • website hosting • application/database hosting • There are different sizes of ISP and small ISPs will have their own, larger ISPs who provide them with services. • The biggest ISPs, who don't need their own ISP, are called Tier 1 Providers. • Providers offer different ways to connect to the internet depending on your speed and bandwidth requirements. • For remote customers, or customers where there is limited telephone system coverage, access may be offered by satellite. Dial-up ISDN ADSL T1 Gigabit Ethernet Fibre Optic Slow ----------------------- Medium ---------------------------- Fast Supplementary material. Does not appear in the syllabus content.
Data transmission • Directions • Simplex: One-way, e.g. a radio broadcast • Half-duplex: Two-way, but not at the same time, e.g. walkie-talkie • Full-duplex: Two-way, and at the same time, e.g. telephone • Speed measure in bps (bits per second) not Bps (bytes per second) • Dial-up is slow at around 56 kbps • Broadband is faster – currently up to around 10 mbps • WiFi is wireless broadband but fairly short range • WiMax (Worldwide Interoperability for Microwave Access) is higher bandwidth and longer range wireless • Nice article here: Wikipedia – Internet Access
ADSL • Asymmetric Digital Subscriber Line • Asymmetric because you can download much faster than you can upload • Carried over a normal telephone line but at such high frequencies that it is separable from voice • Hence ADSL can be used at the same time as voice, unlike a dial-up connect, which hogs the line • It uses the POTS (Plain Old Telephone System) to carry a digital signal, unlike an dial-up modem, which is analogue • So it's a myth that the telephone system is analogue – it can carry analogue (voice) and digital (data) at the same time, just like the TV signal, which used to be analogue and is now digital • Analogue signals are created by smoothly varying voltages; digital signals are created by abrupt step-changes in voltage. Same medium, different signals.
Packet Switching vs Circuit Switching A data packet is a formatted unit of data carried on a packet-switched network. It comprises control information (header) and payload. The header contains information about the payload, such as length, destination address. The payload is the data that is to be sent. Packet switched communication • Data broken into small packets (e.g. 64kb maximum for IP) • Packets may take totally different routes to their destination • Packets reassembled and sequenced at destination into coherent data • Example: Internet Circuit switched communication • Dedicated channel established between both parties • Data sent in one go, in order, and received likewise • Example: Landline telephone connection
Advantages of Packet Switching • Full use of available bandwidth.In a telephone call (circuit switched) even if both parties are saying nothing, the channel is still established and nobody else can use the available bandwidth. With packet switching, the instant my data has been sent, the bandwidth is free to be used by other parties. (Imagine chatting on Facebook: It may seem like messages are going backwards and forwards constantly, but in fact your computer is spending 99.9% of its time waiting for you to finish typing, and only 0.1% of it's time actually sending your messages.) • More secure, because it's difficult to intercept packets that are taking different routes across the network. • Devices of different speeds can communicate easily.In circuit-switched networks both parties have to agree to communicate at the speed of the slower party. • Resilient to communications hardware failure. If one channel goes down, packets will just take a different route. In circuit-switched networks, loss of a channel can mean no communication is possible at all. • Nice link here.
