1 / 23

Networking and security

Networking and security. Teaching material accompanying chapter 2.1, 2.2 and 2.3 of Enterprise Knowledge Infrastructures. Classification of networks. physical – according to the medium used (fiber, copper, radio, light) structural - according to the topology (ring, bus, star)

chalondra-naiser
Download Presentation

Networking and security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Networking and security Teaching material accompanying chapter 2.1, 2.2 and 2.3 of Enterprise Knowledge Infrastructures

  2. Classification of networks • physical – according to the medium used (fiber, copper, radio, light) • structural - according to the topology (ring, bus, star) • geographic - according to the reach (PAN, LAN, MAN, WAN) • organizational - according to the network owner: public vs. private (Internet, company networks, value added networks) • user driven - according to the user group: Intranet, Extranet, Internet • conceptual - according to the transmission algorithms (ATM, Token Ring, Ethernet) • functional - according to the function/target group: end-user - front-end, server - back-end, network – backbone • performance – according to bandwidth: low (e.g., up to 1 MBit/s), medium (e.g., up to 1 GBit/s), high speed (e.g., > 1 GBit/s) source: Maier, Hädrich, Peinl: Enterprise Knowledge Infrastructures, p. 84

  3. Network topologies I • Peer-to-peer networks: there are separate transmission ways between data stations; single network nodes receive messages and forward them in case that they are not the final recipient • star network • loop network • tree network • mesh network source: Maier, Hädrich, Peinl: Enterprise Knowledge Infrastructures, p. 87

  4. Network topologies II • Broadcast networks: all nodes are connected to the same physical transmission medium. Each node has access to every message • bus network • ring network source: Maier, Hädrich, Peinl: Enterprise Knowledge Infrastructures, p. 86

  5. Network classes personal area network (PAN) local area network (LAN) metropolitan area network (MAN) wide area network (WAN) the Internet source: Maier, Hädrich, Peinl: Enterprise Knowledge Infrastructures, p. 87

  6. ISO OSI layered architecture source: Maier, Hädrich, Peinl: Enterprise Knowledge Infrastructures, p. 89

  7. Overview of network standards source: Maier, Hädrich, Peinl: Enterprise Knowledge Infrastructures, p. 91

  8. Classification of transmission protocols source: Maier, Hädrich, Peinl: Enterprise Knowledge Infrastructures, p. 99

  9. Concrete network protocols and the OSI model source: Maier, Hädrich, Peinl: Enterprise Knowledge Infrastructures, p. 120

  10. Network packets • A Packet consists of payload and header • Every layer adds an additional header • A packet on a higher layer becomes the payload on the next lower layer source: Maier, Hädrich, Peinl: Enterprise Knowledge Infrastructures, p. 104

  11. Internet layer • IP protocol (IPv4) • IP address = world-wide unique address to identify a network participant (at least unique for public IP addresses) • Length: 32 Bit (4 octets) • Network classes • finer partition with a subnet mask possible since 1985 • reserved addresses for private use: • 0.0.0.0 - 10.255.255.255 (10 class A network ranges) • 172.16.0.0 - 172.31.255.255 (16 class B network ranges) • 192.168.0.0 - 192.168.255.255 (256 class C network ranges) • localhost 127.0.0.1 01000101 00011000 00000011 00010001 binary decimal 141 48 3 17 network mask 255.0.0.0 255.255.0.0 255.255.255.0 possible hosts 16,7 million 65.536 256 Class A 63 48 3 17 Class B 137 48 140 19 Class C 223 150 7 170 network address host address

  12. Address translation • logical address (DNS): e.g., www.wiwi.uni-halle.de • Internet address (IP): e.g., 141.48.204.242 • physical address (MAC): e.g., 00-00-39-4C-46-C9 DNS ARP MAC = Media Access Control, unique identification of a network card consists of 24 Bit manufacturer number and 24 Bit serial number e.g., 08-00-20-AE-FD-7E (or 080020AEFD7E)

  13. Demarcation between Internet, Intranet and Extranet DMZ = DeMilitarized Zone PSTN = Public Switched Telephone Network source: Maier, Hädrich, Peinl: Enterprise Knowledge Infrastructures, p. 120

  14. Requirements for secure communication • confidentialityMessage is not accessible for third persons • authenticitySender of a message is uniquely identifiable • integrityMessage has not been changed on its way to the receiver • liabilitySender cannot deny authorship of the message,receiver cannot deny receipt of the message