What does this mean? • 0101010001101000011001010010000001110001011101010110100101100011011010110010000001100010011100100110111101110111011011100010000001100110011011110111100000100000011010100111010101101101011100000111001100100000011011110111011001100101011100100010000001110100011010000110010100100000011011000110000101111010011110010010000001100100011011110110011100101110
Protocols • Protocol:An internationally agreed set of rules to ensure transfer of data between devices. A standardprotocol is one that is recognized as the standard for a specific type of transfer. • Data is just a huge sequence of 1's and 0's – a protocol is an agreed way of deciding what it all means • For example, the first 32 bits might encode the address of the sender, the next 32 bits encode the address of the receiver, etc • Examples are: • HTTP(Hypertext Transfer Protocol): for sending and receiving web pages • TCP(Transmission Control Protocol): for making sure that data packets get received and sequenced properly • IP(Internet Protocol): for making sure that data sent across a network gets to the right host (computer) • SMTP (Simple Message Transfer Protocol): for sending email
Causing a Protocol Error • ASCIIis an example of an extremely simple protocol • Bits are interpreted in groups of 8 and each group corresponds to a character, e.g. 01000001 = “A” and 00111111 = “?” • A protocol error occurs when the receiver interprets data using the wrong protocol and ends up with total nonsense • You are now ready to cause your own protocol error: • Open up Windows notepad • Choose File, Open (select All Files) • Open up an image file (gif, jpeg, png, etc) • Notepad will dutifully interpret the file as text, and you will end up with meaningless junk • This is essentially a protocol error
Advantages of Protocols • Data integrity: Some protocols can detect packet loss and request that a lost packet be resent. They also have sequence numbers so that packets can be reordered if they arrive in the wrong order. • Flow control: One host on a network might be able to send data much faster than another one can receive it. Some protocols can establish a common data transmission speed between hosts to avoid this problem. • Deadlock: This occurs when all hosts are waiting to receive data before they can continue sending. Hence nothing happens and they just sit there waiting. Some protocols have timers that can detect and prevent deadlock situations. • Congestion: Some protocols can detect network congestion and reduce their data transmission rate to protect the network from collapse. • Error checking: Some protocols use some sort of checksum field to detect errors. The checksum contains information about the payload data, such as "how many 1's there are". The receiver performs the same calculation on the received data and so can detect if there has been an error in transmission. (In practice error-checking can be very much more complicated than this!)
Handshaking Supplementary material. Does not appear in the syllabus content. • Handshaking (old IB definition): The exchange of predetermined signals when a connection is established between two devices or components. • The process of by which two devices on a network agree upon which protocol they are going to use for their communication. • A good example is dial-up modems, which have to decide what rate data will be sent at, what checks will be done, etc. Have you ever heard the “squealing” an acoustic modem makes when it first connects? That is in fact the handshaking procedure. • Another example is when you reset your Broadband router at home. The lights slowly come on one-by-one and flash and blink before they finally settle down. That's the handshaking procedure.
Network Security • Usernamesidentify, passwordsauthenticate • Other authenticationmethods: fingerprints, retinal scan • Access control: read, write, delete, etc – different user types with different privileges. • Encryptionprotects data from unauthorised access, but it doesn't stop it from being deleted. • Antivirussoftware is designed to detect and prevent infection by computer viruses. It is generally used a the point of entry/exit to a network (a "gateway"), but periodic scans of local files are also desirable. • Back-up is the process of making an extra copy of data in case it gets deleted or corrupted. Although it makes it less likely that data will be lost, it actually makes it more likely that private data will be subject to unauthorised access. Back-ups should normally be stored off-site or away from the original media so that, say, a fire doesn't destroy both the original and the back-up. • Firewallscontrol what traffic is allowed into and out of a network. They can do this on the basis of source/destination address, port number, or data contents. • Physicalmeasures, e.g. alarms, cameras, walls, doors, locks. Wireless networks are dangerous precisely because attackers can sidestep physical security measures.
Do not try this at home. You will go to prison. Basic types of hacking attack • Denial of Service: An attack designed to overload a server. A basic technique would be to write a program that makes hundreds of requests to a particular site every second. • Man-in-the-Middle: An attack in which an undetected third party intercepts communications between two people. See next slide • Phishing: Generally this is done by creating a mock-up of a web page (eg a bank login page) and providing a hyperlink that looks like it goes to the correct site, but really goes to the mock-up site. The html is simple: • <a href="http://178.45.2.203/login.php">http://www.hsbc.com</a> • Trojan Horse: This is a malicious program designed to look like a trusted program. You enter data thinking it is the trusted program and it sends your details to the hacker. • Spoofing: This is the name given to faking your identity online, usually faking an email, IP or MAC address. • Spyware: This is software that runs undetected on your system and records your activity. A keylogger is an example.
Phishing example Link looks genuine But in fact this is where it takes you. If you click on this link you will find a fake page, complete with the bank's logo, and a login in prompt. If you are stupid enough to enter your password, it will be sent straight to the hackers and your bank account will be emptied.
How a man-in-the-middle attack works Mallory Bob Alice Hi Bob, it's Alice. Give me your key… Mallory Bob Alice Hi Bob, it's Alice. Give me your key… Mallory Bob Alice Bob's key Mallory Bob Alice Mallory's key Mallory Bob Alice Data encrypted with Mallory's key Mallory Bob Alice Data encrypted with Bob's key Note that Alice and Bob think they are talking to each other. They have no idea that their communication is being intercepted. Note also that Mallory has to get in on the key exchange. If he arrives after the key exchange he is too late.
Encryption: The basic concept Ciphertext Plaintext Sender The quick brown fox… *!F@G(DW*%$P&... Encryption Network Recipient *!F@G(DW*%$P&... The quick brown fox… Decryption Ciphertext Plaintext
Encryption algorithms • There are hundreds of ways of encrypting text. • Some are very simple and easy to break. e.g. a simple Caesar cipher: Every A becomes a B, every B becomes a C, … every Z becomes an A. • Modern techniques conduct mathematical operations on the bits of the plaintext in order to create the ciphertext. They use large numbers called encryption keys to encipher and decipher. • There are three main types of encryption: • Hashing: One-way encryption. Once text is encrypted, it cannot be decrypted. Think: What could this be useful for? • Symmetric key encryption: The same key is used to encrypt and decrypt data. Think: What are the challenges with this method? • Asymmetric key encryption: One key is used to encrypt data, another is used to decrypt it. Think: What are the advantages of this method? (Hint: it is also known as "public key" encryption.)
Hashing The hashing function turns any sequence of bits into a fixed-length number or "hash". Can you see why it can't be possible to get back from the hash to the plaintext? • It doesn't matter how long the plain text is, the hash is always the same length (here it's 256 bits) • What use can it be to have an encryption function that you can't decrypt?? Answer: I can store a hash of your password and compare it to the hash of the password you just entered. In this way I can know that you entered the correct password, without every having to know your password. • You can tell that software is genuine using the same idea. This could be anything. A password, an executable file, etc. Hashing algorithm D377C900F1FEA462
Symmetric Key Encryption • Same key used to encrypt and decrypt data • As long as keys are truly private, then this method is extremely secure. • Big problem: Key exchange. How do we get to the situation where we both have the same key? You can't just email it!
Asymmetric Key Encryption • I have two keys, a publickey and a privatekey • Data is encrypted using the public key, and decrypted using the private key • No key exchange problem! I can email my public key. • I must never give anyone my private key though. You can think of the public key as an open padlock that only you have the key for. Anyone can lock something for you, but no-one can then open it except you. Here is a nice clip with some hilarious animations that made me laugh out loud. http://www.youtube.com/watch?v=M7kEpw1tn50 Note that he public key cannot decrypt data that it was used to encrypt. This is not the same proposition as with hashing though, because the data is encryptable at some level. How does this work then? Well, imagine you have a very large number N that has only two (very large) prime factors, p1 and p2. It turns out that it is prohibitively difficult to find out what those two prime factors are if you only know N. However, if you have N and one of its factors, it is extremely easy to find out what the other factor is. So N is like the public key. I can send it out all over the place, confident that no-one can ever factorise it. Meanwhile, p1 is like the private key, that I can use to find out p2. This is not exactly how the mathematics works in asymmetric key encryption but the difficulty of factoring N is crucial, as is something called Fermat's little theorem.
MAC Addresses • A MAC (Media Access Control) address is a code number attached to a network card • Network software uses MAC addresses to route packets of data • Sometimes MAC addresses are used to identify legitimate users • ISM uses MAC filtering like this. When you get your device registered for use on the network, it is your device's MAC address that they authorise. • MAC addresses can be sniffedfrom a network and spoofed, so on their own they are not strong security measures.
Data Transmission • Media • Metal wires: fluctuating electrical voltages • Fibre optic cable: visible light bouncing off the walls inside a cable • Wireless: electromagnetic spectrum, including radio, IR, wireless • Considerations when choosing alternatives: • Speed • Reliability • Cost • Security • Calculated in bits per second (bps) • Not Bps! (That would be Bytes per second.) • What is your data transfer rate if you 25MB in 1 minute and 40 seconds? • 25MB = 25 x 1000 x 1000 x 8 = 200 million bits • 1 minutes and 40 seconds is 100 seconds • So the data rate in bps is 200,000,000/100 = 2,000,000 bps or 2Mbps
Why network speeds vary • Bandwidth: The maximum theoretical data transmission speed that your network provider has allocated you. Eg You can get more internet bandwidth by paying your ISP more. Most LANs today run at 100Mbps or 1Gbps, depending on the available network hardware. • Transmission medium: Copper wire, fibre optic cable, wireless, satellite, all have different maximum speeds. • Length of line: All data travels at some speed less than the speed of light. Therefore the distance that data has to travel affects the time it takes. • Network traffic: This is a measure of how much data is being sent on the network. Networks can get congested just like roads. Malware and viruses can make unauthorised connections to other hosts and thereby increase network traffic. A denial-of-service (DoS) attack is deliberately designed to overload a portion of a network to stop it from functioning properly.