  15. Potential security threats • Data loss: important data was intentionally deleted or lost by accident • Data manipulation: intentionally falsifying documents, e.g., balance sheets or software code • Unauthorized access: business secrets get into the hands of third parties • Abuse of ressources: hard- or software of a company gets used for improper purposes, e.g., using the company Internet access to download private music files • Downtime: infrastructural services that are needed permanently are not available so that financial (e.g., by loosing productive work time) or image damage occurs (e.g., through unavailability of the Web site) • Concrete attacks: e.g., denial-of-service, viruses, spam source: Maier, Hädrich, Peinl: Enterprise Knowledge Infrastructures, p. 127ff

  16. Conceptual comparison of PPTP and IP Sec source: Maier, Hädrich, Peinl: Enterprise Knowledge Infrastructures, p. 133ff

  17. Example of asymmetric encryption Alice (sender) Bob (receiver) message is unchanged and sent by Alice message message signature private key Alice comparison public key Alice message message decryption encryption private key Bob public key Bob transmission insecure transmission channel 0&§(1§/=1 0&§(1§/=1

  18. Example: tasks of a certification authority (CA) revocation list - …………. - …………. certification authority 1 apply for a certificate 8 verify certificate 2 issue certificate Bob (receiver) Alice (sender) 3a put private key into a safe place (key store) 3b put public key on home page certificate is valid and not revoked 6 download certificate HP message is unchanged and sent by Alice 7 verify signature 4 write and sign the message 5 send message

  19. Message- and channel-encryption • To guarantee secure transmission of a message either the message itself or the transmission channel can be encrypted • Message encryption with PGP: • Pretty Good Privacy (PGP) is a software program used to encrypt emails • Since emails are transmitted over several relay stations without establishing an end-to-end connection from sender to receiver only message encryption is applicable • An asymmetric encryption algorithm is used • Channel encryption with SSL: • Secure Sockets Layer (SSL) is used to encrypt e.g., HTTP connections (HTTP + SSL = HTTPS) • HTTPS is used widely in the Internet to secure transaction for online banking and online shopping

  20. Abbreviations A-H • AES: Advanced Encryption Standard • ARP: Address Resolution Protocol • ATM: Asynchronous Transfer Mode • BAN: Body Area Network • DES: Data Encryption Standard • DHCP: Dynamic Host Configuration Protocol • DNS: Domain Name System • DSL: Digital Subscriber Line (symmetric SDSL or asymmetric ADSL) • FDDI: Fiber Distributed Data Interface • FTP: File Transport Protocol • HTML: Hypertext Markup Language • HTTP: Hypertext Transport Protocol

  21. Abbreviations I-N • IMAP: Interactive Mail Access Protocol • IP: Internet Protocol • IPX: Internetwork Packet Exchange • IrDA: Infrared Data Association • ISDN: Integrated Service Digital Network • ISO: International Standardization Organization • LDAP: Lightweight Directory Access Protocol • LPD: Line Printer Demon (UNIX) • MAC: Media Access Control (-Address) • NAT: Network Address Translation • NetBEUI: NetBIOS Extended User Interface • NetBIOS: Network Basic Input/Output System • NIC: Network Interface Card • NLSP: NetWare Link Services Protocol (NW Link) • NNTP: Network News Transfer Protocol

  22. Abbreviations O-S • OSI: Open Systems Interconnection • OSPF: Open Shortest Path First Protocol • PAN: Personal Area Network • POP3: Post Office Protocol version 3 • PPP: Point-to-Point Protocol • PPTP: Point-to-Point Tunneling Protocol • RIP: Routing Information Protocol • RSA: Encryption developed by Rivest, Shamir and Adleman • SGML: Standard Generalized Markup Language • (s)sh: (secure) shell • SMB: Server Message Blocks • SMTP: Simple Mail Transport Protocol • SNMP: Simple Network Management Protocol • SPX: Sequenced Packet Exchange • SSL: Secure Socket Layer

  23. Abbreviations T-Z • TCP: Transport Control Protocol • UDP: User Datagram Protocol • USB: Universal Serial Bus • URL: Uniform Resource Locator • WEP: Wireless Encryption Protocol (for WLAN) • WPA: Wi-Fi Protected Access • WLAN: Wireless LAN • WML: Wireless Markup Language • XML: eXtensible Markup Language

More Related