Data Compression • All compression methods seek to eliminate redundantbits in file encoding • Consider these two methods of encoding in binary a string of 127 zeroes: • 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 • 11111110 • This example is called “run-length encoding”. It is one of hundreds of different methods, most of which are highly mathematical. • Lossless: The file gets compressed but no data is lost. The original file can be re-created from the compressed version. • Lossy: The file gets compressed and some data is lost. The original file can never be re-created from the compressed version. • Lossy compression rates are higher than lossless ones (of course) • Here's a Youtube video: http://www.youtube.com/watch?v=2Qo5prktYNQ
Virtual Private Networks • Watch the IT Guy's video (27 minutes) • Definition • (Basic) Technologies required • Things to think about: • What are the social and ethical effects of VPN use? • Concept questions: • To what extent is the school network a private network? What makes it private? What makes it open? • To what extent to VPNs prevent data from being intercepted during transmission? • Critical evaluation: • Watch the CyberGhost VPN advert (2 minutes) • Critically evaluate CyberGhost's offering. Do you believe their promises? Why might they not be able to provide the level of freedom and security that they offer?
VPN answers • A virtual private network is a connection between hosts that uses the public internet to send encrypted information. Because the information is encrypted, the hosts can be considered to be on a private network, even though they are connecting through a public communication medium. • Technologies: • Internet connection (router, ISP), encryption • Social and ethical effects: • People can work from home • Governments have less control • Could support illicit or morally objectionable activities • Concept questions: • The school network is a private network to the extent that it uses wired technology and has walls, doors and security guards to physically restrict access. Someone passing on the street would have to get into the school and plug their computer into a network socket to try to hack the system. However, the school uses wifi, which could be accessible from the road outside the school, so a potential hacker could situate themselves there. Also, the school makes some server content available through the public internet. In order for this information to be considered private, the school must use adequate security measures, such as usernames (identification), passwords (authentication) and encryption. • Because VPNs use the public internet, there is nothing to stop hackers from intercepting the IP packets being sent and received. However, the contents of the packets is encrypted, and assuming the encryption is strong enough, the hacker would not be able to read the contents of the communication. Thus the communication could potentially be disrupted if the packets could not find an alternative route, but the information itself is secure. • CyberGhost video: • In some countries, the sending and receiving of encrypted data is illegal, and so by using CyberGhost's software you could be acting against the law. • Some traffic will go via CyberGhost's servers. How do you know CyberGhost themselves can be trusted with your information? • CyberGhost are American. US companies are under increasing pressure from legislation like the Patriot Act, to release information on demand to the American security agencies. This could include records of what you have been doing online.
The OSI Model Dear Mr Tulsiani, On Friday, December 6th there will be a seminar about energy in the AMR from 3:15 to 4:45. There will be two guest speakers, one from ADB and the other from WWF, to give inside on how they reduce the use of energy within their company. This seminar will allow ISM to try and come up with new strategies to reduce of our overall energy consumption through different activities. All students are invited and we hope to see you there, Eco Council
The OSI Model Dear Mr Tulsiani, On Friday, December 6th there will be a seminar about energy in the AMR from 3:15 to 4:45. There will be two guest speakers, one from ADB and the other from WWF, to give inside on how they reduce the use of energy within their company. This seminar will allow ISM to try and come up with new strategies to reduce of our overall energy consumption through different activities. All students are invited and we hope to see you there, Eco Council
The OSI Model Rohan Tulsiani
The OSI Model Rohan Tulsiani
The OSI Model Rohan Tulsiani
The OSI Model Room 1082
The OSI Model Room 1082
The OSI Model High School Room 1082
The OSI Model High School
The OSI Model High School
The OSI Model International School Manila High School